Privacy Policy

Effective Date: November 27, 2025 | Last Updated: November 27, 2025

Plain Language Summary

This summary is for convenience only; the full policy below is legally binding.

  • Who we are: Deleuzian, Inc. (d/b/a CivicAI) provides AI chatbot services for political campaigns.
  • Our role: When campaigns use CivicAI, we act as a "Data Processor"—we process data only on behalf of and as instructed by the Campaign. The Campaign is the "Data Controller."
  • What we collect: Account information from campaigns, conversation data from website visitors (on behalf of campaigns), and usage analytics.
  • How we use data: To provide our services, improve our platform, ensure security, and comply with legal obligations.
  • Data sharing: We never sell personal information. We share data only with service providers who help us operate, and with the specific campaign whose website collected the data.
  • Your rights: Depending on where you live, you may have rights to access, correct, delete, or port your data. California and European residents have additional rights.
  • Security: We use encryption, access controls, and other security measures. See our Security Page.
  • Contact: Email us at privacy@getcivicai.com for any privacy-related questions.

1. Introduction

This Privacy Policy ("Policy") describes how Deleuzian, Inc., a Delaware corporation doing business as CivicAI ("CivicAI," "Company," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website (getcivicai.com), AI assistant widget, administrative dashboard, and related services (collectively, the "Services").

This Policy applies to:

  • Campaigns/Customers: Political campaigns, advocacy organizations, consultants, and other entities that subscribe to and use our Services
  • End Users: Visitors to Campaign websites who interact with the CivicAI assistant widget
  • Website Visitors: Visitors to our own website (getcivicai.com)

2. Our Role: Data Controller vs. Data Processor

2.1 When We Act as Data Processor

When providing Services to Campaigns, CivicAI acts as a Data Processor under GDPR (or "Service Provider" under CCPA). We process personal data submitted by or collected via the Services on behalf of the Campaign based on their instructions (including their Knowledge Base Content and configuration settings).

2.2 Campaign Responsibility: Data Controller

The Campaign using CivicAI is the Data Controller (or "Business" under CCPA) for data collected from their End Users. Campaigns are responsible for:

  • Maintaining their own privacy policy that discloses the use of CivicAI
  • Ensuring compliance with applicable data protection laws (GDPR, CCPA, etc.)
  • Obtaining necessary consents from End Users
  • Responding to End User data subject requests

2.3 When We Act as Data Controller

CivicAI acts as a Data Controller for:

  • Campaign account and billing information
  • Data collected from visitors to our own website (getcivicai.com)
  • Anonymized and aggregated analytics data

3. Information We Collect

3.1 Information Provided by Campaigns

CategoryExamplesPurpose
Account InformationCampaign name, contact name, email, phoneAccount management, communications
Billing InformationBilling address, payment card (via Stripe)Payment processing
Knowledge Base ContentFAQs, policy documents, campaign materialsAI assistant training and responses
Configuration SettingsWidget appearance, prompts, integrationsService customization

3.2 Information Processed on Behalf of Campaigns (End User Data)

CategoryExamplesPurpose
Conversation ContentQuestions asked, responses, personal info voluntarily sharedProvide AI assistant service
Contact InformationName, email, phone (if provided by End User)Lead capture for Campaign
Interaction MetadataIP address (anonymized), browser type, device, timestampsAnalytics, security, troubleshooting

3.3 Information Collected Automatically

When you visit our website (getcivicai.com) or use the Services, we automatically collect:

  • Device Information: Browser type, operating system, device type
  • Usage Data: Pages visited, features used, clicks, time spent
  • Log Data: IP address, access times, referring URLs
  • Cookie Data: See Section 11 for details

4. How We Use Information

4.1 Processing on Behalf of Campaigns (Data Processor)

We process End User data to:

  • Provide, operate, and maintain the AI assistant Services
  • Enable the AI to respond to End User queries based on Campaign content
  • Facilitate lead capture (volunteer sign-ups, contact forms) as configured
  • Provide analytics and conversation logs to Campaigns via the dashboard
  • Troubleshoot issues and provide technical support

