top of page

Privacy Policy

Last Updated: June 02, 2025

​

CitizenClimate ("we," "us," or "our") is committed to empowering local communities in developing countries to lead climate action projects through our website (citizenclimate.com) and mobile application (the "App"). This Privacy Policy governs how we collect, use, disclose, store, and protect your personal information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Personal Information Protection and Electronic Documents Act (PIPEDA), Lei Geral de Proteção de Dados (LGPD), and other relevant regulations. By accessing or using our services, you consent to the practices described herein.

1. Introduction

As a platform designed to foster community-driven climate initiatives, CitizenClimate collects and processes personal and environmental data to enable participation, education, and financial support. This policy ensures transparency, security, and respect for your privacy rights, reflecting our commitment to ethical data stewardship worldwide.

2. Information We Collect

We collect the following categories of information, limited to what is necessary for our services (data minimization principle):

  • Personal Information:

    • Name, email address, phone number, and geographic location provided during registration or project participation.

    • Demographic data (e.g., age, gender) where relevant to project eligibility, with optional submission.

  • User-Generated Data:

    • Live environmental data (e.g., temperature, water quality) and survey responses collected via the App by community members.

    • Project contributions (e.g., photos, notes) submitted to document progress.

  • Usage Data:

    • Technical data such as IP address, device type, operating system, browser type, and session duration, collected via Firebase analytics.

    • App interaction logs (e.g., screen views, feature usage) to optimize performance.

  • Financial Data:

    • Payment details or incentive records (e.g., bank account info for rewards) processed for community funding.

  • Cookies and Tracking Technologies:

    • Website cookies for analytics (e.g., Google Analytics), personalization, and session management.

    • Device identifiers for App functionality and updates.

We do not collect data beyond what is essential unless explicitly consented to or required by law.

3. How We Use Your Information

We process your information for the following lawful purposes:

  • Service Delivery: To provide, maintain, and improve the App and website, including enabling live data collection, project management, and community engagement.

  • Communication: To send account updates, project notifications, educational materials, and marketing communications (with opt-out options).

  • Financial Transactions: To process and distribute financial incentives or rewards to community participants.

  • Analytics and Improvement: To analyze usage patterns, enhance features, and tailor content for communities and corporate partners.

  • Legal Compliance: To comply with legal obligations, resolve disputes, and protect against fraud, security threats, or harm.

  • Research and Reporting: To generate anonymized, aggregated data for climate research or sustainability reporting, shared with partners or regulators.

4. How We Share Your Information

We do not sell your personal information. Disclosure occurs only under the following circumstances:

  • Service Providers: Third-party vendors (e.g., Firebase for hosting, Google for analytics, payment processors) assist with operations, bound by data processing agreements ensuring confidentiality and compliance.

  • Project Partners: Companies or NGOs collaborating on climate projects may access anonymized or consented data for project execution.

  • Legal Requirements: We may disclose data to law enforcement or regulators if required by law, subpoena, or to protect our rights, property, or safety.

  • Aggregated Data: Non-identifiable, aggregated data may be shared for research, reporting, or promotional purposes.

  • Business Transfers: In the event of a merger or acquisition, your data may be transferred, subject to this policy’s terms.

5. Data Storage and Security

  • Storage: Your data is stored in Firebase’s cloud infrastructure, primarily hosted in Google Cloud data centers (e.g., US, EU, Asia-Pacific), with redundancy for reliability. Specific locations vary based on user proximity and compliance needs.

  • Security Measures: We employ industry-standard protections, including:

    • Encryption in transit (TLS 1.2/1.3) and at rest (AES-256).

    • Role-based access controls limiting data access to authorized personnel.

    • Regular security audits and penetration testing.

    • Firebase’s built-in security rules and authentication protocols.

  • Retention: Data is retained for as long as necessary to fulfill the purposes outlined, or as required by law (e.g., 7 years for financial records), with deletion upon request or account closure unless legally mandated.

6. Data Presentation

  • To Users: Community members view their contributions (e.g., data submissions, project progress) via the App’s interface, such as dashboards on the HindiHomeScreen, with real-time updates.

  • To Project Developers: Developers access detailed reports and analytics through secure dashboards, showing project metrics, community engagement, and data trends.

  • To Companies: Anonymized reports or dashboards are provided for sustainability tracking, ensuring no personally identifiable information is exposed unless consented.

  • Anonymization: Where data is shared externally, we apply pseudonymization and aggregation techniques to protect identities.

7. Your Rights and Choices

Depending on your jurisdiction, you have the following rights, exercisable by contacting nick@citizenclimate.com with verification:

  • Access: Request a copy of your personal data.

  • Correction: Update inaccurate or incomplete data.

  • Deletion: Request erasure of your data, subject to legal retention periods.

  • Restriction: Limit data processing (e.g., for marketing).

  • Objection: Object to processing based on legitimate interests.

  • Data Portability: Receive your data in a structured, machine-readable format (e.g., JSON).

  • Opt-Out: Unsubscribe from marketing emails via the unsubscribe link or adjust App permissions (e.g., location, notifications).

  • GDPR/CCPA Specifics: EU/UK users and California residents can submit verified requests for these rights, with responses provided within 30 days.

8. Consent and Data Collection

  • Consent: We obtain explicit, informed consent before collecting sensitive data (e.g., location, financial details), presented during onboarding or permission prompts. You may withdraw consent via App settings or email.

  • Minors: The App is not intended for users under 13. We implement age gates and delete data if a child’s use is detected, complying with COPPA and similar laws.

9. International Data Transfers

Data may be transferred across borders (e.g., to Firebase servers in the US or EU). We ensure compliance with international data transfer laws by:

  • Implementing Standard Contractual Clauses (SCCs) for EU data transfers.

  • Conducting Transfer Impact Assessments (TIAs) where required.

  • Notifying users of cross-border transfers in this policy.

10. Data Breach Notification

In the event of a data breach posing a risk to your rights, we will:

  • Notify affected users and relevant data protection authorities within 72 hours, as required by GDPR Article 33.

  • Provide details of the breach, mitigation steps, and recommendations.

  • Enhance security measures post-incident.

11. Cookies and Tracking Technologies

  • We use cookies for analytics (Google Analytics), personalization, and session management. You can manage preferences via your browser settings or the App’s privacy options.

  • Third-party cookies are limited to service providers, with opt-out links provided (e.g., Google’s Privacy Choices).

12. Third-Party Links and Services

The App or website may link to third-party sites (e.g., Firebase, payment gateways). We are not responsible for their privacy practices; review their policies before interacting.

13. Global Compliance

We comply with:

  • GDPR: For EU/UK users, ensuring lawful processing and data subject rights.

  • CCPA: For California residents, offering opt-out and non-discrimination rights.

  • PIPEDA: For Canadian users, with accountability and consent requirements.

  • LGPD: For Brazilian users, with data protection officer oversight.

  • Local Laws: We adhere to emerging regulations in developing countries (e.g., India’s Digital Personal Data Protection Act, 2023, if enforced by June 2025).

14. Changes to This Policy

We may update this policy to reflect legal or operational changes. Significant updates will be notified via email or a prominent notice on our website, with the revised date updated above. Continued use post-changes constitutes acceptance.

15. Delete Account

You can completely delete your account from our servers by clicking "Account" - "Delete Account" in the app or by emailing nick@citizenscience.net

bottom of page