Privacy Policy

1. Who We Are

Theito Tech LLC, doing business as Every Iowan ("we," "us," "our"), operates the website everyiowan.comand related services (collectively, the "Service"). We are based in Urbandale, Iowa, United States.

For privacy inquiries, contact us at [email protected] or through our contact form. We respond to all privacy requests within the timelines required by the applicable law (typically 30 to 90 days; see Section 10).

2. Our Iowa-First Commitment

Every Iowan is built for Iowa residents. Our community, default groups, and outreach are scoped to the State of Iowa. This shapes our privacy posture:

• We design to comply first with the Iowa Consumer Data Protection Act (Iowa Code Chapter 715D, effective January 1, 2025), and with other U.S. laws where they apply to our users.
• We do not target or market to users in the European Economic Area, the United Kingdom, or other regions outside the United States. If you are outside the U.S., see Section 12 before using the Service.
• We do not sell or rent personal data — ever — and we do not operate advertising networks, behavioral ad pixels, or cross-site tracking.

3. Information We Collect

We collect only what is necessary to provide the Service:

3.1 Account Data (when you sign in)

We offer sign-in through Google, X.com (Twitter), and email one-time codes. When you authenticate, we receive and store:

• Name and email address — to identify your account
• Profile picture URL — to display your avatar (we store the URL, not the image)
• OAuth provider and account ID — to link your sign-in method
• ZIP code — collected during onboarding to personalize your local experience
• Display name / username — optional pseudonym you choose for public-facing features like referrals
• Preferences — for example, preferred city, followed schools, notification opt-ins

We do not receive or store your password from any sign-in provider. Authentication is handled entirely by the third-party provider.

3.2 Phone Number & SMS

You may optionally provide a U.S. mobile phone number to receive text messages (weather alerts, school closures, daily civic digests, or one-time verification codes). We store the number in E.164 format, the time it was verified, and your channel/severity preferences. We send SMS through our carrier partner (Twilio) and do not share your number with anyone else.

SMS is governed by our separate SMS Terms & Consent, including message frequency, rate disclaimers, and how to stop (reply STOP). A preview of the in-account consent flow is available at /sms-opt-in. We will never require SMS consent as a condition of using any part of the Service.

3.3 Community Groups & Shortlists

When you join a default civic group (every Iowa town, county, and school district has one) or a user-created group, we store your group membership, the tier you held when you joined, and any contributions you make. When you add or endorse a business on a group’s shortlist, we store the business, your short note, and — unless you are using a pseudonym — your display name. Endorsements in sensitive-topic groups (for example, domestic-violence support, postpartum) can be made anonymously to other members; moderators and staff can still see the authoring account when required to enforce safety rules.

3.4 Daily Digest Preferences

If you subscribe to daily civic digests, we store the groups you want digests for, the channels (in-app, email, SMS, web push), severity gates (normal, advisory, urgent), quiet hours, and your preferred delivery hour. We also keep a log of each digest we send to you (when, which channel, whether it was delivered or opened) for troubleshooting, deduplication, and deliverability reporting. You can change or cancel digest settings at any time from your account.

3.5 Contact Form Submissions

When you submit our contact form, we collect:

• Your name and email address
• Business name (optional)
• Your message

3.6 Business Claim Data

When you claim a business listing, we collect your account information (already collected during sign-in), the entity you are claiming, your verification method (email domain match or manual review), and any notes you provide. This data is used solely to verify business ownership and grant portal access.

3.7 Hiring & Job Posting Data

If you apply to a job listed on the Service or create a job seeker profile, we store the information you provide (name, contact, work history, skills, any answers to employer questions). We also log interactions between you and the employer (application sent, status updates). See our Terms of Service for our hiring-integrity policy.

3.8 Payment Data

Paid memberships and Business Access subscriptions are processed by Stripe. We do not see or store your full payment card number. We retain a Stripe customer ID, subscription status, plan, and billing email so we can apply your subscription to your account and handle support.

3.9 Automatically Collected Data

When you use the Service, our server automatically records basic technical information: pages visited, device type, and browser. This data is used only to operate and improve the platform. We aggregate anonymous interaction data (page views, click types, device categories) to provide business owners with cohort-level analytics about their listing’s performance. This data is presented only in aggregate form — individual visitors are never identified to business owners. We classify visitors into anonymous groups (e.g., "consumers," "business users," "anonymous") based on account type, never by individual identity.

We do not use advertising pixels, cross-site behavioral tracking, or fingerprinting scripts. When enabled in our deployment, we use Plausible Analytics for aggregate site traffic (page views, referrers, coarse device/browser data). Plausible is designed not to use cookies; see their documentation. Our Content Security Policy allows Cloudflare scripts so we can use Cloudflare security protections and, if configured for our domain, its privacy-oriented edge analytics.

