Privacy Policy

1. Who We Are

MuniGrowth (“we”, “us”) provides a B2B SaaS platform for municipalities and economic development teams worldwide. For most processing activities described here, MuniGrowth acts as data controller for account and billing data, and as data processor for municipal operational content when a DPA is in place.

Contact: contact@munigrowth.com

2. What Data We Collect

Personal data

• Name, job title, work email, phone (optional);
• Municipality/organization and role;
• Login credentials (passwords stored hashed);
• Usage logs, session data, IP address, browser/device information.

Municipal / organizational data

• LED plans, SWOT analyses, needs assessments, strategic goals;
• Projects, budgets, milestones, documents, exports;
• Grant applications, matches, donor research notes.

AI interaction data

• Prompts and messages to AI coach / strategy tools;
• Conversation history and generated outputs.

Payment data

Card and payment instrument data are processed by Dodo Payments. MuniGrowth does not store full card numbers. We store subscription status, plan tier, and billing contact email.

3. How We Use Your Data

Platform operation: authentication, LED workflows, grant matching, AI assistance, exports, support.

Communications: service notifications, billing, security alerts, product updates (with opt-out where required).

Improvement: anonymized/aggregated analytics, error diagnostics, AI quality tuning using de-identified interaction patterns where possible.

We do not: sell personal data; use data for third-party advertising; share identifiable municipality content with other tenants; or process data for unrelated purposes.

4. Legal Basis for Processing (GDPR)

For users in the EU/EEA/UK, we rely on:

• Contract — delivering the subscribed service;
• Legitimate interests — security, fraud prevention, service improvement (balanced against your rights);
• Legal obligation — tax, accounting, regulatory requests;
• Consent — optional marketing communications and non-essential cookies where required.

5. Data Retention

We retain your municipal data for as long as your subscription is active. If you cancel your subscription, we retain your data for 12 months to allow reactivation. After 12 months, we will notify you by email and permanently delete your data within 30 days unless you request an extension.

Billing and tax records may be retained for up to 7 years where required by law. AI conversation logs follow the shorter technical retention windows described in product documentation and may be deleted earlier on request.

6. Your Rights

You have the right to:

• Access all data we hold about your municipality;
• Export your data in machine-readable format;
• Request correction of inaccurate data;
• Request deletion of your data;
• Object to processing of your data where applicable law provides this right.

To exercise any of these rights, use the Data management section in your account settings or contact us at privacy@munigrowth.com.

EU/EEA/UK users may also lodge a complaint with a supervisory authority.

7. Data Transfers

Primary hosting is on VPS infrastructure in Lebanon. For EU clients, transfers outside the EEA may rely on Standard Contractual Clauses, supplementary measures, or other mechanisms approved by legal counsel — confirm with your DPA package before procurement.

8. Third-Party Processors

• OpenRouter (USA) — AI routing; prompts/responses; see OpenRouter privacy policy;
• Dodo Payments — payments; PCI-DSS aligned processing;
• Sentry — error monitoring; stack traces and technical metadata;
• LibreTranslate (self-hosted) — translation on our servers; text does not leave our infrastructure for external translation SaaS.

9. Cookies

See our Cookie Policy. Essential cookies operate the session; analytics cookies require consent where applicable.

10. Children’s Data

The Platform is not directed to individuals under 18. We do not knowingly collect children’s personal data.

11. Security Measures

• TLS encryption in transit;
• Encryption at rest for production databases and backups;
• Multi-tenant isolation;
• Optional two-factor authentication;
• Audit logging and vulnerability management practices.

12. Changes to This Policy

Material changes will be notified at least 30 days in advance via email or in-product notice.

13. Contact and Complaints

Data protection: contact@munigrowth.com

EU/EEA users may lodge a complaint with their local supervisory authority.