Privacy Policy

We pride ourselves on safeguarding your privacy through UK-based hosting, encrypted data, full control over your information, transparent AI use, and strict limits on third-party sharing.

1. Introduction

Starboard Systems Limited ("we", "us", "our") operates the Civic.ly platform, including our web application and mobile applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring the security of your personal Data. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Key Things to Know:

This summary is for your convenience only and is not legally binding. Please read the full Privacy Policy below.

🔒 Your Privacy, Our Priority

  • You control your Data - export or delete anytime
  • To delete your account or any associated data, please email hello@civic.ly with your account details.
  • We use AI to help organise your documents (you can review all results)
  • UK-based hosting with strong encryption
  • We create anonymous insights to benefit all users

📊 How We Use Your Data

  • Provide the Service you signed up for
  • Improve features through usage analytics
  • AI analysis of documents and photos (no human access)
  • Anonymous benchmarking (your organisation can't be identified)

🌍 Who We Share With

  • AWS (UK hosting), AI providers (temporary processing only)
  • No selling, no marketing, no training AI models with your Data
  • Full list in our Sub-processor Register

⚖️ Your Rights

  • Access, correct, or delete your Personal Data anytime
  • Export all your Data in standard formats
  • Object to analytics (though this may limit insights we can provide)
  • Lodge complaints with the ICO if needed

🍪 Cookies & Tracking

  • Essential cookies for functionality (automatic)
  • Analytics cookies (with your consent)
  • Google Analytics with privacy protections
  • You can manage preferences in your browser

2. Company Information

Starboard Systems Limited

Company Number: 10297703

Registered Office: 2 Meridian Way, Dencora Court, Norwich, Norfolk, United Kingdom, NR7 0TA

Email: hello@civic.ly

3. Information We Collect

3.1 Personal Information

  • Contact Details: Name, work email address, work phone number
  • Organisation Information: Details about your council or organisation
  • User Account Data: Login credentials, user preferences, and Account settings

Note: While our Service is primarily designed for work-related use, we recognise that some users (particularly volunteers) may use personal contact details.

3.2 Asset and Operational Data

  • Asset Information: Photos, videos, and audio recordings of assets
  • Document Uploads: Any files attached to asset records or tasks (including PDFs, documents, certificates, invoices, manuals, etc.)
  • Location Data: GPS coordinates from uploaded media, asset locations, and mapping Data
  • Task Data: Inspection reports, maintenance records, job details, and defect information
  • Financial Data: Asset values, purchase information, and insurance details
  • Extracted Document Data: Information automatically extracted from uploaded documents including dates, supplier details, contact information, and other relevant Data

3.3 Location Information

We collect location Data in several ways:

  • From Uploaded Media: GPS metadata from photos and videos (retained with original files)
  • Current Location Sharing: Real-time location when you choose to share it (not stored permanently)
  • Task Tracking: Location Data during active tasks for verification purposes (stored as part of task records)
  • Continuous Tracking: Optional real-time location tracking during work shifts (when enabled by organisation and user)

3.4 Technical Information

  • Usage Data: How you interact with our Service, pages visited, features used
  • Device Information: Device type, operating system, browser information
  • Cookies and Local Storage: Preferences, session Data, cached information, and analytics Data

4. How We Use Your Information

We use your information to:

  • Provide and maintain the Civic.ly Service
  • Process and manage asset Data and operations
  • Analyse and categorise uploaded documents using AI to extract relevant information and organise files
  • Extract key details from documents such as renewal dates, supplier information, contact details, and compliance Data
  • Enable location-based features and mapping
  • Send notifications and reminders
  • Generate reports and analytics
  • Improve our Service through usage analysis
  • Ensure compliance with safety and regulatory requirements
  • Provide customer support
  • Detect and prevent fraud or misuse
  • Develop predictive insights and analytics through machine learning analysis of aggregated Data across all customers
  • Create industry benchmarks and trends to benefit all users of the Service
  • Predict maintenance needs and asset lifecycles using patterns identified across similar assets and organisations

4.1 Legal Basis for Processing

We process your Data based on:

  • Contract: To provide the Service as agreed
  • Legitimate Interests: To improve our Service, ensure security, and develop insights that benefit all users
  • Consent: For optional features like location tracking
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Processing Relationships

5.1 Controller and Processor Roles

Under UK GDPR, it's important to understand the different roles in Data processing:

5.1.1 Your Organisation (Data Controller)

  • Your council or organisation is the Data Controller for all Data entered into Civic.ly
  • You determine the purposes and means of processing personal Data
  • You are responsible for ensuring lawful basis for processing
  • You must ensure individuals' rights are respected
  • You control what Data is collected and how it's used

5.1.2 Starboard Systems Limited (Data Processor)

  • We act as a Data Processor, processing Data on your behalf according to your instructions
  • We provide the technical platform and tools for your Data processing activities
  • We implement appropriate security measures to protect your Data
  • We assist with Data subject requests and compliance obligations
  • We only process Data as instructed through your use of the Service

5.1.3 Third-Party Providers (Sub-processors)

  • AI providers, AWS, and other Service providers act as sub-processors
  • We ensure appropriate contracts and safeguards are in place
  • Sub-processors only process Data as necessary to provide our Service
  • We remain responsible for sub-processor compliance with Data protection requirements

5.2 Your Responsibilities

  • Ensure you have lawful basis for collecting and processing Data
  • Inform your users about Data processing through appropriate privacy notices
  • Respond to Data subject access requests and other rights
  • Ensure Data accuracy and implement retention policies
  • Manage user access and permissions appropriately

6. Document Processing and AI Analysis

6.1 Uploaded Documents

You can attach any type of file to asset records and tasks. We use AI to automatically process these documents to make them more useful and organised.

6.1.1 Document Categories

We automatically categorise uploaded documents into:

  • Legal & Ownership Documentation
  • Compliance & Certification
  • Inspection & Assessment
  • Operational Documentation
  • Technical & Manufacturer Documentation
  • Financial & Protection

6.1.2 Information Extraction

Our AI systems extract key information from documents including:

  • Renewal dates and expiry information
  • Supplier and vendor details
  • Contact information
  • Compliance dates and requirements
  • Technical specifications
  • Financial information relevant to assets

6.2 Privacy Protection

  • Documents are processed securely using encrypted connections
  • AI providers do not retain copies of your documents
  • Extracted information is stored securely in our database
  • Original documents remain under your full control
  • You can delete documents and extracted Data at any time

7. Analytics and Machine Learning

7.1 Predictive Insights and Benchmarking

We analyse Data across all customer organisations to provide valuable insights back to our users. This includes:

7.1.1 What We Analyse:

  • Asset performance patterns and maintenance needs
  • Lifecycle predictions and replacement timing
  • Industry benchmarks and comparative analytics
  • Operational efficiency trends
  • Cost analysis and budget forecasting patterns
  • Document patterns and compliance trends (from uploaded files and extracted Data)

7.1.2 How We Protect Your Privacy:

  • Data is aggregated and anonymised before analysis
  • Individual organisations cannot be identified in our insights
  • Personal information is removed from analytical datasets
  • Results are presented as statistical trends and patterns
  • We use appropriate technical measures to prevent re-identification

7.1.3 Benefits to You:

  • Predictive maintenance recommendations
  • Industry benchmark comparisons
  • Cost optimisation insights
  • Asset lifecycle planning
  • Performance improvement suggestions

This analysis helps us provide better predictions and recommendations to all users while maintaining the confidentiality of individual organisation Data.

8. Data Sharing and Third Parties

8.1 Service Providers

We share Data with trusted third parties who help us operate our Service:

8.1.1 AI Processing Services

  • AI Providers (including OpenAI, Google Gemini, Anthropic): For analysing photos, videos, audio content, and uploaded documents
  • We configure AI providers to disable Data logging, retain processing logs only temporarily for debugging, and ensure they do not use your Data for model training
  • Data is encrypted in transit and we only share necessary information for processing
  • Document analysis includes categorisation and extraction of key information such as dates, supplier details, and contact information

8.1.2 Infrastructure and Analytics

  • Amazon Web Services (AWS): Cloud hosting and storage (UK region)
  • Mapping Services (including Mapbox): For location Services and reverse geocoding (coordinates only)
  • Google Analytics: For usage analytics and Service improvement
  • Other Service Providers: Additional third-party Services that help us operate and improve our Service

8.2 Data Transfers

Some of our Service providers may process Data outside the UK. We ensure appropriate safeguards are in place, including:

  • Encryption in transit and at rest
  • Contractual protections where available
  • Selection of providers with strong privacy commitments
  • Regular review of Data processing practices

8.3 Other Disclosures

We may disclose your information:

  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety
  • With your explicit consent
  • In connection with a business merger or acquisition (with appropriate notice)

9. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

  • Account Data: While you remain a customer
  • Asset and Operational Data: Permanently (for compliance purposes) while you remain a customer
  • Location Tracking Data: As part of task records while you remain a customer
  • Analytics Data: Anonymised and aggregated for Service improvement and predictive analytics
  • After Account Termination: Data is retained for 6 months, then permanently deleted
  • Backups: Retained for 6 months after Account termination

10. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal Data
  • Rectification: Correct inaccurate or incomplete Data
  • Erasure: Request deletion of your Data (subject to legal obligations and anonymised analytics)
  • Portability: Export your Data in CSV format
  • Restriction: Limit how we process your Data
  • Object: Object to processing based on legitimate interests (including analytics)
  • Withdraw Consent: For processing based on consent (like location tracking)

Note on Analytics: While you can object to your Data being used for predictive analytics, this may limit the insights and recommendations we can provide to you. Anonymised analytical Data that cannot be linked back to you or your organisation may be retained for Service improvement.

10.1 Exercising Your Rights

  • Self-Service: You can access, modify, and delete most Data directly through the Service
  • Data Export: Download structured Data in CSV format anytime through the platform
  • Full Data Export: Contact us at hello@civic.ly for complete Data export including multimedia files
  • Other Requests: Contact us at hello@civic.ly

11. Data Security

We implement appropriate technical and organisational measures to protect your Data:

  • Encryption: End-to-end encryption for Data in transit and at rest
  • Access Controls: Role-based access and authentication
  • Regular Monitoring: Continuous security monitoring and updates
  • Secure Infrastructure: AWS hosting with industry-standard security
  • Data Minimisation: We only collect and process necessary Data

12. Cookies and Tracking

12.1 Cookies We Use

  • Essential Cookies: Required for Service functionality
  • Analytics Cookies: Google Analytics 4 for usage insights
  • Preference Cookies: To remember your settings and preferences

12.2 Local Storage

We use browser local storage to enhance your experience:

  • User interface preferences (column selections, filter settings)
  • Cached dashboard statistics
  • Session management Data

12.3 Cookie Consent

When you first visit our website, we may display a cookie notice to comply with applicable privacy laws. Essential cookies are set automatically as they are necessary for the Service to function, while analytics cookies require your consent where required by law.

12.4 Google Analytics

We use Google Analytics 4 with privacy-enhanced settings including IP anonymization and no cross-device tracking. You can opt out of Google Analytics by visiting Google's opt-out page.

You can manage cookies through your browser settings, though disabling essential cookies may affect Service functionality.

13. Future Features

This Privacy Policy covers planned features including:

  • Video and audio recording capabilities
  • Enhanced location tracking options
  • Integration with third-party systems (including Zapier)
  • Additional AI-powered analysis tools

We will update this policy as needed when new features are implemented.

14. International Transfers

Currently, Civic.ly serves UK customers only. Some of our Service providers may process Data internationally, but we ensure appropriate safeguards are in place as described in the "Data Sharing" section above.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will:

  • Post the updated policy on our website and in our applications
  • Notify you of significant changes via email or in-app notification
  • Update the "Last updated" date at the top of this policy

16. Contact Us

For any questions about this Privacy Policy or our Data practices:

Email: hello@civic.ly

Post: Starboard Systems Limited, 2 Meridian Way, Dencora Court, Norwich, Norfolk, United Kingdom, NR7 0TA

For Data protection concerns, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

This Privacy Policy is effective as of the date listed above and governs our collection, use, and disclosure of your information while using the Civic.ly Service.

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.