Privacy Policy
Effective Date: April 28, 2026
Last Updated: April 28, 2026
Open Navigator is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
1. Introduction
This Privacy Policy describes how CommunityOne ("we," "us," or "our") collects, uses, and discloses information through Open Navigator ("the Service"). By using the Service, you agree to the practices described in this Privacy Policy.
2. Information We Collect
2.1 Public Data We Aggregate
The Service aggregates publicly available information from government sources and public records:
Government & Public Records Data:
- Elected officials' names, positions, and public contact information
- Public meeting attendees and speakers from published minutes
- Nonprofit organization data from IRS tax filings (Form 990)
- Legislative voting records and bill information
- Election results and ballot measures
- Government jurisdiction information
This data is NOT personal information collected from you - it comes from public government databases and public records.
2.2 Information You Provide
When you use certain features of the Service, we may collect:
Optional Account Information:
- Email address (if you create an account)
- Username or display name
- OAuth tokens from third-party authentication (HuggingFace, Google, GitHub)
User-Generated Content:
- Comments or feedback you submit
- Saved searches or preferences
- Annotations or notes on public data
2.3 Automatically Collected Information
When you access the Service, we automatically collect:
Technical Information:
- IP address
- Browser type and version
- Operating system
- Device information
- Referring website
- Pages visited and time spent
- Date and time of access
Cookies & Local Storage:
- Authentication tokens (stored locally in your browser)
- User preferences and settings
- Session information
3. How We Use Information
3.1 To Provide the Service
We use collected information to:
- Display aggregated public data from government sources
- Authenticate users who create accounts
- Save user preferences and searches
- Improve search and filtering functionality
- Provide personalized recommendations based on saved searches
3.2 To Improve the Service
We analyze usage patterns to:
- Understand which features are most valuable
- Identify and fix bugs
- Optimize performance and loading times
- Develop new features based on user needs
3.3 To Communicate with Users
We may use your email address to:
- Send account-related notifications
- Respond to support requests
- Notify you of important service updates or policy changes
- Send optional newsletters (with your consent)
You can opt out of non-essential communications at any time.
3.4 Legal and Safety
We may use information to:
- Comply with legal obligations
- Respond to lawful requests from authorities
- Enforce our Terms of Service
- Protect against fraud or abuse
- Ensure the security of the Service
4. What We Do NOT Collect
We are committed to privacy minimization:
- ❌ No tracking across websites - We do not track your browsing on other sites
- ❌ No behavioral profiling - We do not build advertising profiles
- ❌ No selling of data - We never sell your information to third parties
- ❌ No private information collection - We only aggregate publicly available data
- ❌ No financial information - We do not collect credit cards or payment info
- ❌ No health information - We do not collect personal health data
- ❌ No Social Security numbers - We never collect SSNs or tax IDs
- ❌ No background checks - We do not conduct or facilitate background checks
5. Public Data Sources & Privacy
5.1 Public Records Exception
The data we aggregate comes from public government sources and is already publicly available. This includes:
- IRS Form 990 filings (legally required public disclosures)
- Government meeting minutes (public records laws)
- Election data (publicly certified results)
- Legislative voting records (public accountability)
Legal Basis: This information is exempt from many privacy regulations because it is:
- Legally required public disclosure
- Public record under open records laws
- Already publicly accessible to anyone
5.2 Your Right to Request Removal
If your information appears in public records and you believe it should be removed:
For government data:
- Contact the original government agency that published the data
- Request removal or correction through official channels
- Forward confirmation to us for our records
For data we process:
- Email us at [contact email] with:
- Your name and the information you want removed
- Reason for the request
- Proof of identity
- We will evaluate requests on a case-by-case basis
- We may retain data required by law or for legitimate public interest
Important: We cannot remove information that is legally required to be public.
5.3 No Re-Identification
We do not attempt to:
- Link anonymized data back to individuals
- Cross-reference public data with private databases
- Re-identify de-identified datasets
- Infer sensitive attributes not present in source data
6. How We Share Information
6.1 With Third-Party Service Providers
We share information with trusted service providers who help us operate the Service:
Hosting & Infrastructure:
- Cloud hosting providers (AWS, Google Cloud, Databricks)
- Content delivery networks (CDNs)
- Database services
Analytics & Monitoring:
- Error tracking services (to identify and fix bugs)
- Performance monitoring (to optimize speed)
- Usage analytics (to understand feature usage)
All service providers:
- Are contractually obligated to protect your information
- May only use data to provide services to us
- Must comply with applicable privacy laws
6.2 Legal Requirements
We may disclose information when required by law:
- In response to subpoenas, court orders, or legal process
- To comply with government or regulatory requests
- To protect our rights, property, or safety
- To investigate fraud or abuse
- To enforce our Terms of Service
6.3 Business Transfers
If we are acquired, merge with another organization, or sell assets:
- Your information may be transferred to the new entity
- We will notify you of any change in ownership or information use
- You will have the option to delete your account
6.4 With Your Consent
We may share information in other circumstances with your explicit consent.
