MyCivic is a municipal service coordination platform developed by Qntico. We provide technology infrastructure that connects citizens with the public enterprises and municipal departments responsible for resolving civic issues: roads, water, waste, lighting, parks, and related services.
MyCivic operates as a data processor on behalf of the municipal governments and public enterprises that deploy our platform. Each deploying municipality is the data controller under the General Data Protection Regulation (GDPR) for citizen data collected within their jurisdiction. Qntico acts as the data processor under a Data Processing Agreement with each municipal client.
If you need to reach us directly on any privacy matter, you can write to: [email protected]
Our core principle: we collect the issue, not the citizen. MyCivic is designed to function fully without knowing who you are.
When you use MyCivic to report a municipal issue, we collect only what is necessary to route and resolve it:
| Data Type | Required | Purpose |
|---|---|---|
| GPS location / map pin | Yes | Determine the correct zone, jurisdiction, and responsible enterprise |
| Issue category | Yes | Route to the correct department and set the appropriate SLA |
| Written description | No | Provide context to the field team handling the repair |
| Photograph | No | Document the condition before work begins; paired with completion photo |
| Email address | No | Notify you when your report is assigned and resolved. Required only if you want status updates. |
| Reference number | Auto-generated | Allows you to track your report without linking it to your identity |
We collect standard server-side access logs, which include IP address, browser type, pages visited, and timestamps. These are used for security monitoring and platform diagnostics. They are not linked to individual reports and are not used for advertising or profiling.
MyCivic does not collect, require, or store: national identification numbers, home addresses, dates of birth, financial information, social media accounts, biometric data, or any information beyond what is listed above. We do not build citizen profiles. We do not sell data to third parties.
We use the data collected for the following purposes, each with a legal basis under GDPR:
| Purpose | Legal Basis |
|---|---|
| Routing the report to the responsible enterprise or department | Performance of a public task (Article 6(1)(e)) |
| Tracking the report through the resolution lifecycle | Performance of a public task (Article 6(1)(e)) |
| Notifying you when your report is resolved (if you provided an email address) | Legitimate interest and consent (Article 6(1)(a) and (f)) |
| Generating performance analytics for the municipal client (resolution rates, SLA compliance) | Performance of a public task (Article 6(1)(e)) |
| Maintaining an audit trail for accountability and governance | Legal obligation and legitimate interest (Article 6(1)(c) and (f)) |
| Platform security and fraud prevention | Legitimate interest (Article 6(1)(f)) |
We do not use your data for advertising, marketing profiling, automated decision-making that has legal or significant effects on you, or any purpose not listed in this policy.
You can submit a full civic report — with location, category, description, and photo — without providing any personal contact information. In this case, your report will still be routed and resolved. The only limitation is that you will not receive status updates or a resolution notification, since we have no way to contact you.
Anonymous reports are treated identically to non-anonymous reports in terms of routing priority and SLA compliance. The responsible department cannot identify you from an anonymous report.
If you provide an email address and later want to remove it from a specific report, contact the deploying municipality's data controller or write to us at [email protected].
The team assigned to your report will see the location, category, description, photo, and reference number. They will not see your email address, which is held separately and used only to send you notifications.
Staff responsible for reviewing incoming reports and confirming routing decisions will see the report details but not your email address.
Analytics dashboards accessible to city leadership show aggregate performance data: volume of reports, resolution rates, SLA compliance, and response times. These dashboards do not show individual personal details.
As the data processor, Qntico has access to all data stored on the platform for the purpose of operating, maintaining, and supporting the system. Qntico operates under a Data Processing Agreement with each municipal client and is contractually prohibited from using municipal data for any purpose beyond service provision.
We do not sell, license, or share personal data with any third-party marketing, advertising, or analytics services. We may share data with subprocessors who provide infrastructure services (hosting, storage, security monitoring) under contracts that comply with GDPR Article 28. A list of subprocessors is available upon request.
Citizen data collected through MyCivic is stored in the geographic region specified by the deploying municipality. For European deployments, data is stored within the European Economic Area (EEA) and does not transfer outside the EEA unless explicitly configured and agreed upon by the municipal client.
All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Photographs are stored in isolated, access-controlled object storage and are only accessible to authorised users of the specific deployment.
We do not transfer personal data to countries outside the EEA without appropriate safeguards as required by GDPR Chapter V. If a transfer is required, we rely on the European Commission's Standard Contractual Clauses.
Data retention is configured per deployment in agreement with the municipal client (the data controller). Default retention periods are:
Municipal clients may request shorter or longer retention periods. Citizens may request deletion of their data (where it can be identified) under the right to erasure described below.
If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you and information about how it is used.
You have the right to request correction of inaccurate or incomplete personal data.
You have the right to request deletion of your personal data where: it is no longer necessary for the purposes for which it was collected; you withdraw consent (where consent was the legal basis); or processing is unlawful. This right may be limited where retention is required for legal obligations or audit purposes.
You have the right to request that we restrict the processing of your data in certain circumstances, for example while a complaint is being investigated.
Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller.
You have the right to object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.
MyCivic uses automated routing to assign reports to departments. This automated routing does not have legal or similarly significant effects on individuals. It determines which team receives a work order, not any decision about the individual who submitted it. You may, however, request human review of any routing decision if you believe it was made in error.
To exercise any of these rights, contact the deploying municipality's data controller directly, or contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
MyCivic uses a minimal number of cookies necessary for the platform to function. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
| Cookie Name | Type | Purpose | Expires |
|---|---|---|---|
| session_id | Strictly necessary | Maintains your session when navigating the reporting form | Session end |
| csrf_token | Strictly necessary | Protects against cross-site request forgery attacks | Session end |
| locale | Functional | Remembers your language preference if applicable | 1 year |
Strictly necessary cookies do not require your consent. Functional cookies improve your experience but do not track you across sites. You can disable cookies in your browser settings, though this may affect the functionality of the reporting form.
We will update this Privacy Policy when our practices change, when we add new features, or when legal requirements change. When we make significant changes, we will update the "Last updated" date at the top of this page.
Municipal clients will be notified of material changes to this policy as part of our Data Processing Agreement obligations. Citizens who have provided email addresses may be notified of significant changes at our discretion.
Continued use of the platform after changes are published constitutes acceptance of the updated policy.
For any privacy-related questions, data subject requests, or concerns about how MyCivic handles personal data, please contact:
Qntico / MyCivic
Email: [email protected]
If you are a municipal client or enterprise partner and need to reach our Data Protection Officer or discuss your Data Processing Agreement, please contact us at the same address with the subject line "Data Protection."
You have the right to lodge a complaint with the supervisory authority in your EU member state if you believe your personal data has been processed unlawfully. The European Data Protection Board maintains a directory of national authorities.