CivilianCIVILIAN

Privacy Policy

Last updated: June 14, 2026

Civilian is a civic-information service operated by Civilian. This Privacy Policy explains what information we collect, how we use it, who processes it on our behalf, and the choices you have. We aim to keep this short and specific.

1. Information We Collect

Account information: Email address and password (passwords are hashed; we never store the plaintext) when you create an account. Your first name (and optionally last name) when you provide them.

Location information: The state, ZIP code, city, and county you provide during onboarding so we can find your federal, state, and local representatives. Optionally, your street address and apartment/unit number if you choose to provide them — this is used solely to look up your exact ballot (precise races and measures for your precinct) via the Google Civic Information API; you can leave it blank.

Civic & demographic profile: Optional fields you choose to provide during onboarding or in your profile settings — age range, household size and composition, dependents, housing status and cost, employment status and industry, income range, education level, veteran status, insurance type, transportation mode, voting status, and party registration. Every one of these fields is optional; nothing is required beyond the location fields needed to find your representatives.

Free-form "About me": If you choose to write a short description of your situation, we send that text to the Anthropic Claude API (see Section 4) to extract structured facts that improve personalization. The original text and the extracted facts are stored with your profile.

Subscription & purchase information: Whether you have an active subscription, the subscription tier, period dates, and (for web subscribers) a Stripe customer ID. We never receive your credit-card or payment-method details — those go directly to Stripe (web) or Apple's StoreKit / RevenueCat (mobile).

Product interaction: Story ratings (thumbs up/down) you give and the reasons you select, briefing generation events, and other significant in-app actions. This is recorded both in our own database and in PostHog (see Section 4) using your user ID.

Search queries: Search terms you type into the in-app search bar are processed server-side and may be retained in our event logs along with your user ID.

Diagnostic data: When the mobile app encounters a JavaScript error, we send the error message, stack trace, the route you were on, your app version, build number, operating system version, and your user ID to our own backend so we can diagnose and fix the issue. We do not collect native crash dumps and we do not use a third-party crash-reporting SDK.

Push tokens: When you grant notification permission, we receive a push token (Expo Push Token on iOS/Android, or APNs token for iOS Live Activities) so we can deliver notifications you've opted into.

Device metadata: Your platform (iOS/Android), operating system version, app version, build number, and time zone are included with push token registration and error reports.

2. How We Use Your Information

We use your information to:

  • Find your representatives at every level of government and the policies on your ballot
  • Generate personalized briefings, story-impact analysis, and "why this matters to you" summaries
  • Rank the stories, bills, and races shown in your feed
  • Process subscription payments and manage your subscription state
  • Send push notifications about bills, votes, and elections that affect you (only if you've opted in)
  • Detect, diagnose, and fix bugs and reliability issues
  • Measure product usage in aggregate so we can improve the service

We do not use your information to target advertising. Civilian does not run ads.

3. Third-Party Service Providers

We rely on a small number of third parties to operate Civilian. Each one receives only the data described, only for the stated purpose, and is contractually bound to use it accordingly.

  • Anthropic (Claude API) — receives your profile fields (first name, city, county, state, employment status, housing status, income range, dependents count) and your free-form "about me" text, together with the day's news context, to generate your personalized briefing and extract structured facts from "about me". Anthropic does not use API inputs to train its models by default.
  • OpenAI (Text-to-Speech API) — receives the text of briefings you choose to listen to so it can synthesize audio. OpenAI does not retain or train on TTS inputs.
  • Stripe — processes web subscription payments. Stripe receives your email and our internal user ID; your payment card details go directly to Stripe and never touch our servers.
  • RevenueCat — processes iOS in-app subscription events. RevenueCat receives our internal user ID and your subscription entitlement state; payment details are handled by Apple and never touch our servers.
  • Apple (App Store) and Google (Google Play) — process mobile in-app purchases per their own terms and privacy policies.
  • Google (Civic Information API) — receives your address or ZIP so we can return the exact contests on your ballot. Your address is sent without our internal user ID; Google treats it under its standard API privacy terms.
  • PostHog — receives product-analytics events keyed by our internal user ID (event name + properties such as which feed you opened or whether you generated a briefing). Used to improve the product. Hosted in PostHog's US Cloud.
  • Expo Push Service — relays push notifications to Apple's APNs and Google's FCM. Receives the push token and the notification payload.
  • Railway and Vercel — host our backend, web frontend, and database. Subject to standard SOC 2 / GDPR data-processing terms.

We also read from public APIs (FEC, Congress.gov, OpenSecrets, Polymarket, Wikipedia, YouTube) to fetch publicly available civic data. We do not send your personal information to these public APIs.

4. Information We Do NOT Collect

  • We do not collect continuous location (GPS), only the one-time location fields you provide during onboarding
  • We do not access your device contacts, photos, microphone, camera, calendar, or device file system
  • We do not collect your voting history or how you intend to vote
  • We do not collect Apple's IDFA or Google's Advertising ID, and we do not request App Tracking Transparency permission
  • We do not share your data with data brokers, advertisers, or any third party for targeted advertising
  • We do not sell your personal information

5. Data Security

All connections between the app and our backend use HTTPS with TLS 1.2 or higher. Authentication tokens are stored using platform-native secure storage (iOS Keychain via expo-secure-store). Profile and event data live in PostgreSQL with encryption at rest provided by our hosting provider. Passwords are hashed with bcrypt; we never store plaintext passwords.

6. Data Retention

We retain your account and profile data for as long as your account is active. You can permanently delete your account at any time directly from the mobile app (Account → Delete account) or from civilianos.com (Account settings → Delete account); deletion is irreversible and cascades through profile, briefings, subscription records, push tokens, error reports, and analytics events tied to your user ID. Diagnostic data and analytics events older than 90 days are routinely purged from our systems and from PostHog.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and all data tied to it
  • Export your data
  • Opt out of non-essential communications
  • Object to the processing of your data for direct marketing (we don't do this)

California residents have additional rights under the CCPA. EU and UK residents have additional rights under the GDPR. Contact privacy@civilianos.com to exercise any of these rights.

8. International Users

Civilian's servers are hosted in the United States. By using the service from outside the United States, you consent to the transfer of your data to the U.S. for the purposes described in this policy.

9. Children

Civilian is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@civilianos.com and we will delete it.

10. Changes

We may update this policy from time to time. Material changes will be announced via email or in-app notification at least seven days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

11. Contact

For privacy questions, data-access or deletion requests, or anything else, contact us at privacy@civilianos.com.