Privacy Policy
Last updated: May 2026
DRAFT — NOT LEGAL ADVICE. This template was generated based on common UGC platform clauses. Before launch, these documents must be reviewed and finalized by a New York–licensed attorney.
1. What We Collect
- Email address and year of birth — at account creation
- Display name — optional
- IP address and user-agent — at the time of review submission (security and legal compliance only — never displayed publicly)
- Cloudflare Web Analytics — privacy-preserving; no cookies, no cross-site tracking
2. Why We Collect It
Account creation, authentication, security, abuse prevention, and legal compliance.
3. Sharing
We never sell your data. We disclose data only in response to lawful legal process or to protect our rights.
4. Third Parties
Cloudflare
Hosting, DDoS protection, analytics
Better Auth
Auth sessions (stored in our own database)
Resend
Transactional email
Cloudflare Turnstile
Bot prevention (privacy-preserving)
5. Retention
Data is retained until account deletion plus 90 days for backup recovery. IP logs are purged after 1 year unless tied to an open legal report.
6. Your Rights
You may request access, correction, or deletion of your personal data by emailing privacy@cityserv.org. We honor CCPA/CPRA-style rights regardless of your state of residence.
7. Children
Account holders must be 16 or older. If we discover we have collected data from someone under 13, we will delete it promptly.
8. Security
Data is encrypted in transit (TLS). We use Cloudflare WAF and access controls to protect your data. In the event of a breach affecting your personal information, we will notify you as required by New York's SHIELD Act (NY GBL § 899-bb) as expeditiously as possible.
9. Contact
Questions about this policy? Email privacy@cityserv.org.