3.10 Language & Navigation Preferences

When you choose a display language (for example, English or Spanish), we store your choice in the first-party NEXT_LOCALE cookie so pages load consistently on your next visit. This only affects user-interface text; factual directory content (business names, addresses, hours) stays as published in our database.

The directory search field may call our /api/directory/suggest endpoint as you type to return matching public listings from the same index used for full search. Each request includes the characters you typed and your IP address for rate limiting and abuse prevention. We do not use suggestions for advertising, cross-site tracking, or resale.

We may record anonymous navigation choices between major areas of the site using the same aggregate analytics tools when enabled, and store only coarse destination tallies in browser local storage on your device to help prioritize shortcuts and navigation design. This is not used for advertising or cross-site tracking.

3.11 Public Business & Organization Directory Data

Our directory contains publicly available information about Iowa businesses, nonprofits, schools, agencies, and other organizations, gathered from public websites, government databases, and directories. This data is not personal data — it relates to organizations, not individuals. If you represent a listed entity and wish to correct or remove information, please contact us. See How We Work for details on our crawling ethics and opt-out.

3.12 School, District, and Student-Adjacent Information

Our education pages display publicly available information about Iowa school districts and buildings: addresses, enrollment counts, meal menus, calendars, athletics schedules, transportation, and emergency information published by the district. We do notcollect or store personally identifiable information about students (no student names, grades, class rosters, or account identifiers). If you choose to follow a school from your account, we store only the school’s entity ID and your notification preferences.

4. What We Do Not Collect

The following are never collected by the Service:

• Precise geolocation (GPS coordinates)
• Health, medical, reproductive, or insurance information
• Period, pregnancy, or fertility tracking data
• Immigration status, Social Security Number, or government-ID numbers
• Biometric or genetic information
• Payment card numbers (handled by Stripe; we never see them)
• Student personally identifiable information
• Contents of your private messages outside the Service

If a feature ever needs to collect sensitive information for a specific purpose, we will ask for explicit, informed consent at the point of collection and explain what we will do with it.

5. How We Use Your Information

• Operate, maintain, and improve the platform
• Authenticate your identity and manage your session
• Send messages you requested (digest emails/SMS, alert SMS, account emails)
• Deliver one-time verification codes for email or phone sign-in
• Respond to contact form submissions and support requests
• Operate community groups, shortlists, and moderation
• Grant business portal access to verified claimants
• Provide aggregated, anonymous visitor analytics to verified business owners
• Bill paid memberships and Business Access subscriptions via Stripe
• Prevent fraud, abuse, and harm — including safety enforcement in groups
• Comply with legal obligations

We do not sell or rent your personal data. We do not use personal data for targeted advertising, profiling, or automated decision-making that produces legal or similarly significant effects.

6. Information Sharing and Third-Party Services

We do not sell, rent, or trade your personal information. We share data only with the following service providers, who act as data processors on our behalf:

Each provider maintains its own privacy policy and data processing terms. We do not share personal data with third parties for their own marketing purposes.

7. Automated Processing, Crawling, and AI

Every Iowan uses automated tools to gather and organize publicly available business and organization information ("Hydra"). Crawling respects robots.txt, uses reasonable rate limits, and identifies itself as our bot. See How We Work for details and opt-out instructions.

We use open-source large language models (primarily through our operated Ollama Cloud environment) to help summarize and structure public directory content and the daily civic digests. These models run under our control. We do not send your personal account data, SMS message contents, or private messages through third-party AI services.

AI-generated suggestions for directory fields are reviewed before they are published as authoritative facts. We do not use automated decision-making to deny service, set prices differently for specific individuals, or produce other legal or similarly significant effects.

8. Cookies and Session Management

We use only strictly necessary cookies:

We do not use advertising cookies or third-party cross-site tracking cookies. Plausible Analytics (when enabled) does not rely on cookies per the vendor. Because the cookies above are strictly necessary for the Service to function, they are exempt from consent requirements under applicable U.S. law.

9. Data Retention

• Account data— retained while your account is active, and up to 30 days after deletion request, to allow us to remove it from production systems and working backups.
• Phone number & SMS preferences— removed within 3 days of the moment you reply STOP, disable SMS in settings, or delete your account. We keep a one-way, hashed record that a given number has opted out so we do not re-enroll it by accident.
• Digest delivery logs— retained 90 days for deliverability troubleshooting, then deleted.
• Group membership and endorsements— retained while your account is active. Upon account deletion, endorsements remain attributed to the pseudonym you used (if any) and are otherwise anonymized.
• Contact form submissions— retained for business operations. You may request deletion at any time.
• Session data— deleted 30 days after last activity.
• Server logs— application logs are written to the systemd journal, which is capped at approximately 500 MB with oldest entries overwritten as that limit is reached. Standard Ubuntu logrotate handles system logs on a weekly rotation.
• Database backups— daily PostgreSQL dumps, gzipped and encrypted with AES-256-CBC before being written to disk. Stored on our production server in a location restricted to the server administrator. Backups older than 7 days are automatically deleted.
• Claim request data— retained for the life of the business listing for audit purposes. Rejected claims are retained for 1 year.
• Payment records— retained as required by U.S. tax and accounting law (currently up to 7 years).

