Privacy Policy

Civitas Tech, Inc. ("Civitas," "we," "us") is committed to protecting your privacy. This policy describes how we collect, use, and safeguard your information when you use the Civitas mobile application.

Our privacy architecture is designed so that we cannot link your voting behavior to your identity, even if our entire database were compromised. This is enforced by mathematics, not policy.

Account Information: When you create an account, we collect your email address and ZIP code. Your ZIP code is used solely to identify your congressional district and personalize your experience.

Identity Verification: To prevent duplicate voting, we use Persona, a third-party identity verification service. During verification, Persona temporarily processes your government-issued ID and a selfie. We never receive, store, or have access to your ID document, photo, or any biometric data. After verification, we instruct Persona to permanently delete all verification data from their servers.

What We Store from Verification: A one-way cryptographic hash (SHA-256) of your document number and date of birth. This hash cannot be reversed to recover your document number or date of birth. It exists solely to prevent the same government ID from verifying multiple accounts.

Voting Behavior: When you vote on constituent polls, your vote is recorded under an anonymous identifier that is mathematically unlinkable to your email address. We can see that "anonymous user X" voted on a bill. We cannot determine who anonymous user X is.

Your voting privacy is protected by a four-layer architecture:

1. Verification Hash: Your government ID details are hashed immediately in server memory and discarded. Only the irreversible hash is stored.
2. Persona Data Deletion: All biometric and document data is permanently deleted from Persona's servers immediately after verification.
3. Anonymous ID Hash: Your user profile stores only an irreversible hash of your anonymous voting identifier, never the identifier itself. Your votes are recorded under the plaintext identifier, which is never stored alongside your email or any identifying information. Because the only link between your profile and your votes exists as a one-way hash, your votes cannot be traced back to your email — even by us.
4. Server Log Hygiene: Your anonymous voting identifier is never written to server logs. We audit our codebase to ensure no logging path can reconstruct the link between your identity and your votes.

Even with full access to our own database, Civitas cannot:

• Connect any specific person to how they voted on any poll
• Connect an email address to a voting record
• Recover a government ID number from a stored hash
• Reconstruct biometric data after Persona deletion

These limitations are enforced by SHA-256 cryptographic hashing, which is mathematically irreversible. This is the same standard used by banks and governments to protect passwords and classified information.

You may delete your account at any time. When you do:

• Your user profile (email, preferences) is deleted immediately
• Your verification hash is retained for 7 days to prevent immediate re-verification (anti-spam), then permanently deleted
• Your anonymous votes remain in aggregate poll results but are permanently orphaned — they can never be traced to any person

• We do not collect your precise location (only ZIP code)
• We do not store biometric data
• We do not sell, share, or monetize your personal data
• We do not serve advertisements
• We do not use your data to build advertising profiles
• We do not share your data with political campaigns, parties, or PACs

We use the following third-party services:

• Persona — Identity verification. Data is deleted immediately after verification.
• Supabase — Database and authentication infrastructure.
• OpenAI — AI analysis of legislation and AI assistant responses. We do not send personally identifying information (your email, name, or identity) to OpenAI. Questions you type to the in-app AI assistant may be processed by OpenAI to generate a response.

Civitas aggregates publicly available government data from official sources including the U.S. Congress (congress.gov), the Federal Election Commission (fec.gov), the Senate Office of Public Records (lobbying disclosures), USASpending.gov, the Government Publishing Office (govinfo.gov), and state-level data from OpenStates and state election offices. All data displayed in Civitas is derived from public records.

Civitas is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will delete it immediately.

You have the right to access the personal information we hold about you, to request a copy of your data in a portable format, and to delete your account and associated personal data at any time. Account deletion is available directly in the App's settings. For data access or export requests, contact us at support@civitasapp.io. Depending on your jurisdiction, you may have additional rights under laws such as the GDPR (European Union) or CCPA (California); we honor these rights for all users regardless of location.

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

If you have questions about this privacy policy or our data practices, contact us at:

support@civitasapp.io

Civitas Tech, Inc.
Delaware C-Corp · File #10521676