Privacy Policy

1. Introduction

MuniNow Inc. ("MuniNow," "we," "our," or "us") operates the MuniNow platform, a cloud-based municipal ERP solution for local government operations. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform and related services — whether you are a municipal staff member, a platform administrator, or a citizen accessing the self-service portal.

By accessing or using MuniNow, you acknowledge that you have read and understood this Privacy Policy. If you are using MuniNow on behalf of a municipality or organization, you represent that you have the authority to bind that entity to these terms.

2. Information We Collect

We collect the following categories of information:

• Staff Account Information. Name, email address, job title, phone number, department, role assignments, and municipality affiliation provided during registration or invitation by an administrator.
• Citizen Portal Account Information. Name, email address, phone number, mailing address, and linked accounts (utility accounts, property parcels) provided during citizen portal registration.
• Payment Information. When payments are processed through the platform (permit fees, utility bills, license fees, fines, and other charges), payment card details are collected and processed directly by our third-party payment processor, Stripe. MuniNow does not store full credit card numbers, CVV codes, or other sensitive payment card data on our servers. We retain only transaction references, amounts, and payment status for reconciliation purposes.
• Usage Data. Log data, feature usage patterns, device information, browser type, IP address, and access timestamps collected automatically when you use the platform.
• Municipal Operational Data. Data entered into or processed through the platform on behalf of municipalities, including but not limited to financial records, journal entries, permit applications, utility billing accounts, meter readings, personnel and payroll records, code enforcement cases, court citations, police incident reports, property parcels, tax assessments, and other operational data.
• Documents and Files. Files uploaded to the platform including permit attachments, inspection photos, signed documents, board packets, and records stored in the Document Management module.
• Location Data. When using GIS-enabled features, service request submissions, or address lookup, we process geocoding data through Google Maps API. Geocoding results are cached to reduce third-party API calls.

3. How We Use Information

• Providing, operating, and maintaining all modules of the MuniNow platform including financial processing, permit workflows, utility billing, and citizen-facing services.
• Processing payments for permits, licenses, utility bills, court fines, park reservations, and other municipal fees via our payment processor.
• Sending transactional communications including payment confirmations, permit status updates, inspection notifications, dunning notices, and password reset emails.
• Powering AI-assisted features such as the AI Review Hub (document analysis, PII detection, compliance checking) and CityGPT (natural language reporting). AI features process your data to provide results but do not use your data to train third-party AI models.
• Improving, personalizing, and expanding the platform based on aggregate usage patterns and feedback.
• Complying with applicable laws, regulations, court orders, and governmental requests.
• Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues.

4. Payment Processing

MuniNow uses Stripe as its payment processor. When citizens or staff process payments through the platform — including permit fees, utility bills, license renewals, court fines, park reservation deposits, and cashier counter transactions — payment card information is transmitted directly to Stripe and is subject to Stripe's Privacy Policy.

Stripe is PCI DSS Level 1 certified, the highest level of certification in the payment card industry. MuniNow does not store, process, or have access to full payment card numbers, CVV codes, or magnetic stripe data. We retain only transaction identifiers, amounts, timestamps, and payment status for financial reconciliation and audit trail purposes.

5. Third-Party Services & Sub-Processors

MuniNow uses the following categories of third-party service providers to operate the platform. Each is bound by contractual obligations to protect your data:

• Payment Processing. Stripe — payment card processing and PCI compliance.
• Banking Integration. Plaid — bank account connectivity for reconciliation features. Plaid accesses bank transaction data under its own privacy policy.
• Email Delivery. Resend — transactional email delivery for notifications, alerts, and system communications.
• Geocoding & Maps. Google Maps API — address geocoding and spatial services for GIS-enabled features.
• Push Notifications. Firebase Cloud Messaging — mobile and browser push notification delivery.
• AI & Machine Learning. Google Gemini API — document embedding, AI minutes transcription, and natural language query processing. Data sent to Gemini is used solely to generate responses and is not used to train Google's models.
• Database Hosting. Neon (PostgreSQL) — managed database hosting with encryption at rest.
• Caching & Queues. Upstash (Redis) — caching, rate limiting, and background job queue processing.
• Parcel Data. Regrid API — national parcel boundary data for property tax and GIS features.

6. Data Storage & Security

We implement industry-standard security measures to protect your data:

• All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
• Our infrastructure is SOC 2-ready and hosted on US-based servers.
• Row-level security enforces multi-tenant data isolation at the database layer — every query is scoped to the requesting municipality.
• Role-based access control with granular permissions by department, role, and individual user.
• Comprehensive audit trails log every create, update, and delete with user identity, timestamp, and before/after values.
• Authentication uses HttpOnly cookies with JWT tokens, refresh token rotation, and optional multi-factor authentication.
• Rate limiting is applied to all public endpoints and authentication flows to prevent brute-force attacks.
• Regular security assessments and vulnerability scanning are conducted to identify and address issues.

