Privacy Policy

This Privacy Policy explains how CivQuest, a product of Civic Vanguard ("CivQuest," "we," "us," or "our"), collects, uses, discloses, and safeguards information when you use the CivQuest platform and its modules, including Atlas, Notify, Forge, and Compass, together with our websites at civ.quest and related domains (collectively, the "Services").

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.

1. Who we are & scope

The Services are provided by Civic Vanguard. Many of our customers are local government organizations and public agencies that use CivQuest to deliver geospatial information and notifications to their staff and constituents.

This policy describes our practices when we act as a data controller (for example, for account holders and visitors to our websites). When we process information on behalf of a customer organization that operates its own CivQuest workspace, we act as a data processor, and that organization's privacy notice governs how the underlying personal data is used. In those cases, please contact the relevant organization to exercise your rights.

2. Information we collect

Information you provide

• Account & profile data: name, email address, organization, role, and credentials used to create and manage an account.
• Subscription preferences: the notification topics, areas of interest, and delivery channels you choose in Notify.
• Communications: messages, support tickets, feedback, and demo requests you send to us.

Information from connected accounts

• ArcGIS / Esri OAuth: if you sign in or link your ArcGIS account, we receive identity tokens and profile details (such as your username and email) needed to authenticate you and to access the GIS resources you authorize. We do not receive your ArcGIS password.

Information collected automatically

• Usage & device data: log data, IP address, browser and device type, pages viewed, and actions taken within the Services.
• Location & geospatial data: map extents, addresses, parcels, or coordinates you search for or that define your notification subscriptions. Coarse location may be derived from your IP address.
• Cookies & similar technologies: used for authentication, session management, security, and remembering preferences. See "Cookies" below.

3. How we use information

• Provide, operate, secure, and maintain the Services.
• Authenticate users and manage accounts and permissions.
• Deliver notifications, emails, and other communications you request.
• Respond to support requests and feedback.
• Monitor, analyze, and improve performance, features, and reliability.
• Detect, prevent, and address fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our agreements.

4. Legal bases for processing

Where the EU/UK General Data Protection Regulation (GDPR) or similar laws apply, we rely on one or more of the following legal bases: performance of a contract with you; our legitimate interests in operating and improving the Services; your consent (for example, for optional communications); and compliance with legal obligations. You may withdraw consent at any time where processing is based on consent.

5. How we share information

We do not sell your personal information. We share information only as described here:

• With your organization: if you access CivQuest through an organization, administrators of that organization may access information associated with your account and activity.
• Service providers: with vendors who process data on our behalf under contract (see below).
• Legal & safety: when required by law, regulation, legal process, or to protect the rights, property, or safety of CivQuest, our users, or the public.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Privacy Policy.

6. Service providers

We rely on trusted third parties to deliver the Services. These currently include, among others:

• Google Firebase / Google Cloud: authentication, database, hosting, storage, and serverless compute.
• Brevo: transactional and notification email delivery.
• Esri / ArcGIS: mapping, geocoding, and GIS services that you or your organization connect.

Each provider is authorized to use personal information only as necessary to provide services to us and is bound by appropriate confidentiality and security obligations.

7. ArcGIS & Esri data

CivQuest integrates with Esri ArcGIS environments that you or your organization own and control. When you connect an ArcGIS environment, geospatial content and credentials you authorize flow between CivQuest and those Esri services to fulfill your requests. Your use of Esri products is also governed by Esri's own terms and privacy notices. We are not responsible for the data practices of Esri or other third-party platforms you connect.

8. Data retention

We retain personal information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and the purpose for which it was collected. When information is no longer required, we delete or de-identify it. Where we process data on behalf of a customer organization, retention follows that organization's instructions.

9. Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, and authentication safeguards. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

10. Your rights & choices

Depending on where you live, you may have rights to access, correct, update, port, restrict, or delete your personal information, and to object to certain processing. Residents of the European Economic Area and the United Kingdom have rights under the GDPR; California residents have rights under the CCPA/CPRA, including the right to know, delete, and opt out of the "sale" or "sharing" of personal information (note: we do not sell personal information).

To exercise these rights, contact us using the details below. We will respond within the timeframes required by applicable law and may need to verify your identity. You also have the right to lodge a complaint with your local data protection authority.

Cookies

You can manage cookies through your browser settings. Disabling certain cookies may limit your ability to sign in or use parts of the Services.

11. International data transfers

We and our service providers may process and store information in the United States and other countries that may have different data-protection laws than your jurisdiction. Where required, we use appropriate safeguards, such as Standard Contractual Clauses, for cross-border transfers of personal information.

12. Children's privacy

The Services are not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, please contact us so we can delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

14. Contact us

If you have questions about this Privacy Policy or our data practices, contact us at:

Civic Vanguard: CivQuest
Email: support@civicvanguard.com
Web: www.civicvanguard.com