4.2 Our Own Operations (Data Controller)

We use information as a Data Controller to:

  • Manage Campaign accounts and process payments
  • Send service-related communications (updates, alerts, support)
  • Improve and optimize our Services using anonymized and aggregated data
  • Monitor for security threats, fraud, and abuse
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Market our Services to prospective Campaign customers (not using End User data)

5. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA), UK, or Switzerland, we process personal data based on the following legal bases:

Legal BasisProcessing Activity
Contract PerformanceProcessing necessary to provide Services under our agreement with Campaigns
Legitimate InterestsSecurity, fraud prevention, service improvement, analytics
ConsentMarketing communications, cookies (where required)
Legal ObligationCompliance with applicable laws, responding to legal requests

6. How We Share Information

We do not sell personal information. We never have and never will.

We share information only in these limited circumstances:

6.1 With the Respective Campaign

End User data collected via the CivicAI widget on a Campaign's website is accessible only to that specific Campaign through their dashboard. We never share one Campaign's End User data with another Campaign.

6.2 Service Providers (Sub-Processors)

We use trusted third-party service providers who process data on our behalf. See Section 7 for our sub-processor list.

6.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or other legal process, or if we have a good faith belief that disclosure is necessary to:

  • Comply with legal obligations
  • Protect the safety of any person
  • Protect our rights, property, or safety
  • Investigate fraud or security issues

6.4 Business Transfers

In connection with a merger, acquisition, bankruptcy, or sale of assets, information may be transferred as part of the transaction. We will notify affected Campaigns before any transfer and any new owner will be bound by this Privacy Policy.

6.5 Aggregated/Anonymized Data

We may share anonymized, aggregated data that does not identify individuals or specific Campaigns for analysis, research, or reporting purposes.

6.6 With Consent

We may share information with third parties when we have the Campaign's explicit consent.

7. Sub-Processors

We use the following categories of sub-processors to provide our Services:

Sub-ProcessorPurposeLocation
Amazon Web Services (AWS)Cloud infrastructure and hostingUSA (with EU options)
StripePayment processingUSA
Botpress/RasaConversational AI platformUSA/Canada
Google AnalyticsWebsite analytics (our website only)USA
FormspreeContact form processingUSA

We maintain contractual agreements with all sub-processors requiring them to protect data in accordance with applicable law. Enterprise customers may request a complete sub-processor list and receive notifications of changes.

8. International Data Transfers

Information may be processed in the United States and other countries where our service providers operate. For transfers from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on:

  • Standard Contractual Clauses (SCCs): EU-approved contractual safeguards
  • Data Processing Agreements: With appropriate security and privacy commitments
  • Supplementary Measures: Technical and organizational measures as needed

9. Data Security

We implement comprehensive technical and organizational security measures, including:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication
  • Infrastructure: AWS secure cloud hosting with SOC 2 compliance
  • Monitoring: Continuous security monitoring and logging
  • Vulnerability Management: Regular security assessments and penetration testing
  • Employee Training: Security awareness training for all personnel

For more details, see our Security Page. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Data Retention

We retain data only as long as necessary for the purposes described in this Policy:

Data TypeRetention Period
Campaign Account DataDuration of account + 2 years (or as required by law)
Billing/Payment Records7 years (tax and legal compliance)
End User Conversation DataPer Campaign's subscription plan (typically 30-365 days), or until Campaign requests deletion
Analytics/Usage DataAnonymized and retained indefinitely for service improvement
Security Logs1 year

Upon account termination, we delete or anonymize data within 90 days unless retention is required by law or requested by the Campaign for data export.

11. Cookies and Tracking Technologies

11.1 Cookies on Our Website (getcivicai.com)

We use the following types of cookies:

TypePurposeDuration
Strictly NecessarySession management, security, authenticationSession
AnalyticsGoogle Analytics for website performance and usageUp to 2 years
FunctionalRemember preferences, chat history1 year

11.2 CivicAI Widget Cookies

The CivicAI widget embedded on Campaign websites uses only essential cookies for:

  • Session management (maintaining conversation state)
  • Basic functionality (widget open/closed state)

Campaigns are responsible for their own website's cookie consent mechanisms.

