Draft — Not Legal Advice

Privacy Policy

Last updated: May 2026

DRAFT — NOT LEGAL ADVICE. This template was generated based on common UGC platform clauses. Before launch, these documents must be reviewed and finalized by a New York–licensed attorney.

1. What We Collect

  • Email address and year of birth — at account creation
  • Display name — optional
  • IP address and user-agent — at the time of review submission (security and legal compliance only — never displayed publicly)
  • Cloudflare Web Analytics — privacy-preserving; no cookies, no cross-site tracking

2. Why We Collect It

Account creation, authentication, security, abuse prevention, and legal compliance.


3. Sharing

We never sell your data. We disclose data only in response to lawful legal process or to protect our rights.


4. Third Parties

Cloudflare

Hosting, DDoS protection, analytics

Better Auth

Auth sessions (stored in our own database)

Resend

Transactional email

Cloudflare Turnstile

Bot prevention (privacy-preserving)


5. Retention

Data is retained until account deletion plus 90 days for backup recovery. IP logs are purged after 1 year unless tied to an open legal report.


6. Your Rights

You may request access, correction, or deletion of your personal data by emailing privacy@cityserv.org. We honor CCPA/CPRA-style rights regardless of your state of residence.


7. Children

Account holders must be 16 or older. If we discover we have collected data from someone under 13, we will delete it promptly.


8. Security

Data is encrypted in transit (TLS). We use Cloudflare WAF and access controls to protect your data. In the event of a breach affecting your personal information, we will notify you as required by New York's SHIELD Act (NY GBL § 899-bb) as expeditiously as possible.


9. Contact

Questions about this policy? Email privacy@cityserv.org.