Privacy policy.

CivicAI Privacy and Security Policy

Effective Date: November 2025 


This privacy and security policy (“Policy”) discloses the privacy practices for CivicAI. This policy applies to all CivicAI products and services, including but not limited to Staff Report Writer, Grant Report Writer, and any future CivicAI modules (collectively, the “Platform”).


Purpose

CivicAI is the first AI-native operating system for local government. This Policy describes how CivicAI safeguards municipal data, ensures compliance with policies, and maintains reliable operation while supporting efficient city workflows.


Definitions

For the purposes of this policy:

  • City Data: Any information, documents, or inputs provided by a municipal government or its staff to the Platform, including but not limited to budget materials, ordinances, resolutions, and staff reports.

  • User: An authorized employee, contractor, or agent of a municipal government who interacts with the Platform.

  • Platform: All CivicAI products and services, including Staff Report Writer, Grant Report Writer, and any future modules.

  • Proprietary CivicAI Model: The AI model underlying the Platform, trained exclusively on certified municipal data and not updated using live city data.

  • No-Train Guarantee: CivicAI’s contractual assurance that city inputs and outputs are not used to train or improve the underlying AI model.

  • Subprocessor: Any third-party service provider engaged by CivicAI to process City Data. 

Privacy

CivicAI is built from the ground up for government compliance and accountability. We operate within a secure, closed environment that ensures all City Data remains confidential, segregated, and under the control of the municipal client. 


CivicAI provides a legally binding No-Train Guarantee: all prompts, documents, and generated content are excluded from any model training or product improvement processes. The Platform’s architecture and governance model are purpose-built to meet the privacy, security, and data residency requirements of public-sector clients.


Data Handling and Processing

CivicAI collects and processes only the minimum data required to provide requested services. All data inputs and outputs are used solely for the purpose of generating draft materials or reports for the municipal government that provided them. CivicAI does not use City Data for analytics, marketing, or external benchmarking.


Data entered into the Platform is processed in real time and retained in accordance with the city’s contract and applicable public record laws. All data is encrypted both in transit and at rest using industry-standard encryption protocols. CivicAI maintains a strict separation between each client environment to ensure that no data is ever shared across jurisdictions or with unauthorized users.


In addition to City Data, CivicAI collects limited User account information necessary for authentication and Platform operation, including:


  • Email addresses and user names

  • Login timestamps and session data

  • Usage metrics (e.g., number of documents generated, features accessed)

  • IP addresses for security monitoring


This User account information is collected solely for the purpose of:

  • Providing and maintaining the Platform

  • Ensuring security and preventing unauthorized access

  • Providing technical support

  • Complying with legal obligations


User account information is treated with the same confidentiality and security standards as City Data and is never sold, rented, or shared with third parties except as required to provide the Platform services or as required by law.


Third-Party Services and Subprocessors

CivicAI engages third-party subprocessors to provide infrastructure, AI model capabilities, and related services. Current subprocessors include:


  • Google Cloud Platform

  • Google Gemini


All subprocessors are:

  • Bound by data protection agreements substantially similar to this Policy

  • Subject to regular security and compliance reviews

  • Required to maintain appropriate security measures


An up-to-date list of subprocessors is available upon request. CivicAI will provide at least thirty (30) days' notice before engaging new material subprocessors that will process City Data.


Cookies and Tracking Technologies

The Platform uses essential cookies and similar technologies necessary for authentication, session management, and security. CivicAI does not use third-party advertising cookies or tracking technologies for marketing purposes. Users may configure their browser settings to manage cookies, though disabling essential cookies may impact Platform functionality.


Data Residency, Retention, and Ownership

All City Data is stored in secure, dedicated cloud environments that comply with public-sector data residency and sovereignty requirements. Data remains the sole property of the municipal government that provides it. CivicAI does not claim ownership of any City Data or derivative works generated through the Platform. 

Upon termination of service, CivicAI will retain City Data for ninety (90) days to allow for data retrieval or transition. After this period, or upon the City's earlier written request, CivicAI will securely delete all City Data from production systems. Encrypted backups may be retained for an additional ninety (90) days for disaster recovery purposes, after which all backups will be permanently destroyed. CivicAI will provide written certification of data deletion upon request.


Retention and deletion of data are otherwise governed by municipal agreement terms and relevant state or local regulations.


Access Control and Authentication

Access to CivicAI products is limited to authorized users authenticated through secure, multi-layered protocols such as OAuth, JWT tokens, and integrated identity management systems. Role-based access controls ensure users may only access the data and features necessary for their roles. The Platform maintains comprehensive administrative logs and audit trails to support municipal governance, public record obligations, and compliance monitoring.


Reliability, Policy Adherence, and Human Oversight

CivicAI’s Proprietary Model is trained exclusively on certified, vetted municipal documents, ensuring outputs are factual, policy-aligned, and reliable. The Platform’s design prevents hallucination and bias by restricting model training to official, verifiable data sources. All AI-generated materials are produced as drafts that require human review and authorization before being finalized or distributed. This “human-in-the-loop” safeguard ensures municipal staff remain the final decision-makers in every use case.


Compliance, Governance, and Auditing

CivicAI aligns with recognized public-sector standards for data security, privacy, and governance. The Platform’s enterprise architecture supports internal oversight and compliance functions, including auditing, logging, and access review capabilities.


Incident Response and Notification

CivicAI maintains a comprehensive incident response protocol to address potential privacy or security breaches. In the event of a confirmed incident, CivicAI will notify affected municipal clients within seventy-two (72) hours of discovery in accordance with applicable laws and contractual obligations. A post-incident review will be conducted to identify root causes, implement corrective measures, and prevent future occurrences.


User Responsibilities

Authorized users share responsibility for maintaining the security of City Data. Users must protect login credentials, adhere to municipal IT security policies, and promptly report any suspected unauthorized access or data incidents. Users are also responsible for reviewing and verifying the accuracy and appropriateness of any AI-generated draft materials prior to their official use or publication.


Policy Updates and Contact

CivicAI may update this Privacy & Security Policy periodically to reflect changes in practices, applicable laws, or system capabilities. Material updates will be communicated to municipal clients at least thirty (30) days prior to taking effect. Continued use of the Platform following notice of changes constitutes acceptance of the updated Policy.


Questions or requests for additional information regarding this policy may be directed to: jackie@civicai.studio