Privacy Policy

Last updated: April 9, 2026

1. Data Controller

The data controller for this service is [Organization Name]. For questions about this policy or your personal data, contact us at [contact@example.com].

2. What Data We Collect

  • Account data: Email address, name (from Google/GitLab sign-in), profile information you provide.
  • Activity data: Issues you report, comments, votes, video submissions, karma transactions.
  • Video submission data: Video URLs you submit and AI-generated analysis results (transcriptions, classifications).
  • Technical data: Session cookies (functional, GDPR-exempt), CSRF tokens.

3. Why We Collect Data (Lawful Basis)

Purpose Lawful Basis
Account creation and authentication Consent (you sign up and agree to this policy)
Civic issue tracking and community features Legitimate interest (core service functionality)
AI analysis of submitted videos Consent (you explicitly consent before submitting)
Session management (cookies) Strictly necessary (GDPR-exempt functional cookies)

4. Third-Party Data Processors

We share certain data with the following third-party processors to provide our services. Each processor is bound by a data processing agreement.

Processor Purpose Data Sent Lawful Basis DPA
Google (OAuth) User authentication via Google Sign-In Email address, name, profile picture Consent (user initiates login) View
Google Gemini AI analysis of video submissions (vision, classification) Video frames, transcriptions, text content Consent (user submits video for analysis) View
Anthropic AI analysis of video submissions and text classification Video frames, transcriptions, text content Consent (user submits video for analysis) View
Zulip Team communication and notifications Issue titles, status updates, notification messages Legitimate interest (operational notifications) View
Bluesky Social media cross-posting of civic updates Issue titles, descriptions, status updates Legitimate interest (public awareness) View

5. Cookies

This application uses only strictly necessary cookies (session and CSRF tokens) which are exempt from GDPR consent requirements. We do not use analytics, advertising, or tracking cookies.

6. Data Retention

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Issue and activity data: Retained as part of the civic record. May be anonymized upon request.
  • Video analysis data: Retained as long as the associated video submission exists.

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability - receive your data in a structured format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact [contact@example.com].

8. Data Security

We protect your data using HTTPS encryption, secure session management, password hashing, and access controls. All external API communications use encrypted connections.

9. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated through the application. Continued use of the service constitutes acceptance of the updated policy.

Back to Home