11.3 Managing Cookies

You can manage cookie preferences through your browser settings. Note that disabling cookies may affect functionality. For opt-out links:

12. Your Privacy Rights

12.1 General Rights (All Users)

Depending on your location and applicable law, you may have the following rights:

  • Access: Request a copy of personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Portability: Receive your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications

12.2 For End Users

Since the Campaign is the Data Controller for End User data, End Users should contact the Campaign directly to exercise privacy rights. CivicAI will assist Campaigns in responding to legitimate requests as required by law and our agreements.

12.3 For Campaigns

Campaigns can access, update, export, or request deletion of their data through the dashboard or by contacting support@getcivicai.com.

13. California Privacy Rights (CCPA/CPRA)

Notice to California Residents

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

13.1 Categories of Personal Information

In the preceding 12 months, we have collected the following CCPA categories:

  • Identifiers: Name, email, phone, IP address, account ID
  • Commercial Information: Subscription details, transaction history
  • Internet/Network Activity: Browsing history, search history, interaction data
  • Professional Information: Campaign/organization affiliation
  • Inferences: Preferences derived from usage patterns

13.2 Do Not Sell or Share

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. Therefore, we do not offer a "Do Not Sell or Share" opt-out because there is no sale or sharing to opt out of.

13.3 California Consumer Rights

California residents have the right to:

  • Know: What personal information we collect and how it's used
  • Access: Request a copy of your personal information
  • Delete: Request deletion of your personal information
  • Correct: Request correction of inaccurate information
  • Non-Discrimination: Not be discriminated against for exercising these rights

13.4 Exercising Your Rights

To exercise your California privacy rights, contact us at:

We will verify your identity before processing requests. You may designate an authorized agent to submit requests on your behalf with proper written authorization.

13.5 Response Timing

We will respond to verifiable requests within 45 days. We may extend this by an additional 45 days if necessary, with notice to you.

14. European Privacy Rights (GDPR)

Notice to EEA, UK, and Swiss Residents

This section provides additional disclosures required by the General Data Protection Regulation (GDPR) and equivalent UK and Swiss laws.

14.1 Your GDPR Rights

If you are in the EEA, UK, or Switzerland, you have the right to:

  • Access: Obtain confirmation of processing and a copy of your data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure ("Right to be Forgotten"): Request deletion in certain circumstances
  • Restriction: Request restriction of processing
  • Data Portability: Receive data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
  • Automated Decision-Making: Not be subject to decisions based solely on automated processing (we do not engage in automated decision-making with legal effects)

14.2 Exercising Your Rights

To exercise GDPR rights, contact us at privacy@getcivicai.com. We will respond within one month (extendable by two months for complex requests).

14.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.

14.4 Data Protection Officer

Given our current scale of operations, we have not appointed a Data Protection Officer. For privacy inquiries, please contact privacy@getcivicai.com.

15. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify affected Campaigns without undue delay and within 72 hours of becoming aware (as required by GDPR)
  • We will provide information about the nature of the breach, categories of data affected, likely consequences, and measures taken
  • Campaigns are responsible for notifying their End Users as required by applicable law

16. Children's Privacy

Our Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. If you believe we have collected information from a child under 16, please contact us immediately.

17. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will:

  • Provide at least 30 days' advance notice via email to registered Campaigns
  • Post a prominent notice on our website
  • Update the "Last Updated" date at the top

Your continued use of the Services after changes become effective constitutes acceptance of the revised Policy.

19. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Deleuzian, Inc.

d/b/a CivicAI

Privacy Inquiries:


Email: privacy@getcivicai.com

General Inquiries:


Email: info@getcivicai.com

Data Protection Requests:


Please include "Privacy Request" in your subject line and provide sufficient information to verify your identity.

© 2025 Deleuzian, Inc. All rights reserved.