Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide to us when you:

• Register for an account: Name, email address, phone number, organization name, job title
• Use our services: Permit applications, licensing documents, project data, citizen information
• Contact us: Inquiry details, support requests, feedback
• Subscribe to communications: Email address, communication preferences

1.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Device information: IP address, browser type, operating system, device identifiers
• Usage data: Pages viewed, features used, time spent, clickstream data
• Location data: General geographic location based on IP address
• Cookies and similar technologies: Session data, preferences, analytics

1.3 Information from Third Parties

We may receive information from:

• Identity verification services
• Payment processors
• Analytics providers
• Public records and government databases
• Business partners and integration partners

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

• Provide, maintain, and improve our Services
• Process permits, licenses, and applications
• Facilitate communication between government agencies and citizens
• Enable collaboration and workflow management
• Generate analytics and reporting

2.2 Account Management

• Create and manage your account
• Authenticate your identity
• Process payments and billing
• Provide customer support

2.3 Communications

• Send transactional emails (account updates, system notifications)
• Provide customer support responses
• Send marketing communications (with your consent)
• Conduct surveys and request feedback

2.4 Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and government requests
• Enforce our Terms of Use and policies
• Protect our rights and property

2.5 Analytics and Improvement

• Analyze usage patterns and trends
• Develop new features and services
• Conduct research and data analysis
• Improve user experience

3. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

Legal Basis	Purpose
Contract Performance	Providing our Services to you
Legal Obligation	Compliance with applicable laws
Legitimate Interests	Improving Services, security, analytics
Consent	Marketing communications, cookies

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

We share your information when you explicitly authorize us to do so.

4.2 Service Providers

We share data with third-party vendors who perform services on our behalf:

• Cloud hosting providers (AWS, Azure)
• Payment processors (Stripe)
• Email service providers
• Analytics providers (Google Analytics)
• Customer support tools

4.3 Government Agencies

As part of our services, we facilitate data sharing between government agencies and citizens for permitting and licensing purposes.

4.4 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or subpoenas
• Government requests or investigations
• Legal processes and proceedings
• Protection of our rights and safety

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement comprehensive security measures to protect your data:

5.1 Technical Safeguards

• Encryption: 256-bit AES encryption at rest, TLS 1.3 in transit
• Access controls: Role-based permissions, multi-factor authentication
• Network security: Firewalls, intrusion detection, DDoS protection
• Monitoring: 24/7 security monitoring and incident response

5.2 Organizational Safeguards

• Regular security training for employees
• Background checks for personnel with data access
• Confidentiality agreements and policies
• Annual third-party security audits

5.3 Compliance Certifications

• SOC 2 Type II certified
• ISO 27001 compliant
• HIPAA compliant (for applicable data)
• FedRAMP authorized (in progress)

6. Data Retention

We retain your information for as long as necessary to:

• Provide our Services to you
• Comply with legal obligations (typically 7 years for financial records)
• Resolve disputes and enforce agreements
• Meet government record-keeping requirements

When you close your account, we will delete or anonymize your personal information within 30 days, unless we are required to retain it for legal purposes.

7. Your Privacy Rights

7.1 All Users

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (subject to legal obligations)
• Opt-out: Unsubscribe from marketing communications
• Data portability: Receive your data in a structured format

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to non-discrimination for exercising your rights

7.3 European Residents (GDPR)

If you are in the EEA, you have additional rights under GDPR:

• Right to object to processing
• Right to restrict processing
• Right to lodge a complaint with a supervisory authority
• Right to withdraw consent

7.4 Texas Residents

As a Texas-based company, we comply with Texas state data protection laws, including:

• Texas Identity Theft Enforcement and Protection Act
• Texas Data Breach Notification requirements (Texas Business and Commerce Code § 521.053)
• Texas Biometric Privacy regulations

Texas residents have the right to:

• Be notified of data breaches affecting their personal information within 60 days
• Request information about data collection and use practices
• Opt-out of the sale of personal information to third parties
• Receive information about biometric data collection (if applicable)

To exercise your rights, contact us at: privacy@batstick.org

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential	Required for basic functionality	Session
Functional	Remember preferences and settings	1 year
Analytics	Understand how users interact with our Services	2 years
Marketing	Deliver relevant advertisements	1 year

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Services.

9. Children's Privacy

Our Services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all processors
• Compliance with EU-U.S. Data Privacy Framework (when applicable)

11. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of our Services after the effective date constitutes acceptance of the revised policy.

13. Contact Information