7. Data Security
7.1 Security Measures
We implement industry-standard security measures:
Technical Safeguards:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Secure authentication (OAuth 2.0)
- Regular security audits and updates
- Access controls and monitoring
Organizational Safeguards:
- Employee training on data privacy
- Limited access to personal information (need-to-know basis)
- Incident response procedures
7.2 No Guarantee
Important: No system is completely secure. While we take reasonable precautions:
- We cannot guarantee absolute security
- You provide information at your own risk
- Promptly notify us of any suspected security breaches
8. Data Retention
8.1 User Account Data
- Active accounts: Retained as long as your account is active
- Inactive accounts: May be deleted after 2 years of inactivity (with notice)
- Account deletion: You can request deletion at any time
8.2 Public Records Data
- Authoritative sources: Refreshed monthly from source agencies
- Historical archive: Public records retained indefinitely for historical research
- Cached data: Retained for performance, updated per provider requirements
- Google Civic API: Maximum 30 days (per Google's terms)
- Other sources: Until refreshed from source
8.3 Technical Logs
- Access logs: Retained for 90 days for security and troubleshooting
- Error logs: Retained for 180 days for debugging
- Aggregated analytics: Retained indefinitely (personally identifiable info removed)
9. Your Privacy Rights
9.1 Access & Correction
You have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Download a copy of your data (data portability)
How to exercise: Email johnbowyer@communityone.com with your request.
9.2 Deletion
You have the right to request deletion of:
- Your account and associated preferences
- Comments or contributions you submitted
- Saved searches and notes
How to exercise:
- Delete your account through account settings (self-service), or
- Email us at johnbowyer@communityone.com
- See detailed instructions at Data Deletion Request
Processing time: Self-service deletion is immediate. Email requests processed within 30 days.
Limitations: We may retain information required by law or legitimate public interest.
9.3 Opt-Out Rights
You can opt out of:
- Email communications: Unsubscribe link in all emails
- Cookies: Browser settings (may affect functionality)
- Analytics: Do Not Track (DNT) signals respected where possible
9.4 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
- Right to Know: Request disclosure of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of sale of personal information (we do NOT sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
To exercise CCPA rights: Email johnbowyer@communityone.com with "CCPA Request" in subject line.
9.5 European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under GDPR:
- Right of Access: Obtain confirmation and copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
Legal Basis for Processing:
- Public Task: Processing public records in the public interest
- Legitimate Interests: Providing civic engagement tools
- Consent: For optional features like account creation
To exercise GDPR rights: Email johnbowyer@communityone.com with "GDPR Request" in subject line.
Data Protection Officer: [DPO contact if applicable]
Supervisory Authority: You may lodge a complaint with your local data protection authority.
10. Children's Privacy
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you believe we have collected information from a child under 13:
- Email us immediately at johnbowyer@communityone.com
- We will promptly investigate and delete such information
Parents/Guardians: If you become aware your child has provided us with information, please contact us.
11. International Data Transfers
The Service is operated in the United States. If you access the Service from outside the U.S.:
- Your information may be transferred to and processed in the U.S.
- U.S. privacy laws may differ from your country's laws
- By using the Service, you consent to this transfer
For EEA users: We rely on:
- Standard Contractual Clauses (SCCs) for data transfers
- Adequacy decisions where applicable
- Your explicit consent for certain transfers
12. Third-Party Links
The Service contains links to third-party websites and services:
- We are not responsible for third-party privacy practices
- Review third-party privacy policies before providing information
- Our Privacy Policy does not apply to third-party sites
Data Provider Links:
- IRS.gov, Census.gov, OpenStates.org, CharityNavigator.org, etc.
- Each has its own privacy policy
13. Cookies & Tracking Technologies
13.1 What We Use
Essential Cookies:
- Authentication tokens (required for login)
- Session management
- Security features
Functional Cookies:
- User preferences (language, display settings)
- Saved searches
- Interface customization
Analytics Cookies (Optional):
- Aggregated usage statistics
- Feature popularity tracking
- Performance monitoring
13.2 Your Choices
Browser Controls:
- Block cookies through browser settings
- Clear cookies at any time
- Set preferences for third-party cookies
Do Not Track:
- We respect Do Not Track (DNT) signals where technically feasible
- Blocking cookies may affect functionality
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.
Material Changes:
- Prominent notice on the Service
- Email notification (if you have an account)
- 30-day notice period before changes take effect
Your Continued Use:
- Continued use after changes constitutes acceptance
- If you disagree, please stop using the Service and delete your account
15. Contact Us
For questions about this Privacy Policy or privacy practices:
Email: johnbowyer@communityone.com
GitHub Issues: Privacy-related issues
Mail: 5617 Lakeridge Court, Tuscaloosa, AL 35406
For specific requests:
- Subject line: "Privacy Request" or "CCPA Request" or "GDPR Request"
- Include: Your name, email, and detailed description of request
- We will respond within 30 days
16. Effective Date & Version
- Effective Date: April 28, 2026
- Last Updated: April 28, 2026
- Version: 1.0
Privacy Summary (Quick Reference)
| What We Collect | Why We Collect It | Your Rights |
|---|---|---|
| Public government data | To provide civic engagement tools | Request removal (case-by-case) |
| Email (optional) | Account management, notifications | Delete account anytime |
| Usage data | Improve the Service | Opt out of analytics |
| Cookies | Authentication, preferences | Block through browser |
Key Principles:
- ✅ Public data only (no private information)
- ✅ Transparent about sources
- ✅ No selling of data
- ✅ Respect user rights
- ✅ Industry-standard security
Questions? Contact us at johnbowyer@communityone.com
Need to delete your data? See Data Deletion Request
For maximum privacy while using the Service:
- Use a privacy-focused browser (Firefox, Brave)
- Block third-party cookies
- Use a VPN if desired
- Create account with privacy-focused email provider
- Review your saved searches periodically
- Delete account if you stop using the Service