← Back to DiverseCiti

Privacy Policy

Last updated: May 26, 2026

Introduction

DiverseCiti ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. DiverseCiti is designed for residents of San Francisco, California, and operates exclusively within the United States.

By using DiverseCiti, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use our services.

Information We Collect

Account Information

When you create an account, we collect:

  • Full name - Your real name, used to create your profile
  • Display name - An optional name shown to your neighbors instead of your full name
  • Email address - Required for email registration; optional for social login
  • Password - Stored securely using industry-standard hashing (Argon2)
  • Language preference - Your preferred language for viewing content
  • Profile photo - An optional avatar image you upload

Social Login Information

If you sign in using Google or Reddit, we receive:

  • Your account identifier from that service
  • Email address (if provided by the service)

We do not access your social media posts, contacts, or other account data from these services.

Residency Information

To participate in location-based communities, we collect:

  • Place of residence - The address of where you live (street address, unit number if applicable)
  • Geographic coordinates - Latitude and longitude associated with your place of residence, used to determine which communities you belong to
  • Move-in date - When your residency at an address began
  • Parcel and district data - Administrative information derived from your address via SF Open Data, including neighborhood name, supervisor district, police district, planning district, and zoning classification. This data is associated with the land parcel at your address, not your personal identity.
  • Location verification - If you choose to verify your residency, we access your device's GPS coordinates at the moment you tap "Verify Location." These coordinates are used solely to confirm you are physically present at or near your registered address. Your GPS coordinates are not stored — only the verification result (verified or not) and the timestamp are saved to your residency record.

Your exact address is never displayed publicly. Other users may see that you are a member of a particular community (building, block, or neighborhood), but not your specific unit or street address.

Community Membership

When you join communities, we collect:

  • Which communities you are a member of (building, neighborhood, or city-level)
  • Your role within each community (resident, admin)
  • When you joined each community

Posts and Content

When you post on DiverseCiti, we collect:

  • The text content of your posts and replies
  • The community you post to
  • Timestamps of when posts and replies are created or edited
  • Whether you chose to post anonymously (your identity is concealed from other community members, but is still associated with the post in our database)

Push Notifications

If you enable push notifications, we collect:

  • Push subscription data - A device-specific identifier and encryption keys provided by your browser or device, used solely to deliver notifications to you. This data is stored securely and never used for tracking or advertising.

You can enable or disable push notifications at any time in your account settings or through your device/browser settings.

Technical Information

We automatically collect certain technical information:

  • Session data - We use cookies to maintain your login session
  • Server logs - May include IP addresses and basic request information for security and debugging purposes

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the DiverseCiti platform
  • Allow you to create an account and authenticate
  • Connect you with communities based on your place of residence
  • Display your posts and replies to members of your communities
  • Translate post content into your preferred language using third-party translation services
  • Respond to your inquiries and support requests
  • Protect against abuse and maintain platform security
  • Comply with legal obligations

Email Communications

We use your email address to send you transactional emails, such as password resets and important account notifications. You can manage your communication preferences in your account settings at any time.

Information Sharing

Visible to Community Members

The following information is visible to other members of your communities:

  • Your display name (or full name if no display name is set)
  • Your profile photo (if uploaded)
  • Posts and replies you share within a community
  • Which communities you belong to (visible to other members of those same communities)

Note: Your exact address is never displayed publicly. Your full name is only visible to you in your account settings.

Third-Party Services

We use the following third-party services:

  • Google Cloud Translation - Post content may be sent to Google's Translation API to display it in your preferred language. Translated content is cached in our database to avoid redundant requests.
  • Amazon Web Services (S3) - Profile photos are stored in AWS S3. Images are uploaded directly from your browser to our private S3 bucket.
  • Google OAuth - If you choose to sign in with Google
  • Reddit OAuth - If you choose to sign in with Reddit
  • SF Open Data - Your address is sent to the City of San Francisco's open data API to resolve parcel boundary, neighborhood, and district information. No personal identity information is transmitted beyond the street address.
  • Web Push services - If you enable push notifications, your browser's push notification service (e.g. Google's FCM for Chrome) is used to deliver notifications to your device. This is handled by your browser vendor's infrastructure.

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

Cookies and Local Storage

We use only essential cookies required for the platform to function:

  • Session cookie - Keeps you logged in during your visit
  • Locale cookie - Stores your language preference

We do not use tracking cookies, analytics services, or advertising networks.

Progressive Web App

DiverseCiti is a Progressive Web App (PWA), which means you can install it on your device for quick access. Some content may be cached locally for faster loading. This locally stored data can be cleared through your browser or device settings.

Data Retention

We retain your information as follows:

  • Account data - Retained while your account is active
  • Residency information - Retained while your account is active; deleted upon account deletion
  • Community membership - Retained while you are a member
  • Posts and replies - Retained unless you delete them or request account deletion
  • Profile photos - Retained until you replace or delete them
  • Server logs - Retained for a limited period for security purposes

When you deactivate your account, your data is retained but your account becomes inactive. You may request complete deletion of your data by contacting us.

Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know - Request information about the personal data we collect about you
  • Access - Request a copy of your personal data
  • Delete - Request deletion of your personal data
  • Correct - Request correction of inaccurate personal data
  • Non-discrimination - Not be discriminated against for exercising your privacy rights

To exercise these rights, please contact us at privacy@diverseciti.org.

Note: We do not sell personal information, so the right to opt-out of sales does not apply.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of passwords using Argon2 hashing
  • Secure session management via Redis-backed sessions
  • HTTPS encryption for all data transmission
  • Content Security Policy and other HTTP security headers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Children's Privacy

DiverseCiti is intended for users who are 13 years of age or older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@diverseciti.org and we will delete such information.

Geographic Scope

DiverseCiti is designed for residents of San Francisco, California, and operates exclusively within the United States. We do not target or intentionally collect information from individuals outside the United States. If you are accessing DiverseCiti from outside the United States, please be aware that your information may be transferred to and processed in the United States.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@diverseciti.org