CivicBell - Privacy Policy

This Privacy Policy ("Policy") describes how CivicBell, LLC and its affiliates (collectively, "CivicBell," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our identity verification and residency verification platform (the "Platform" or "Services"). This Policy applies to all users of our Services, including school districts, educational institutions, and their authorized personnel.

Our Commitment: We are committed to protecting your privacy and the privacy of all individuals whose information is processed through our Platform. We do not sell, rent, or share personal information for marketing purposes. We use industry-standard encryption and security measures to protect all data in our care.

1. Information We Collect

1.1 Personal Information Collected from Customers

When you use our Services, we may collect the following types of information:

Account Information: Name, email address, phone number, job title, organization name, and other contact information for authorized users of the Platform.
Authentication Information: Username, password (encrypted), and other credentials used to access the Platform.
Billing Information: Payment card information, billing address, and other financial information necessary to process payments (processed through secure third-party payment processors).

1.2 Personal Information Processed on Behalf of Customers

In providing identity verification and residency verification services, we process personal information on behalf of our customers (school districts and educational institutions). This information may include:

Student Information: Student names, dates of birth, student identification numbers, enrollment information, and academic records.
Parent/Guardian Information: Names, addresses, phone numbers, email addresses, relationship to student, and contact preferences.
Identity Verification Data: Government-issued identification documents (driver's licenses, passports, state IDs), Social Security numbers or portions thereof, utility bills, lease agreements, mortgage documents, and other residency verification documents.
Investigation Data: Notes, correspondence, investigation results, findings, documentation, photographs, and other materials related to residency verification investigations.
Usage Data: Log files, IP addresses, device information, browser type, access times, and activity logs related to Platform usage.

1.3 Automatically Collected Information

We automatically collect certain technical information when you access our Platform, including:

IP address, browser type and version, device type, operating system
Pages visited, time spent on pages, clickstream data
Cookies and similar tracking technologies (see Section 8 for more information)
System performance and error logs (which do not contain personally identifiable information)

2. How We Use Information

2.1 Service Provision

We use personal information to:

Provide, operate, maintain, and improve the Platform and Services
Process identity verification and residency verification requests
Authenticate users and manage access to the Platform
Store, organize, and manage customer data and documents
Generate reports, analytics, and investigation results
Provide customer support and respond to inquiries
Send service-related communications (notices, updates, security alerts)

2.2 Legal and Compliance

We may use personal information to:

Comply with applicable laws, regulations, and legal processes
Respond to subpoenas, court orders, or other legal requests
Enforce our Terms of Service and other agreements
Protect the rights, property, or safety of CivicBell, our customers, or others
Detect, prevent, or address fraud, security, or technical issues

2.3 Business Operations

We may use aggregated, anonymized, or de-identified information (that cannot reasonably be used to identify individuals) to:

Analyze usage patterns and improve our Services
Develop new features and functionality
Conduct research and analytics

We Do NOT Use Personal Information For:

Marketing or advertising purposes
Sale or rental to third parties
Sharing with data brokers or analytics companies for commercial purposes
Creating profiles for purposes other than providing our Services

3. How We Share Information

3.1 Limited Sharing for Service Provision

We share personal information only in the following limited circumstances:

With Your Organization: Personal information is accessible to authorized users within your school district or educational institution who have been granted access to the Platform.
With Service Providers: We may share information with trusted third-party service providers who assist us in operating the Platform, such as cloud hosting providers, payment processors, email service providers, and technical support services. All service providers are contractually obligated to protect personal information and use it only for the purposes we specify.
With Your Consent: We may share information when you explicitly authorize us to do so.

3.2 Legal Requirements

We may disclose personal information if required by law, regulation, court order, or governmental request, including:

In response to valid subpoenas, warrants, or court orders
To comply with applicable education privacy laws (FERPA, state student privacy laws)
To protect the rights, property, or safety of CivicBell, our customers, or others
In connection with legal proceedings or investigations

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of the transaction. We will provide notice of such transfers and ensure that the receiving entity agrees to protect personal information in accordance with this Policy.

We Do NOT Share Personal Information With:

Data brokers or data aggregators
Marketing or advertising companies
Social media platforms
Third parties for their own commercial purposes

4. Data Security

4.1 Security Measures

We implement comprehensive technical, administrative, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

Encryption: All data in transit is encrypted using industry-standard Transport Layer Security (TLS) 1.2 or higher. All data at rest is encrypted using AES-256 encryption or equivalent standards.
Secure Infrastructure: Our Platform is hosted on secure, enterprise-grade servers with multiple layers of security controls, including firewalls, intrusion detection systems, and regular security audits.
Access Controls: We implement role-based access controls, multi-factor authentication, and least-privilege principles to ensure that only authorized personnel can access personal information.
Regular Security Assessments: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security risks.
Employee Training: All employees and contractors who have access to personal information undergo security and privacy training and are bound by strict confidentiality obligations.
Incident Response: We maintain an incident response plan to promptly address and mitigate any security incidents or data breaches.

