Last updated: February 23, 2026
Introduction
Local Civic Hub ("we," "our," or "us") is operated by Local Civic Hub. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our civic information platform.
Information We Collect
Account Information
When you sign in with Google, we receive your name, email address, and profile picture. We use this to personalize your experience and manage your account.
Preferences & Settings
We store your language preference, theme settings, and home area selection locally in your browser (localStorage). This data never leaves your device unless you opt into cloud sync (Premium).
Watchlist & Notifications (Premium)
If you create a keyword watchlist or follow meetings, those topics and preferences are stored on our servers to deliver real-time alerts and email notifications.
Authentication & Security Data
We generate HMAC-signed session tokens when you log in, stored server-side with your email and expiration time. If you enable Two-Factor Authentication (2FA), we store your 2FA preference and, for authenticator-based 2FA, an encrypted TOTP secret in our database. Temporary 2FA verification codes are held in memory for 10 minutes and then automatically deleted.
Newsletter & Digests (Premium)
Premium subscribers can opt into weekly or daily email digests. We store your email address and digest preferences to deliver personalized community updates. You can unsubscribe or adjust frequency at any time.
Public Data Sources
We aggregate publicly available information from official and community sources across the metro areas we serve, including government websites, local news outlets, school districts, health departments, nonprofits, libraries, transit agencies, and the National Weather Service.
All sources are publicly available and intended for public consumption. For non-government sources, we display only brief excerpts (up to 300 characters) with links to the original, in compliance with copyright and fair use principles.
Compliance Measures:
- We check and respect robots.txt directives before accessing any website
- Our scraper identifies itself with a contact email in the User-Agent header
- We observe crawl-delay directives when specified by site operators
- We do not bypass authentication, CAPTCHAs, or access controls
- Content owners may request removal at any time via legal@localcivichub.org
How We Use Your Information
- To provide and maintain our civic information service
- To personalize your experience based on your preferences
- To send email alerts when your watchlist topics match new content
- To send weekly digest emails (if subscribed)
- To deliver in-app notifications for followed topics and meetings
- To improve our platform based on usage patterns
- To respond to your inquiries and support requests
AI-Powered Features
Our platform uses Google Gemini (primary) and Anthropic Claude (fallback) to power several features:
- Plain-language summaries: News and government updates are automatically summarized in everyday language.
- Ask Penny (Premium): An AI civic assistant that answers questions using aggregated local data and web search.
- Email digests: AI-curated weekly summaries personalized to your watchlist.
AI processing is subject to Google's Gemini API Terms and Anthropic's Terms of Service.
Data Sharing
We do not sell, trade, or rent your personal information. We share data only with:
- Google — For authentication (Google Sign-In) and AI features (Gemini)
- Anthropic — For AI fallback processing (Claude)
- Stripe — For secure payment processing (Premium subscriptions)
- Unsplash — For sourcing relevant stock images displayed alongside civic updates
- Resend — For sending notification emails and newsletters
- Law Enforcement — If required by law or to protect rights and safety
Your Rights
You have the right to:
- Access your personal data stored in our system
- Request correction of inaccurate information
- Delete your account and all associated data (watchlist, notifications, follow-ups)
- Unsubscribe from newsletters and notifications at any time
- Export your data in a portable format
To exercise these rights, visit Account Settings or contact us directly.
Data Security
We implement appropriate security measures including:
- HTTPS encryption for all data transmission
- Secure authentication via Google OAuth 2.0 with HMAC-signed server-side session tokens
- Two-Factor Authentication (2FA) support via email codes or authenticator apps (TOTP)
- Per-endpoint rate limiting to prevent abuse and brute-force attacks
- Account lockout after repeated failed login attempts
- Server-side input validation and sanitization on all user inputs
- Timing-safe cryptographic comparisons to prevent timing attacks
- Content Security Policy (CSP) headers to prevent cross-site scripting
- Strict CORS policy limiting API access to authorized origins
- Helmet.js security headers (HSTS, X-Frame-Options, etc.)
Data Retention
We retain your data according to the following schedule:
- Aggregated civic content: 90 days for general updates; 30 days for police/safety data
- Account data: Retained while your account is active; deleted within 30 days of account deletion
- Session tokens: Automatically expire after 24 hours and are cleaned up every 10 minutes
- 2FA codes: Temporary codes expire after 10 minutes
- Notifications: Retained for 90 days
- Payment records: Retained per applicable tax regulations (typically 7 years) by our payment processors
Cookies & Local Storage
We use browser localStorage to store:
- Your theme preference (light/dark mode)
- Language selection (English, Spanish, French, Arabic)
- Home area / municipality preference
- Session authentication token (for staying logged in)
- Onboarding tour completion status
- Local-only follow-ups (free tier — never sent to our servers)
We do not use tracking cookies or third-party analytics that follow you across websites. No advertising trackers, fingerprinting, or cross-site tracking is used.
Illinois-Specific Privacy Rights
As an Illinois-based service, we comply with applicable Illinois privacy laws:
- Illinois Personal Information Protection Act (815 ILCS 530): We maintain reasonable security measures to protect personal information and will notify affected users in the event of a data breach as required by law.
- Right to Know: Illinois residents may request disclosure of the categories and specific pieces of personal information we have collected.
- Right to Delete: You may request deletion of your personal information through Account Settings or by contacting us directly.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Note on Biometric Data: We do not collect, store, or process any biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14).
Children's Privacy
Our service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by posting a notice on our platform or sending an email to subscribers.
Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
