PRIVACY POLICY

Last updated: June 15, 2026 Effective date: June 15, 2026

Citizenry is about helping people discover new pathways into local civic life. Your trust matters to us, and this policy explains — in plain English — what we collect, how we use it, and the choices you have.

We’re a nonprofit tech platform in service of nonprofits and, most importantly, in service of you. We don’t sell your data. We never will.

A note on scope. Citizenry currently operates in New York and Wyoming (Teton County). We’ll update this policy before we expand into jurisdictions with additional privacy requirements (for example, California or the EU).

Who We Are

Citizenry is operated by Citizenry, Inc., a New York State-registered nonprofit corporation with a mailing address at 895 Broadway, New York, NY 10003. For any privacy question, write to us at hello@citizenry.me.

Information We Collect

We try to collect only what we need to do our job. That includes:

Things you tell us directly - Account info — name, email, phone (optional), city/neighborhood, and a password if you set one. - Civic profile — answers you give us during onboarding (your interests, what you care about, time you can give, tenure in the city, professional background, what kind of involvement you’re looking for), and anything you add later from your profile. - Engagement signals — what you save, RSVP to, apply to, mute, follow, check in to, message, or click through to. - Communications — emails or messages you send us; replies you send to organizations through our platform.

Things you give us as an organization (if you run a nonprofit on Citizenry) - Mailing lists you import (with your attestation that you have permission to email those contacts), email engagement (opens, clicks), ticket records, application responses, membership records, and team-member info.

Things related to Citizenry-hosted events - When Citizenry itself hosts an event (rare but it happens), we collect RSVPs, ticket purchases, QR check-ins, waitlist status, and any dietary or accessibility notes you choose to share with us.

Things we collect automatically - Device and browser info, IP address, approximate location derived from IP, pages viewed, referring URLs, email opens and clicks (via pixels and tracked links). - A small set of cookies and similar technologies needed to keep you signed in, remember your preferences, and measure how the site is working.

Things from third parties - For senior or executive accounts, we may supplement your profile with publicly available information about you (for example, a public bio) to improve matching. You can edit or remove anything that ends up on your profile.

What we do with it

We use what we collect to:

  • Match you to organizations, events, programs, and opportunities you’re likely to care about.

  • Personalize the app — what you see on Discover, in Happenings, in Resources, and in the occasional civic-update email (capped at no more than one per week).

  • Make civic partner introductions — when you opt in, we share interest signals with civic partners (local governments, BIDs, community boards) so they can invite you to participate. Nothing happens here unless you ask for it.

  • Operate the service — sign-in, account recovery, save and RSVP, broadcasts, ticketing, memberships, applications, check-ins.

  • Improve the product — anonymous and aggregated analytics, debugging, and abuse prevention.

  • Comply with the law — respond to lawful requests, enforce our terms, and protect users.

Use of Artificial Intelligence

Some parts of Citizenry use AI provided by third-party vendors. Today, we use AI to:

  • Match you to organizations, events, and opportunities.

  • Summarize content (for example, match reasons and digest emails).

  • Transcribe voice notes that organizations capture in their dashboard.

  • Help structure publicly available information about senior staff and board members for better matching.

A few commitments:

  • Your inputs are not used to train our AI vendors’ foundation models, per the terms we have in place with them.

  • AI-generated output (match reasons, summaries, suggested drafts) can be wrong or out of date. We label it where it matters, and we always defer to your judgment.

  • We swap AI vendors from time to time as the field changes. When we do, we hold the new vendor to the same standards.

Information Sharing

We do not sell your data and we do not rent it to advertisers.

We do share, narrowly, in these cases:

  • Service providers we rely on to run Citizenry — for example, our hosting, database, and authentication provider; our email delivery provider; our AI providers; and product analytics. They handle data on our behalf under contracts that limit what they can do with it.

  • Nonprofits we recommend — only when you choose to RSVP, apply, message, or join their mailing list. We don’t hand over your data behind your back.

  • Citizenry-hosted events — with venues, co-hosts, vendors, and ticketing partners strictly as needed to run the event (e.g., check-in lists, dietary notes for caterers).

  • Aggregated, de-identified insights — patterns about civic participation, shared with partners (including government) in a form that can’t be used to identify you.

  • Legal compulsion and safety — when required by law, or to protect users, the public, or Citizenry.

  • Business changes — if Citizenry merges, is acquired, or transfers its operations, your data may be part of that transfer, subject to this policy.

Cookies & Analytics

We use a small set of cookies: - Strictly necessary — to keep you signed in and the app working. - Functional — to remember your preferences (e.g., which market, dismissed banners). - Analytics — to count traffic, measure email engagement, and find bugs. We try to keep this minimal.

You can clear or block cookies in your browser. Some parts of the app may not work without strictly necessary cookies. We honor Global Privacy Control / Do Not Track signals for non-essential analytics where technically feasible.

Email and messaging

A civic-update email may be sent at twice per month (at most) and is personalized to your profile.

Every email has a one-click unsubscribe (RFC 8058), and you can manage all your preferences without logging in via the “Manage preferences” link in any email.

Per-organization unsubscribe: when you unsubscribe from a nonprofit’s broadcasts, it only applies to that nonprofit — not the rest of Citizenry.

We don’t currently send SMS. If we add it later, it will be opt-in.

Your Rights & Choices

You can, at any time:

  • Access what we have on you.

  • Correct anything that’s wrong.

  • Delete your account and the data tied to it, directly from your profile.

  • Export a copy of your civic profile.

  • Opt out of any email category, or unsubscribe entirely.

  • Mute or unfollow any organization or topic.

For anything you can’t do yourself, write to hello@citizenry.me and we’ll handle it.

If you’re in a jurisdiction with additional privacy rights beyond New York and Wyoming, contact us — we’ll do our best to honor a reasonable request even where the law doesn’t strictly require it, and we’ll update this policy before we expand there formally.

How long we keep things

We keep your data for as long as your account is active.

When you delete your account, we remove personal data from our active systems within 30 days, and from our backups on a rolling 90-day cycle.

We may keep limited records longer where law requires (for example, financial or tax records related to events or memberships).

Security and what happens if something goes wrong

  • We take security seriously and apply reasonable, industry-standard safeguards, including:

  • Access controls that limit data to the people and systems that need it.

  • Encryption in transit (TLS) and at rest.

  • Principle of least privilege for internal access.

  • Multi-factor authentication on administrative accounts.

  • Signed, expiring auth tokens.

  • Dependency scanning and audit logs.

That said, no online service can promise perfect security. We commit instead to two things:

Doing the work to keep your data safe — controls above, regular review, and not collecting what we don’t need.

Telling you fast if something goes wrong. If we discover a security incident that materially affects your personal information, we’ll notify affected users without unreasonable delay, in accordance with applicable law — which for New York residents means the NY SHIELD Act (notification in the most expedient time possible and without unreasonable delay), and for Wyoming residents means Wyoming Statutes § 40-12-501 et seq. (notification within the statutory window, generally no later than 45 days after discovery). We’ll tell you what we know, what we don’t, what we’re doing, and what you should do.

Children

Citizenry is not directed to children under 16. If we learn we’ve collected information from a minor without verifiable parental consent, we’ll delete it

Contact

Questions? Concerns? Want a copy of your data, or want everything deleted? Reach out anytime: hello@citizenry.me.