Citizenly · Legal
Privacy Policy
Last updated: 2026-05-09
This Privacy Policy explains what personal information Citizenly, Inc. (“Citizenly,” “we,” “us,” or “our”) collects, why we collect it, how we use and share it, how we keep it secure, and the choices and rights you have over it. The English version of this Policy is authoritative; translations are provided as a convenience.
1. Who this Policy applies to
This Policy applies to: visitors to citizenly.ai and related subdomains; staff users of partner organizations (caseworkers, organization administrators, and viewers) who use the Citizenly product to manage applicant intake; and applicants whose information is submitted to Citizenly through a partner organization. Where applicants interact with Citizenly directly (for example, by completing intake through a magic-link session), this Policy explains what we collect and the rights available to them.
2. The categories of information we collect
In the past twelve (12) months we have collected the following categories of personal information, as defined by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
| CCPA category | Examples | Sources | Disclosed for a business purpose to |
|---|---|---|---|
| Identifiers | Name, email address, phone number, account identifier (Cognito sub), IP address. | Directly from you; from the partner organization that invited you. | Cloud infrastructure providers; email delivery provider. |
| Customer records (Cal. Civ. Code §1798.80(e)) | Account profile, organization affiliation, role, language preference. | Directly from you. | Cloud infrastructure providers. |
| Protected classifications | National origin, marital status, age (where the underlying immigration form requires it). | Directly from you (intake answers). | Stored encrypted at rest; not disclosed to third parties. |
| Internet or other electronic activity | Pages viewed inside the product, in-product chat content with Citizenly's AI, time stamps of key actions, browser-supplied headers (User-Agent, language). | Automatically as you use the Service. | Cloud infrastructure providers; AI model provider (in pseudonymized form). |
| Geolocation data (coarse) | Approximate region inferred from IP address. | Automatically as you use the Service. | Cloud infrastructure providers (used for routing and abuse prevention). |
| Sensitive personal information (CPRA §1798.140(ae)) | Government identifiers (Alien Registration Number, Social Security Number where required by the underlying form, USCIS receipt number); date of birth; precise immigration history. Account credentials managed by our identity provider. | Directly from you (intake answers). | Used only for the purpose for which it was collected (preparing your immigration filing) and stored encrypted at rest. Not used to infer characteristics, not sold, and not shared for cross-context behavioral advertising. You may request that we limit our use of sensitive information at any time (see Section 8). |
| Inferences | Eligibility evaluations and red-flag determinations produced by the Citizenly AI based on the answers you provide. | Generated internally from intake answers. | Shared with the partner organization that is assisting you. |
We do not collect biometric information, audio/video recordings, precise geolocation, union membership, philosophical or religious beliefs, or genetic data.
3. Why we collect this information (purposes of use)
- Provide the Service. Manage your account, walk you through intake in your preferred language, run eligibility checks, generate filing-ready forms, and surface USCIS case status.
- Detect issues that need attorney review. Run deterministic and AI-assisted checks for situations (e.g., extended travel outside the U.S., criminal history) that may complicate a filing, and surface them to your caseworker.
- Operate, secure, and improve the Service. Detect fraud and abuse, debug and harden the platform, enforce our Terms of Service, and produce aggregate usage statistics. We do not use your sensitive personal information to develop or improve models.
- Communicate with you. Send transactional messages (email confirmations, deadline reminders, security alerts) and, if you are a partner-organization administrator, occasional service announcements.
- Comply with legal obligations. Respond to lawful requests from courts, regulators, and government authorities; respond to verified privacy-rights requests; and retain records required by law.
Citizenly does not sell your personal information, and does not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
4. How information is shared
We share personal information only with the following categories of recipients, and only as needed for the purposes above:
- The partner organization assisting you(if you are an applicant accessing Citizenly through a nonprofit, legal-aid organization, or law firm). The organization's caseworkers and administrators see your intake answers, generated forms, and any flags raised during review.
- Service providers we engage to operate the platform: cloud hosting and database providers (Amazon Web Services, in the United States); transactional email delivery (Amazon SES); identity and access management (Amazon Cognito); large-language-model inference (Anthropic); embedding generation and observability vendors. Each is contractually obligated to use your information only to provide services to us.
- Legal authorities when we are required by law, court order, or other legal process, or where we have a good-faith basis to do so to protect the rights, property, or safety of any person.
- Successors in connection with a merger, acquisition, financing, or sale of all or part of Citizenly. We will notify you (where required) before your information is transferred and becomes subject to a different privacy policy.
5. How long we keep information
We keep personal information only for as long as needed to provide the Service and to meet the legitimate retention periods listed below. After that, we delete or anonymize it.
- Account profile. For the life of your account. Deleted within 30 days of account closure, except where law requires longer retention.
- Chat sessions and AI interactions. Active sessions for the life of the account; soft-deleted sessions are permanently purged after 14 days.
- Intake answers, eligibility results, and generated forms.For the duration of the partner organization's engagement plus the records-retention period applicable to immigration legal services. Partner organizations may direct deletion at any time.
- Audit and security logs. Up to 7 years, redacted to remove direct identifiers where possible. We may retain log data longer where required to investigate suspected fraud or comply with subpoenas.
- AI model traces. Stripped of A-Number, SSN, date of birth, and USCIS receipt number before they reach our tracing provider. Retained for the standard observability window of that provider.