4.2 Data Breach Notification

In the event of a security incident that compromises personal information, we will:

Promptly investigate and contain the incident
Notify affected customers and, where required by law, affected individuals
Report the incident to relevant regulatory authorities as required by applicable law
Take appropriate remedial measures to prevent future incidents

4.3 Your Role in Security

While we implement strong security measures, you also play an important role in protecting personal information. You are responsible for:

Maintaining the confidentiality of your account credentials
Using strong, unique passwords and enabling multi-factor authentication when available
Promptly notifying us of any unauthorized access to your account
Ensuring that authorized users within your organization follow appropriate security practices

5. Data Retention and Deletion

5.1 Retention Period

We retain personal information for as long as necessary to:

Provide the Services to you
Comply with legal obligations (including education record retention requirements under FERPA and state laws)
Resolve disputes and enforce our agreements
Maintain security and prevent fraud

When personal information is no longer needed for these purposes, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

5.2 Customer Data Deletion

Upon termination of your agreement with CivicBell, you may request deletion of your Customer Data. We will delete or return Customer Data within thirty (30) days of your request, except where we are required to retain it by law or for legitimate business purposes (such as maintaining audit logs or resolving disputes).

5.3 Backup and Archive Data

Personal information may be retained in backup or archive systems for a limited period to ensure data recovery and business continuity. Such data is subject to the same security measures and will be deleted in accordance with our retention schedule.

6. Your Rights and Choices

6.1 Access and Correction

You have the right to:

Access personal information we hold about you or your organization
Request correction of inaccurate or incomplete personal information
Request deletion of personal information (subject to legal and contractual obligations)

To exercise these rights, please contact us using the information provided in Section 12. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

6.2 Account Settings

You can update certain account information, such as email address and contact preferences, through your account settings in the Platform.

6.3 Opt-Out Rights

You may opt out of receiving non-essential communications from us by following the unsubscribe instructions in such communications or by contacting us directly. Note that you may not opt out of service-related communications that are necessary for the operation of the Platform.

6.4 State-Specific Rights

Depending on your jurisdiction, you may have additional rights under state privacy laws (such as the California Consumer Privacy Act ("CCPA") or other state privacy laws), including:

The right to know what personal information is collected, used, and shared
The right to request deletion of personal information
The right to opt out of the sale of personal information (we do not sell personal information)
The right to non-discrimination for exercising privacy rights

7. Children's Privacy

7.1 FERPA Compliance

We recognize the special importance of protecting student privacy. Our Services are designed to comply with the Family Educational Rights and Privacy Act ("FERPA") and applicable state student privacy laws. We act as a "school official" with a "legitimate educational interest" under FERPA when processing student education records on behalf of educational institutions.

7.2 COPPA Compliance

Our Services are not directed to children under the age of 13. We do not knowingly collect personal information directly from children under 13. When we process information about children under 13, we do so on behalf of educational institutions that have obtained appropriate parental consent or have a legal basis for such processing under the Children's Online Privacy Protection Act ("COPPA") and applicable state laws.

7.3 Parental Rights

Parents and guardians have rights regarding their children's information under FERPA, COPPA, and state laws. If you are a parent or guardian and have questions about your child's information, please contact your child's school district or educational institution, which is the primary custodian of student records.

8. Cookies and Tracking Technologies

8.1 Use of Cookies

We use cookies and similar tracking technologies to:

Authenticate users and maintain session state
Remember user preferences and settings
Analyze Platform usage and performance
Enhance security and prevent fraud

8.2 Cookie Types

We use the following types of cookies:

Essential Cookies: Required for the Platform to function properly (cannot be disabled)
Functional Cookies: Remember your preferences and enhance your experience
Analytics Cookies: Help us understand how the Platform is used (aggregated, non-personal data)

8.3 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Platform.

9. Third-Party Services

9.1 Integrated Services

Our Platform may integrate with third-party services, such as cloud hosting providers, payment processors, and identity verification services. These third parties may have access to personal information necessary to provide their services, but they are contractually obligated to protect such information and use it only for the purposes we specify.

9.2 Third-Party Links

Our Platform may contain links to third-party websites or services. This Policy does not apply to such third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. International Data Transfers

10.1 Data Location

Personal information is primarily stored and processed in the United States. If you are located outside the United States, please be aware that information you provide may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

10.2 Transfer Safeguards

When we transfer personal information across borders, we implement appropriate safeguards to ensure that such information receives an adequate level of protection, including:

Standard contractual clauses approved by relevant data protection authorities
Compliance with applicable data protection laws
Maintenance of the same security and privacy standards regardless of data location

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Posting the updated Policy on the Platform with a new "Effective Date"
Sending an email notification to the primary contact associated with your account
Displaying a prominent notice on the Platform

Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, you must discontinue use of the Platform and, if applicable, terminate your agreement with CivicBell.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

CivicBell, LLC
Email: team@civicbell.com
Address: 3790 El Camino Real #1022, Palo Alto, CA 94306

For requests related to student records or FERPA, please contact your school district or educational institution, which is the primary custodian of such records.

13. Compliance and Certifications

13.1 Legal Compliance

We are committed to complying with all applicable privacy and data protection laws, including:

Family Educational Rights and Privacy Act (FERPA)
Children's Online Privacy Protection Act (COPPA)
California Consumer Privacy Act (CCPA)
General Data Protection Regulation (GDPR) (for applicable data subjects)
State student privacy laws and data protection regulations
Other applicable federal, state, and local privacy laws

13.2 Security Standards

Our security practices are designed to meet or exceed industry standards, including:

NIST Cybersecurity Framework
ISO 27001 information security management principles
SOC 2 Type II compliance (where applicable)
Industry best practices for data protection

END OF PRIVACY POLICY

← Back to Login