civitar
← Back to civitar.org

Civitar Privacy Policy

Effective date: *To be set on execution.* Last updated: 2026-06-28


1. Who we are

Civitar is operated by Pinnalux LLC, a Delaware-registered limited liability company doing business as Civitar.

2. What this policy covers

This policy describes what information Civitar collects from you when you use civitar.org or any Civitar service, how we use it, who we share it with, how long we keep it, and the choices you have. It applies to all Civitar users — Free, Monitor, Institutional, and visitors who haven't created an account.

It does not cover:

3. What we collect

We intentionally collect as little as possible. The full set:

From you, when you sign up or use the service

From Stripe, when you pay

Automatically, when you visit

From institutional inquiries

4. What we do NOT collect or do

We want to be explicit about this:

5. How we use what we collect

We use your information only for these purposes:

We will never:

6. Who we share with (sub-processors)

We use a small set of vendors to operate Civitar. Each only sees the specific data needed to do its job:

Sub-processorWhat they seeWhyTheir privacy policy
Cloudflare (Workers, D1, R2, DNS)Email, saved sites, session data, IP / request metadata, server logsHosts the app; stores your account data; edge routingcloudflare.com/privacypolicy
StripeCard / billing data, emailProcess subscription payments & donationsstripe.com/privacy
ResendEmail address, message contentsSend transactional + sign-in emailsresend.com/legal/privacy-policy
TwilioPhone number, message contentsSend SMS alerts you opt into (Monitor; not active until SMS launches)twilio.com/legal/privacy-policy

We do not share with anyone else without your explicit consent, except as required by law (see Section 8).

7. How long we keep your data

You can request deletion at any time (see Section 9).

8. Legal disclosure

We will share your information when legally required — for example, in response to a valid subpoena, court order, or other lawful process. When permitted, we will notify you before disclosing your data unless prohibited by the legal request itself. We do not turn over data in response to informal law-enforcement requests without proper legal process.

We have not received any National Security Letters as of the Last updated date above. If that ever changes and we are not prohibited from saying so, this section will be updated.

9. Your rights

Regardless of where you live, Civitar gives every user these rights:

For users in California (CCPA)

California residents have additional specific rights under the California Consumer Privacy Act, including the right to know what we've collected, the right to delete, and the right to opt out of "sale" of personal information. Civitar does not sell personal information. Email privacy@civitar.org to exercise CCPA rights.

For users in the EU/UK/EEA (GDPR)

Civitar serves a primarily U.S. audience and does not currently target EU/UK/EEA residents for marketing. If you are an EU/UK/EEA user, you have all the rights described in Section 9 above, plus the right to lodge a complaint with your supervisory authority. The legal basis for our processing is contract performance (account services), consent (marketing emails), and legitimate interest (operating and securing the service).

10. Children's privacy

Civitar is intended for adults. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has created an account, please contact privacy@civitar.org and we will delete the account.

11. Security

We use reasonable technical and organizational measures to protect your data:

No security system is perfect. If you believe your account has been compromised, contact privacy@civitar.org immediately.

12. International data transfers

Civitar is operated from the United States on Cloudflare's infrastructure (Workers, D1, R2). Cloudflare runs a global edge network; your account data is held under our U.S.-based Cloudflare account and processed in the United States. If you access Civitar from outside the U.S., your data will be transferred to and processed in the U.S. By using Civitar, you consent to this transfer.

13. Changes to this policy

We will update this policy as we add features or as the law changes. The Last updated date at the top will reflect the most recent change. For material changes (changes in what we collect, who we share with, or how long we keep data), we will notify active users by email at least 30 days before the change takes effect.

The full revision history is available in the public Civitar source repository at github.com/civitar-community/civitar.

14. Contact

If you do not receive a response within 7 days, please follow up — your message may have been filtered.