To request deletion of any data we hold about you, use our Data Rights Request page, email [email protected], or use our contact form.

10. Your Rights Under Iowa Law

The Iowa Consumer Data Protection Act (Iowa Code Chapter 715D, effective January 1, 2025) provides Iowa residents with the following rights:

• Right to know— Confirm whether we process your personal data and request access to it.
• Right to delete— Request that we delete personal data you provided.
• Right to data portability— Receive a copy of your personal data in a portable, usable format.
• Right to opt out of sale— We do not sell personal data, but you have the right to opt out if we ever did.
• Right to opt out of targeted advertising— We do not engage in targeted advertising; you retain this right regardless.
• Right to appeal— If we decline a request, you may appeal by contacting us. If unsatisfied, you may submit a complaint to the Iowa Attorney General.

To exercise these rights, use our Data Rights Request page or email [email protected]. We will respond within 90 days as required by Iowa law.

11. Rights of Other U.S. Residents

Where other U.S. state privacy laws apply (including California’s CCPA/CPRA, Virginia, Colorado, Connecticut, Utah, Texas, Montana, Oregon, or Delaware), we honor substantially similar rights: access, deletion, correction, portability, and opt-out of any sale or targeted advertising. Because we do not sell personal data or run targeted-ad programs, opt-outs are effectively a no-op, but we still honor them.

California residents: we do not sell or share personal information as those terms are defined by the CCPA/CPRA. "Do Not Sell or Share My Personal Information" is our default behavior for all users. We do not process data for cross-context behavioral advertising.

12. Non-U.S. Users

The Service is hosted in and designed for the United States, and specifically for Iowa residents. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. By using the Service, you consent to that transfer. We do not operate programs targeted at users in the European Economic Area, the United Kingdom, Switzerland, or Brazil, and we do not offer services on terms calibrated for those jurisdictions’ laws. If you believe you have a data request under a non-U.S. regime, email [email protected] and we will address it in good faith.

13. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. SMS features are for users who are 18 or older (or the age of majority in their jurisdiction). If you believe a child under 13 provided us data, please contact us and we will delete it.

Educational content on the Service (school pages, lunch menus, calendars) is drawn from public school-district publications and does not include student personally identifiable information.

14. Data Security

We protect your data with the following measures:

• TLS encryption for all data in transit (HTTPS enforced with HSTS)
• Encrypted database connections between the application and PostgreSQL
• HTTP-only, Secure session cookies (not accessible to JavaScript)
• UFW host firewall permitting only ports 22, 80, and 443; PostgreSQL bound to localhost and not exposed to the public internet
• Daily AES-256-CBC encrypted PostgreSQL backups (OpenSSL, PBKDF2 at 600,000 iterations) with 7-day rotation, stored on the production server in a path restricted to the server administrator
• The backup encryption key is held only on the production server; it is not stored in source control, on developer machines, or in any of our third-party service accounts
• Every backup is integrity-checked (decrypt + verify gzip) immediately after creation; corrupt backups are deleted automatically
• Platform-level encryption at rest on DigitalOcean block storage (provided by our hosting vendor)
• fail2ban for automated blocking of repeated failed login attempts, and rate limiting on sensitive endpoints
• SSH key-only authentication (PasswordAuthentication no, PermitRootLogin prohibit-password)
• Systemd sandboxing for the application service (NoNewPrivileges, ProtectSystem=strict, ProtectHome, PrivateTmp)
• Principle-of-least-privilege access for operators; audit logging on sensitive admin actions
• HMAC-signed unsubscribe tokens and cron webhook authentication

Database backups are encrypted at the application level before they are written to disk. We do not currently perform application-level encryption of individual database rows beyond the platform-level encryption provided by our hosting vendor. If you have heightened confidentiality needs, please consider that before providing sensitive information.

No system is 100% secure. If we discover a breach that affects your personal information, we will notify you and the appropriate regulator (including the Iowa Attorney General under Iowa Code Chapter 715C) within the timeframes required by applicable law.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a new effective date. For material changes — for example, the introduction of a new category of data collection — we will notify registered users by email and, where required by law, request renewed consent before the change takes effect.

16. Contact and Complaints

For privacy questions, data requests, or complaints:

If you are an Iowa resident and believe we have not adequately addressed your concerns after an appeal, you may contact the Iowa Attorney General’s Consumer Protection Division.