Skip to main content
Civic DeskBack to home

Privacy Policy

Privacy Policy

This Privacy Policy describes how Compubility, LLC ("Compubility," "we," "us," or "our") collects, uses, stores, and protects information through the Civic Desk platform — a multi-tenant SaaS application for municipal permitting and licensing. Civic Desk is a government-facing product and we treat all data handled through the platform with the care and diligence that public-sector operations require.

Information we collect

We collect information necessary to operate the Civic Desk platform and deliver permitting and licensing services to municipalities and their residents:

  • Staff account information: name, email address, and organizational role — collected during account creation via Google OAuth or email-based authentication
  • Resident applicant information: name, email address, mailing address, phone number, and any additional information required by the municipality's permit or license application forms
  • Application data: form responses, uploaded documents (such as supporting PDFs, images, or certificates), and application status history
  • Authentication data: OAuth tokens, session identifiers, and email verification tokens — used solely for secure sign-in and session management
  • Usage metadata: timestamps, IP addresses, browser type, and page interactions — collected for platform reliability and performance monitoring

We do not collect Social Security numbers, financial account numbers, or payment card information directly. If a municipality configures payment processing, that is handled by a separate third-party payment provider and is not stored in Civic Desk.

How we use your information

Information collected through Civic Desk is used exclusively for the following purposes:

  • Operating the platform: processing permit and license applications, managing staff workflows, and generating official PDF records
  • Authentication and access control: verifying user identity and enforcing role-based access controls (RBAC) to ensure only authorized personnel can view or modify records
  • Transactional communications: sending email notifications related to application status updates, account verification, and system alerts via Amazon SES
  • Audit and compliance: maintaining audit logs of critical actions (application submissions, status changes, role modifications) to meet government accountability requirements
  • Platform improvement: analyzing aggregated, non-personally-identifiable usage patterns to improve platform reliability, performance, and usability

Data storage and security

All Civic Desk data is stored and processed within the United States using infrastructure designed for security and reliability:

  • Database: PostgreSQL hosted on Neon with encryption at rest and in transit. Access is controlled through role-based access control (RBAC) at the database level
  • Document storage: Amazon S3 with server-side encryption (AES-256). Access controls are scoped to each municipality — no cross-tenant access is possible
  • Application hosting: deployed on secure US-based infrastructure with HTTPS enforced on all connections
  • Tenant isolation: each municipality's data is logically isolated at the database level. All queries are scoped by tenant identifier — no municipality can access another's records
  • Secrets management: API keys, database credentials, and authentication secrets are stored in secure environment variable systems and are never committed to source code or logged

Access controls and authorization

Civic Desk enforces strict access controls to protect municipal and resident data:

  • Role-based access control (RBAC): staff members are assigned roles (Owner, Admin, Staff, Reviewer) that determine what actions they can perform and what data they can view
  • Server-side enforcement: all authorization checks are performed server-side — client-side role information is used for UI rendering only and is never trusted for access decisions
  • Least-privilege principle: each role grants only the minimum permissions needed for that function
  • Session management: sessions are cryptographically signed and expire automatically. Session tokens are rotated on re-authentication
  • SSO support: municipalities may configure their own Single Sign-On (SSO) provider via OpenID Connect (OIDC) for centralized identity management

Analytics and telemetry

Civic Desk uses SigNoz, a self-hosted open-source observability platform, for application performance monitoring and error tracking via OpenTelemetry:

  • Telemetry data includes request traces, error rates, response times, and system health metrics
  • No personally identifiable information (PII) is included in telemetry data — we do not log names, email addresses, application contents, or other personal data to our analytics system
  • Analytics data is used exclusively for monitoring platform reliability, diagnosing errors, and improving performance
  • We do not use third-party advertising trackers, behavioral analytics platforms, or marketing pixels

Civic Desk does not sell, share, or provide analytics data to any third party for advertising or marketing purposes.

Cookies and local storage

Civic Desk uses cookies strictly for functional purposes:

  • Authentication session cookies: required to maintain your signed-in session. These are httpOnly, secure, and scoped to the application domain
  • Locale preference: a cookie stores your selected language preference (English, Spanish, or Chinese) so it persists between visits
  • Theme preference: your light/dark mode selection is stored locally
  • OIDC state cookies: temporary cookies used during Single Sign-On authentication flows, automatically cleared after the flow completes

We do not use advertising cookies, tracking cookies, or any cookies that share information with third parties. You may configure your browser to block cookies, but this will prevent you from signing in to the platform.

Third-party services

Civic Desk integrates with the following third-party services to deliver platform functionality. Each service is used for a specific operational purpose:

  • Amazon Web Services (AWS) — S3 for encrypted document storage, SES for transactional email delivery, and Textract for PDF form field extraction during application type setup
  • Neon — managed PostgreSQL database hosting with encryption at rest, encryption in transit, and role-based access control. All data resides in US-based data centers
  • Google OAuth — optional authentication provider for staff sign-in. We receive only basic profile information (name, email, profile image) and do not access Google Drive, Gmail, or other Google services
  • SigNoz — self-hosted application performance monitoring. No PII is transmitted to SigNoz
  • Vercel — application deployment and hosting infrastructure

We do not sell or share personal information with third parties for marketing or advertising. Third-party services are used only as described above and are subject to their own privacy policies.

Data retention

We retain data in accordance with government record-keeping requirements and operational necessity:

  • Application records and audit logs: retained for the duration of the municipality's subscription and as required by applicable public records retention schedules
  • Account data: retained while the account is active. Upon municipality request, staff accounts can be deactivated and associated personal data can be removed
  • Session and authentication tokens: automatically expire and are purged on a regular schedule
  • Uploaded documents: retained for the duration of the municipality's subscription. Municipalities may request export or deletion of their data at any time

Your rights

Depending on your jurisdiction, you may have certain rights regarding your personal information:

  • Access: you may request a copy of the personal information we hold about you
  • Correction: you may request that we correct inaccurate personal information
  • Deletion: you may request deletion of your personal information, subject to applicable legal retention requirements and public records laws
  • Data portability: municipalities may request an export of all their data in standard formats at any time
  • Objection: you may object to certain processing activities where we rely on legitimate interest as the legal basis

To exercise any of these rights, please contact us at privacy@compubility.com. We will respond within 30 days. Note that some requests may be subject to exceptions under applicable public records laws or other legal requirements.

Children's privacy

Civic Desk is designed for use by municipal staff and adult residents. We do not knowingly collect personal information from children under the age of 13:

  • If a permit or license application involves a minor, the application must be submitted by a parent or legal guardian
  • If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly

Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or platform capabilities. When we make material changes, we will update the "Last updated" date at the bottom of this page and, where required, notify affected municipalities directly. Continued use of Civic Desk after changes are posted constitutes acceptance of the updated policy.

Contact us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: privacy@compubility.com

Last updated

Last updated: March 30, 2026