Privacy Policy

1. Who we are

MuniMind, Inc. ("MuniMind," "we," "us") operates the MuniMind platform at munimind.com and associated city subdomains (e.g. nyc.munimind.com). MuniMind provides AI-powered municipal intelligence — maps, chat, and real-time government data — covering the jurisdictions available on the Service.

Contact: privacy@munimind.com

2. Information we collect

• Account information: name, email address, and authentication tokens when you sign in (via magic link through Supabase Auth).
• Usage data: pages visited, searches performed, chat queries sent, properties saved, map interactions, API calls.
• Chat content: the messages you send to the MuniMind AI assistant and the answers produced. These may be retained to debug quality issues and improve the Service.
• Commercial data: subscription tier, payment method metadata (handled by Stripe — we never see full card numbers), invoices.
• Device + network: IP address, browser type, OS, approximate location derived from IP (city/region, never GPS).
• API usage: if you use the Developer API, we log request metadata (endpoint, credit consumption, response status).

3. How we use your information

• Provide, operate, and improve the Service
• Answer your chat queries via AI
• Process subscriptions, renewals, and receipts
• Send transactional email (magic links, receipts, watch alerts)
• Enforce rate limits, detect abuse, and protect the Service
• Analyze aggregated usage patterns to improve features
• Comply with legal obligations (tax reporting, subpoenas, privacy requests)

4. How we share your information — third-party processors

We do not sell your personal information in the ordinary sense. Under CCPA's broad definition, cookie-based advertising may qualify as "sharing" — see Section 8 and our Do Not Sell or Share page to opt out.

We share information with the following service providers:

• Supabase — primary database, authentication, and storage
• Vercel — frontend hosting, Vercel Analytics, Vercel Speed Insights
• Hetzner Cloud — backend API, graph database (Neo4j), pipeline workers
• Anthropic — Claude AI model that powers the chat assistant. Prompts and responses are processed by Anthropic under their commercial terms. Per Anthropic's policy, API inputs/outputs are not used to train their models.
• Voyage AI — embeddings for semantic search (chat queries and document chunks are embedded here)
• Cloudflare R2 — object storage for source PDFs (case decisions, meeting materials, etc.)
• Stripe — subscription billing, payments, invoice delivery
• Resend — transactional email delivery (magic links, receipts, alerts)
• PostHog — product analytics and session diagnostics
• Google Analytics — aggregated web analytics (optional; respects cookie consent)
• Mapbox / OpenStreetMap — basemaps and geocoding
• Legal authorities — when required by valid legal process

Each processor handles your data under its own privacy terms and a data processing agreement with us.

5. Public government data

MuniMind aggregates and analyzes publicly available government records — meeting recordings, council votes, zoning applications, property records, decisions by zoning boards, landmark designations, and similar public data. This information is public record. Our collection and analysis of it does not require consent from individuals named in those records, and removal requests targeting public records may be declined; however, we will review every request under Section 6.

6. Your privacy rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your account and associated data
• Export your data in a portable format
• Opt out of advertising cookies / data sharing (see Do Not Sell)
• Withdraw consent for optional processing at any time

To exercise any of these rights, use our data request form or email privacy@munimind.com. We respond within 30 days (45 for California residents, as CCPA permits).

7. Data retention

• Account data: until deletion + 30 days for backup expiration
• Chat logs: 90 days unless saved to a conversation or watchlist
• Payment records: 7 years (tax compliance)
• Analytics + usage logs: up to 24 months, aggregated after 13 months
• Email deliverability data: 90 days (bounces, complaints)

8. California residents (CCPA / CPRA)

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know — what we collect, use, disclose
• Right to delete — subject to legal exceptions
• Right to correct — inaccurate information
• Right to opt out of "sale" or "sharing" — see Do Not Sell or Share
• Right to limit sensitive information — we do not collect sensitive categories as CCPA defines them
• Non-discrimination — we will not charge you differently or reduce service quality for exercising rights

We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of sale/sharing.

9. EU / UK residents (GDPR)

If you are in the EU, EEA, UK, or Switzerland, you have rights under the GDPR / UK GDPR: access, rectification, erasure, restriction, portability, and objection. Our lawful bases for processing are contract performance (to provide the Service), legitimate interest (to improve and secure the Service), and consent (for optional cookies and marketing). Complaints can be made to your local data protection authority.

Our primary data processors include providers located in the United States; we rely on Standard Contractual Clauses and/or adequacy frameworks for cross-border transfers.

10. Cookies and tracking

See our Cookie Policy for the full cookie inventory. Summary:

• Essential: authentication and security. Always on.
• Analytics: PostHog, Google Analytics, Vercel Analytics. Opt-out via the cookie banner.
• Advertising: disabled by default; if enabled, subject to CCPA opt-out.

11. Security

We implement industry-standard security measures:

• Encryption in transit (TLS/HTTPS everywhere)
• Encryption at rest (database, object storage, backups)
• Row-level security on sensitive tables
• Least-privilege access for staff
• Gitleaks + Dependabot continuous scanning
• Hourly automated integrity + intrusion monitoring

No system is 100% secure. In the event of a data breach affecting you, we will notify you in accordance with applicable law.

12. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided information, contact privacy@munimind.com and we will delete it.

13. Changes to this Policy

We may update this Policy. Material changes will be announced by email or in-app notice. The "Last updated" date above reflects the most recent revision.

14. Contact

Privacy questions or requests: privacy@munimind.com
Data subject requests: munimind.com/legal/data-request
California opt-out: munimind.com/legal/do-not-sell