6. How we secure information
- HTTPS/TLS in transit; HSTS preload on all production domains.
- Sensitive fields (USCIS receipt number, intake chat content, adaptive follow-up content) encrypted at rest using authenticated symmetric encryption (Fernet/AES) with keys held in AWS Secrets Manager.
- Form PDFs stored with AES-256 server-side encryption; access via short-lived pre-signed URLs only.
- Multi-factor authentication and audit logging for staff access to production systems; least-privilege IAM; rate limiting on all public endpoints.
- Direct identifiers (A-Number, SSN, DOB, receipt number) are redacted before any AI prompt is logged or persisted.
- Annual review of access controls and a documented incident- response process. Eligible privacy or security incidents will be notified in accordance with applicable law.
7. Cookies and similar technologies
Citizenly uses a small set of first-party cookies and browser-storage values. We do not use third-party advertising cookies, tracking pixels, or analytics that profile you across other sites. The categories below mirror those in our cookie banner and on the Your Privacy Choices page.
- Strictly necessary — sign-in session, applicant magic-link session, CSRF protection, theme selection. These are required for the Service to function and cannot be turned off.
- Functional— language preference (so you don't have to re-select it on each visit). On by default; you may turn this off without losing access to the Service.
- Analytics — currently none. If we add analytics in the future, we will update this Policy and will not load any analytics script unless your saved consent preference permits it.
- Marketing — currently none. We do not run advertising or remarketing campaigns and have no plans to do so without a Policy update.
Citizenly honors the Global Privacy Control (GPC) signal as a valid opt-out request under the CCPA and similar U.S. state laws. If your browser sends GPC, we treat it as your direction to opt out of any sharing for advertising or sale; today, that signal also disables the analytics and marketing cookie categories on the spot.
8. Your privacy rights
Depending on where you live, you have some or all of the rights below. We grant California rights to all U.S. users as a baseline because California's framework is the most comprehensive.
- Right to know / right to access. Request a copy of the personal information we hold about you, including the categories collected, sources, recipients, and business purposes.
- Right to delete. Request deletion of your personal information, subject to legal retention obligations and except where retention is necessary to complete a transaction you initiated, prevent fraud, or comply with a legal obligation.
- Right to correct. Request correction of inaccurate personal information.
- Right to opt out of sale or sharing. Citizenly does not sell or share personal information for cross-context behavioral advertising; you nonetheless have the right to direct us not to. Sending a Global Privacy Control signal exercises this right automatically.
- Right to limit use of sensitive personal information. We already use sensitive information only for the purpose for which it was collected (preparing your immigration filing). You may submit a request to confirm this limitation; we will respond accordingly.
- Right to non-discrimination. We will not deny you service, charge a different price, or provide a different level of quality because you exercised a privacy right.
- Right to data portability. Your access export is provided in a portable, machine-readable JSON format.
- Authorized agents. You may use an authorized agent to submit requests on your behalf. We will require the agent to demonstrate written authorization and may require you to verify your identity directly.
How to exercise your rights
Account holders can use the Privacy tab in account settings to download a copy of their data, correct their profile, or delete their account. Anyone (including applicants without a Citizenly account, and authorized agents) can submit a request by emailing privacy@citizenly.ai or by using the form on Your Privacy Choices.
We will acknowledge your request within ten (10) business days and respond substantively within forty-five (45) days, with one forty-five-day extension where reasonably necessary and where we notify you of the extension. We will verify your identity in a manner proportionate to the sensitivity of the request, typically by sending a code to the email address on file.
If you are a resident of California, you may also designate someone to submit a request on your behalf in writing or through a power of attorney. If we deny your request, you may appeal to privacy@citizenly.aiwith the word “Appeal” in the subject line; we will respond within sixty (60) days.
9. California Shine the Light (Cal. Civ. Code §1798.83)
California residents may request once per calendar year a list of the categories of personal information disclosed to third parties for those third parties' direct-marketing purposes. Citizenly does not disclose personal information for direct-marketing purposes; the answer to a Shine the Light request will therefore be a confirmation of that fact.
10. Other U.S. state privacy laws
Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia have similar rights under their respective state privacy laws (CPA, CTDPA, DPDPA, ICDPA, ICDPA-equivalents, MCDPA, NHPA, NJDPA, OCPA, TIPA, TDPSA, UCPA, VCDPA). The same request channels listed above honor those rights.
11. Children's privacy
The Citizenly Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16 without verifiable parental consent. If you believe a child under 16 has provided us with personal information, contact privacy@citizenly.ai and we will delete it.
12. International data transfers
Citizenly is operated from the United States and stores data in AWS facilities in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.
13. AI and automated processing
Citizenly uses an AI assistant to help you complete intake. The AI does not make legally significant decisions about you; eligibility signals and red flags surfaced by the AI are reviewed by a human caseworker (or, where you are using Citizenly without a partner organization, surfaced to you for action). You may opt out of AI- assisted intake by contacting your caseworker and requesting a manual workflow.
14. Changes to this Policy
We will post any changes to this Policy on this page and update the “Last updated” date at the top. If the changes are material we will provide additional notice (for example, an in- product banner or email to account holders) before the changes take effect.
15. Contact us
Citizenly, Inc.
Email: privacy@citizenly.ai
Postal mail: contact us at the email above to be provided with a current correspondence address.
For California residents, this email address is the designated method to exercise privacy rights under Cal. Civ. Code §1798.130.