Privacy policy

Civic Worth collects the minimum data needed to operate the Service:

• Account data: email address, password hash, subscription tier. Stored in Supabase Auth.
• Payment data: handled by Stripe. Civic Worth does not store credit-card numbers; we store the Stripe customer ID and the subscription / purchase metadata.
• Usage data: which addresses you searched, which reports you generated, which parcels you added to your watchlist. Used to operate the Service and to surface your purchase history on your account page.
• Server logs: requested URL, IP address, user-agent, response code, timestamp. Used for security, debugging, and rate limiting.

• We do not sell personal data to third parties.
• We do not use third-party advertising trackers. The only third-party scripts we load are Stripe (payment processing), Cloudflare Turnstile (bot protection), and our own application monitoring (Sentry, Axiom).
• We do not store credit-card numbers (Stripe handles those directly).

Your data is used to:

• Provide the Service (return civic data about parcels you search).
• Process payments and renewals.
• Send transactional emails (purchase receipts, watchlist digests, DSAR confirmations). Transactional email is sent via Brevo from notifications.civicworth.com.
• Detect and prevent abuse (rate limiting, fraud detection).

Your data is not used to train AI models. The Anthropic API is used to synthesize public-record data into the narrative sections of Civic Worth reports, but the inputs to the API are public-record data — not user-account data — and Anthropic's data-processing terms prohibit training on API inputs.

Civic Worth honors the following data-subject rights under CCPA, CPRA, VCDPA, CTDPA, CPA, UCPA, and OCPA (the seven state privacy laws Civic Worth currently operates under):

• Right to know. Request a copy of the data we hold about you at /privacy/dsar.
• Right to correct. Submit corrections at /corrections.
• Right to delete. Request account and data deletion at /privacy/dsar.
• Right to opt out of sale / sharing. Civic Worth does not sell personal data, but the explicit opt-out is at /privacy/do-not-sell.
• Right to data portability. DSAR responses are delivered in machine-readable JSON.

Civic Worth responds to verified data-subject requests within 30 days (45 in some jurisdictions; we default to 30).

Civic Worth's product is intended for US residents and is geofenced against EU member-state access (see the EU-consent flow at /eu-consent). If you are an EU resident who has been granted access by special arrangement, GDPR rights apply in parallel to the above and the controller of record is Civic Worth.

Civic Worth uses a small number of first-party cookies for authentication (Supabase Auth session), bot protection (Cloudflare Turnstile), and CSRF protection. We do not use advertising cookies or cross-site tracking cookies.

Account data is retained while your account is active and for 30 days after deletion (to support refund disputes). Server logs are retained for 90 days. Stripe's retention is governed by Stripe's policies.

Civic Worth runs on Supabase Postgres with Row-Level Security on every table that holds user data. Stripe handles all payment processing; we never see your card number. Production secrets live in 1Password and are loaded via op run. We use TLS 1.3 in transit and AES-256 at rest.

Security incidents are disclosed to affected users within 72 hours of confirmation.

Civic Worth may update this policy; material changes will be announced at least 30 days in advance via email to active users.

Privacy questions: privacy@civicworth.com. DSAR submissions: /privacy/dsar.