Privacy Policy
Effective Date: December 28, 2025 | Last Updated: December 28, 2025
1. Introduction
CiviPortal LLC ("CiviPortal," "we," "us," or "our") is committed to protecting privacy for (a) government users who administer a portal and (b) members of the public who browse public financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website and platform.
Contact: hello@civiportal.com
2. Information We Collect
2.1 Information Provided by Government Clients
- Public financial data you choose to publish (budgets, revenues, transactions, actuals)
- Department and vendor information (as part of published data)
- Portal configuration and branding assets (logos, images, copy)
- Administrator account info (name, email address, role)
2.2 Information Collected Automatically
- Log data (IP address, user agent, timestamp, requested pages)
- Basic usage analytics (pages viewed, aggregate feature usage)
- Device and browser information (OS, device type, browser type)
2.3 Information from Citizens (Public Users)
- We do not require citizens to create accounts to view public financial data.
- We do not intentionally collect personal information from public users beyond standard web logs/analytics used for security and performance.
3. How We Use Information
We use information to:
- Provide and maintain the CiviPortal platform
- Enable government clients to publish financial transparency data
- Authenticate and authorize administrative users
- Operate support, troubleshooting, and platform improvements
- Detect, prevent, and respond to security incidents or abuse
- Comply with legal obligations
4. Data Sharing and Disclosure
4.1 We Do Not Sell Personal Data
CiviPortal does not sell, rent, or trade personal information.
4.2 Service Providers (Subprocessors)
We use trusted vendors to host and operate the service. These providers may process limited information on our behalf solely to provide infrastructure and operational support.
| Provider | Purpose | Security/Compliance (Provider-level) |
|---|---|---|
| Vercel | Application hosting & delivery | Provider publishes third-party security/compliance reports (e.g., SOC 2) where applicable. |
| Supabase | Database and authentication services | Provider publishes third-party security/compliance reports (e.g., SOC 2) where applicable. |
| Cloudflare | DNS, caching, and security services | Provider publishes third-party security/compliance reports (e.g., SOC 2 / ISO) where applicable. |
We can provide an up-to-date subprocessors list upon request.
4.3 Legal Requirements
We may disclose information if required by law, court order, or valid government request.
5. Data Security
We implement security measures designed to protect information, including:
- Encryption in transit: HTTPS/TLS for web traffic.
- Encryption at rest: encrypted storage as provided by managed infrastructure and database services.
- Access controls: role-based administrative permissions and least-privilege design.
- Authentication: secure sign-in flows for administrative users (exact methods may vary by deployment configuration).
- Operational monitoring: logging and monitoring to help detect abuse and troubleshoot issues.
No system can be guaranteed 100% secure. We work continuously to improve protections as the product evolves.
6. Data Retention
Retention periods may vary by contract and operational needs. Typical retention patterns may include:
- Government client data: retained for the duration of the service agreement, plus a limited period after termination to support export or transition (if applicable).
- Administrator account data: retained while accounts remain active, or until deletion is requested (subject to legal/contract requirements).
- Log data: retained for a limited period for security and troubleshooting purposes.
7. Government Client Responsibilities
Government clients using CiviPortal are responsible for:
- Ensuring they have authority to publish the data they upload
- Accuracy and timeliness of uploaded information
- Managing admin accounts and role assignments
- Compliance with applicable public records and disclosure laws
8. Public Data Notice
Financial data displayed on CiviPortal is public information provided by government clients for civic transparency. Government clients should avoid uploading data that contains private citizen personally identifiable information unless legally required and intentionally disclosed.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
To exercise these rights, contact hello@civiportal.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will update the “Last Updated” date above and may notify government clients through reasonable channels.
11. Contact Us
CiviPortal LLC
Email: hello@civiportal.com
Website: https://civiportal.com