7. Data Sharing

We do not sell your personal information or municipal data. We may share information only in the following limited circumstances:

• Sub-Processors. With the third-party service providers listed in Section 5, solely to operate the platform and provide the services described.
• Legal Requirements. When required by law, regulation, subpoena, court order, or governmental request. We will notify the affected municipality before disclosure unless prohibited by law.
• Municipality Consent. When a municipality explicitly authorizes sharing of their data with designated third parties.
• Business Transfers. In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify affected municipalities before any such transfer.
• Aggregated & De-Identified Data. We may use aggregated, anonymized data that cannot identify any individual or municipality for research, benchmarking, or improving the platform.

8. Municipal Data Ownership

Data processed on behalf of municipalities remains the property of the respective municipality at all times. MuniNow acts as a data processor, not a data owner. We process municipal data solely in accordance with our service agreements and at the direction of the municipality.

Municipalities may export their data at any time through the platform's built-in export tools (CSV, JSON, PDF) or via the API (900+ endpoints). There are no export fees or restrictions.

Upon termination of service, we will provide a complete data export and delete all municipal data from our active systems within 90 days unless otherwise required by law or agreed upon in writing. Encrypted backups may be retained for up to 180 days for disaster recovery purposes, after which they are permanently destroyed.

9. Public Records & FOIA

Municipal data stored in MuniNow may be subject to public records laws, Freedom of Information Act (FOIA) requests, and similar state-specific open records requirements. MuniNow provides tools to assist municipalities in responding to such requests, including document discovery, AI-assisted PII redaction, and records release workflows.

Responsibility for responding to public records requests and determining what records are subject to disclosure rests with the municipality, not MuniNow. We will cooperate with municipalities in fulfilling their legal obligations under applicable public records laws.

10. Cookies & Tracking

We use cookies and similar technologies for the following purposes:

• Essential Cookies. Required for authentication (HttpOnly JWT cookies), session management, CSRF protection, and security. These cannot be disabled.
• Preference Cookies. Store your theme preference (light/dark mode) and UI settings.
• Analytics Cookies. Optional cookies that help us understand how the platform is used so we can improve the experience. You may opt out of these at any time.

We do not use advertising cookies, tracking pixels from third-party ad networks, or cross-site tracking technologies.

11. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of personal information or municipal data, we will:

• Notify affected municipalities within 72 hours of confirming the breach.
• Provide a description of the nature of the breach, the data affected, and the remediation steps taken.
• Cooperate with municipalities in meeting their notification obligations under applicable state breach notification laws.
• Take immediate steps to contain the breach, assess its scope, and prevent recurrence.

12. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access. Request a copy of the personal information we hold about you.
• Correction. Request correction of inaccurate or incomplete personal information.
• Deletion. Request deletion of your personal information, subject to legal retention requirements and records retention schedules.
• Data Portability. Request your data in a structured, machine-readable format (CSV, JSON).
• Opt-Out. Opt out of non-essential communications and analytics tracking.

To exercise any of these rights, contact us at privacy@muninow.com. We will respond within 30 days. For citizens who wish to exercise rights regarding municipal data, please contact your municipality directly, as they are the data controller for operational records.

13. State Privacy Law Compliance

MuniNow is designed to assist municipalities in complying with applicable state and federal privacy laws, including but not limited to:

• Illinois Personal Information Protection Act (PIPA) and Biometric Information Privacy Act (BIPA) — MuniNow does not collect biometric data.
• State-specific records retention requirements — the platform ships with retention schedules for Illinois and Minnesota.
• Freedom of Information Act (FOIA) and state open records laws — redaction and release tools are provided.

Municipalities are responsible for configuring the platform in compliance with their specific state and local requirements. MuniNow provides the tools; the municipality controls the policies.

14. Children's Privacy

MuniNow is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. The citizen portal requires users to attest that they are 18 or older during registration. If we become aware that we have inadvertently collected information from a child under 13, we will delete it promptly. Some municipal services (such as Parks & Recreation program registration) may involve minors' information entered by parents or guardians; such data is treated as municipal operational data under the municipality's data policies.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or third-party service providers. When we make material changes, we will notify municipal administrators through the platform and update the "Last updated" date at the top of this page. We will provide at least 30 days' notice before material changes take effect. Continued use of MuniNow after the effective date constitutes acceptance of the revised policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: