Privacy
Policy

Plaza Civic Inc. (“Plaza,” “we,” “our,” or “us”) is a civic technology platform that helps communities discuss, vote on, and fund local initiatives. This policy explains what we collect, how we use it, and the choices you have. We will never sell your personal data. We will never share it with advertisers. We will never use it to train AI models. We will always tell you plainly what we are doing with it.

What We Collect

Account information

• Phone number — required, used for account creation and identity verification
• Password — stored hashed by our authentication provider, never readable by Plaza staff
• First and last name — required, used to personalize your experience and identify you to other users when you choose to make your profile public
• Date of birth — required, used to confirm eligibility (13+ to create an account, 18+ to pledge or vote)
• Email address — optional, used for account recovery and important account notices if you provide one

Location information

• City, state, and ZIP code — required, used to match you with local initiatives and determine which voting cycles you participate in

We do not collect or track your GPS location. We do not request location permissions on your device.

Civic participation data

• Voting history — which initiatives you voted for and how you ranked them
• Pledge and allocation history — your pledge tier, amount, and how you split funds across initiatives and scales
• Discussion and comment activity
• Initiatives you have followed or supported

Technical data

• Crash reports and error data from the mobile app — including stack traces, app version, OS version, current screen, and recent navigation. We use Sentry for this. We scrub personal data from error reports before they are transmitted.
• Server logs — the backend records technical information about API requests (method, URL, response status, response time). Personal data is not logged in error messages.
• Push notification token (Apple or Google) when you grant push permission — used only to deliver Plaza notifications you have opted into.

How We Use Your Data

• To create and maintain your Plaza account
• To verify your phone number during signup via a one-time SMS code
• To match you with initiatives and voting cycles in your geographic area
• To process and track your pledge and allocation preferences
• To deliver app notifications you have opted into (voting cycle openings, funded initiative milestones, account events)
• To generate aggregate civic data — anonymized and aggregated — that demonstrates community priorities to partner organizations and government bodies
• To improve the app via crash reports and error monitoring
• To comply with legal obligations

Notifications

Plaza sends two kinds of notifications:

• SMS — used only for phone verification during signup. You will receive at most one SMS per signup attempt, containing a one-time code. We do not send marketing, voting reminders, or general updates via SMS.
• Push notifications — sent through the operating system's push service (Apple Push Notification service or Firebase Cloud Messaging) for in-app events you opt into. You can disable push notifications at any time in your device settings.

What We Share and With Whom

Service providers — Plaza uses the following third-party services to operate the platform. Each receives only the data necessary to provide their service.

• Supabase — hosts our authentication system and primary database
• Railway — hosts our backend API server
• Twilio — delivers one-time SMS codes during phone verification
• Sentry — receives mobile crash reports and error data
• Apple Push Notification service and Firebase Cloud Messaging — deliver push notifications

Partner organizations — organizations that execute funded initiatives may receive aggregate funding data (such as total amount raised and number of contributors) but never individual contributor identities unless you explicitly opt in to public credit.

Government and civic partners — we may share anonymized, aggregated civic participation data with city and county governments to demonstrate community priorities. This data cannot be used to identify any individual user. When we do this, we will publicly disclose the partnership.

Your Privacy Controls

• You can make your profile private at any time — by default your name, location, supported initiatives, and tier are visible to other Plaza users, and you can hide each independently
• You can independently toggle visibility of your location, supported initiatives, tier, and pledge amount
• You can delete your account at any time from within the app
• You can request a copy of all data Plaza holds about you by emailing us — we will respond within 45 days
• You can disable push notifications in your device's settings at any time

California Residents — CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• The right to know what personal information we collect, use, and share
• The right to delete your personal information
• The right to opt out of the sale of your personal information — Plaza does not sell personal information, but you have this right regardless
• The right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at plaza.app.support@gmail.com. We will respond within 45 days.

Data Retention and Deletion

We retain your account data for as long as your account is active.

When you delete your account, you can choose between two options:

• Let current cycle complete — your account is deactivated immediately, your active pledge runs to the end of the current funding cycle so initiatives you allocated to still receive your funds, and your account and personal data are permanently removed when the cycle ends. You can reactivate by signing back in before the cycle ends.
• Cancel immediately — your active pledge is redirected to the community pool, your active allocations are released, and your account and personal data are permanently removed within 30 days. You cannot reactivate after choosing this option.

After the deletion takes effect, we permanently remove your personal information and your civic participation activity (voting history, allocations, pledges, comments). We may retain limited records as required by law — for example, financial transaction records when payment processing is added in a future release.

Security

We use industry-standard encryption for data in transit and at rest. Passwords are hashed by our authentication provider and never stored in readable form. We will notify users promptly in the event of any breach affecting personal data.

Children's Privacy

Plaza is available to users aged 13 and older. Users under 18 can browse, follow, and discuss initiatives but cannot pledge, vote, or provide payment information. We do not collect payment data from users under 18 under any circumstances.

We do not knowingly collect personal information from anyone under 13. If we become aware that a user is under 13, we will delete their account and associated data promptly. If you believe a user under 13 has created an account, please contact us at plaza.app.support@gmail.com.

Changes to This Policy

We will notify users in the app when material changes are made to this policy. The current version will always be available at the URL where you are reading this. Continued use of Plaza after notification constitutes acceptance of the updated policy.