Citycost Privacy Policy

    Citycost.org — Privacy Policy
    Last Updated: August 22, 2025
    This Privacy Policy explains how Citycost (“we,” “us,” “our”) collects, uses, discloses, and retains information when you use Citycost.org, our apps, APIs, datasets, widgets, emails, or other services (the “Services”). By using the Services, you agree to this Policy.

    1. Scope & Controller
    Citycost.org and affiliated Services are owned and operated by one or more Citycost Operators. For personal data collected via the Services, the Citycost Operator that provides the Services in your region acts as the controller. For all regions, you may contact us at [email protected]. Where local law requires disclosure of the specific controller or the essence of any joint‑controller arrangement, we will provide that information upon request.

    2. Information We Collect
    We collect information in the following categories:
    • Information you provide: account data, content you submit (reviews, ratings, images, comments), and communications.
    • Information collected automatically: device and usage data (IP address, device identifiers, approximate location, event logs, and similar telemetry), and cookies or similar technologies.
    • Payment information (if optional paid features are offered in the future): processed by our payment processor; we do not store full card details.

    3. How We Use Information
    We use information to operate, secure, maintain, and improve the Services; to communicate with you; to prevent fraud and abuse; to comply with law; and to develop and improve models and derived datasets where permitted by law.
    AI/ML use: We may use personal data to develop and improve models where permitted by law (e.g., relying on legitimate interests with safeguards or on consent, depending on region). Where you have a right to object, you may do so using the contact details below.

    4. Disclosure of Information
    We may disclose information to: (a) service providers and contractors (e.g., hosting, security, analytics); (b) comply with law, legal process, or enforce our terms; (c) protect rights, safety, or property; (d) a buyer or successor in connection with a corporate transaction; and (e) as aggregated or de‑identified data.
    Sale/Share. As of the date of this Policy, we do not sell personal information and do not use it for cross‑context behavioral advertising, as those terms may be defined under applicable law.

    5. Your Choices & Rights
    Depending on your location, you may have rights such as access, correction, deletion, portability, and to opt out of targeted advertising, sale, or profiling. We respond within the statutory timelines required by applicable law and may extend where the law permits. If we deny a request, you may appeal by replying to our response within the time required by law. Where permitted, you may use an authorized agent. Where required by law, we honor recognized universal opt‑out signals. Submit requests to [email protected].

    6. Retention
    We keep personal information only for as long as needed for the disclosed purposes or as required by law. Where a fixed period is not possible, we apply objective criteria (e.g., account status, legal obligations, and security requirements).

    7. Categories, Purposes, Disclosures, Retention (Summary)


    Category

    Examples

    Source

    Purpose

    Disclosed to (type)

    Retention (period or criteria)

    Identifiers

    Email; IP address

    You / Automatic

    Operate account; security; communications

    Hosting; security provider

    Account life + up to 24 months

    Internet/Usage

    Device identifiers; logs; pages viewed

    Automatic

    Security; analytics; service improvement

    Analytics vendor

    Rolling 12–24 months

    Approx. Location

    City/region from IP

    Automatic

    Localize content; security

    As needed for security; then de‑identified

    User Content

    Reviews, ratings, uploads

    You

    Display; improve Services; training where permitted

    Content delivery; moderation support

    Account life (or until deleted)

    Payment Info (if applicable)

    Token; last 4 digits

    You / Payment processor

    Process transactions

    Payment processor

    As required by law and processor policies

    8. Cookies & Similar Technologies
    We use essential cookies to operate the Services and may use other cookies or local storage for preferences and security. You can control cookies through your browser settings. Where required by law, if and when we deploy non‑essential cookies in those regions, we will seek the required consent before setting them.

    9. Children’s Privacy
    The Services are not intended for children under 16. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, contact us and we will delete it as required by law.

    10. International Transfers
    Information may be processed or stored outside your country. Where required by law, we use appropriate safeguards for transfers (for example, approved contractual clauses or comparable mechanisms).

    11. Security
    We apply reasonable technical and organizational measures (e.g., access controls and encryption in transit where feasible) to protect information, but no method is 100% secure. We delete or de‑identify data when it is no longer needed for the stated purposes.

    12. Changes to this Policy
    We may update this Policy by posting a revised version with a new “Last Updated” date. Significant changes will be reasonably highlighted. Your continued use of the Services after the effective date constitutes acceptance.

    13. Contact
    For privacy inquiries or to exercise rights, contact: [email protected].
    Published