Policy Reference: CB-PP-2026-EXPANDED

Privacy Policy

Our Global Privacy Policy and Data Sovereignty Protocol.

Version: 2.1.0 Effective Date: February 20, 2026 Last Revised: March 23, 2026

1. Introduction and Corporate Vision

CityBuzz, Inc. (“CityBuzz,” “we,” “us,” or “our”) is a real-time, geographically organized communication platform designed to be the "heartbeat" of the modern city. Our Service allows users to discover, share, and discuss local events through a specialized "Buzz" interface. This Privacy Policy is our formal commitment to transparency, outlining the lifecycle of your data. We operate under a "Privacy by Design" framework, ensuring that your data remains secure, localized, and under your control.

2. Information We Collect: The "User-Defined" Data Taxonomy

CityBuzz is designed to be a privacy-first platform. Unlike traditional location-based apps, we do not track or store your device’s precise GPS location.

Account Credentials: We collect your name (or chosen display name), a unique @username, a verified email address, and a cryptographically hashed password.

User-Defined Location: To participate in a conversation, you manually input or select the city you wish to "Buzz" in. This selection is used solely to route your messages to the correct thread and is not used to track your physical movements over time.

User-Generated Content (UGC): We store the text of your posts, comments, thread titles, and multimedia files (images/videos) that you share with the community.

Interaction Metadata: We collect data on who you "Report" or "Block" to ensure your personal feed remains safe and free from harassment.

3. Purpose of Processing and Data Utilization

We use your information to power the CityBuzz experience:

  • Manual Local Routing: To ensure your messages appear in the city chat you have explicitly selected.
  • The Ranking Algorithm: We use engagement signals (replies, shares, and "Buzz" velocity) to determine which threads move to the top of the feed.
  • Real-Time Notifications: To alert you when a thread in your selected city is gaining traction or when someone replies to your message.
  • Platform Integrity: To identify and mitigate bot attacks, coordinated spam, and bad actors.
  • Brand Evolution: We analyze aggregated, de-identified data to understand which app features are most effective.

4. Artificial Intelligence and Automated Processing (AB 2013)

In accordance with California’s AB 2013, CityBuzz discloses its use of automated systems:

Safety AI: We utilize machine learning to scan for prohibited content, including hate speech and physical threats, before they reach the community.

Ranking AI: Our "Buzz Feed" is organized by algorithms that analyze "Local Intent" based on user engagement.

AI Training Safeguards: We may use public thread content to train our internal local-relevance models. WE NEVER use your private messages (DMs), your real name, or your selected cities to train generalized AI models.

Human-in-the-Loop: You have the right to request a human review of any automated decision that results in an account suspension.

5. Legal Bases for Processing

For users in the EEA, UK, and other regulated jurisdictions, we process data under:

  • Contractual Necessity: We must process your selected city and email to provide the Service you requested.
  • Legitimate Interests: To protect our users from fraud, ensure app security, and improve the "Buzz" algorithm.
  • Legal Obligation: When required to comply with statutory requirements or law enforcement mandates.
  • Consent: Specifically for any marketing communications you may opt-in to in the future.

6. How We Share and Disclose Information

CityBuzz operates under the strict principle that we are not a data broker. We do not sell, rent, or trade your personal information to third parties. Disclosure of data is limited to the following specific circumstances:

  • Essential Infrastructure Partners: we share limited data with service providers who host our servers (e.g., cloud infrastructure), manage email delivery, or provide security analysis. These partners are contractually prohibited from using your data for any purpose other than providing services to CityBuzz.
  • Safety and Content Integrity Vendors: We utilize third-party specialized tools to assist our Safety AI in identifying coordinated bot attacks or illegal content. These vendors receive de-identified snippets required for technical analysis.
  • Legal Mandates and Law Enforcement: We may disclose information if required to do so by law or in the good-faith belief that such action is necessary to comply with a legal obligation, protect the safety of any person, or address fraud and security issues.
  • Corporate Transitions: In the event of a merger, acquisition, or sale of assets, your information may be transferred as a business asset. However, the promises in this Privacy Policy will continue to apply to your data in the hands of the successor entity.

7. International Data Transfers and Sovereignty

CityBuzz is headquartered in California, United States. To provide our global Service, your data may be transferred to and processed in countries outside of your residence. We ensure that such transfers are conducted in accordance with applicable data protection laws:

  • Standard Contractual Clauses (SCCs): For users in the EEA and UK, we utilize the European Commission’s approved SCCs to ensure that your data receives a level of protection equivalent to that of your home jurisdiction.
  • Data Sovereignty: We prioritize keeping localized data within its region of origin whenever technically feasible to reduce latency and comply with local storage mandates.
  • EU-U.S. Data Privacy Framework: CityBuzz participates in and complies with the framework established for the secure transfer of data between the European Union and the United States.

8. Data Retention and The "Live" Protocol

We believe in "Data Minimization"—retaining information only as long as it is actively serving the community. Our "Live" Protocol governs the following retention schedules:

  • Public Activity: Threads and posts that have remained inactive (no new replies or claps) for more than 180 days are automatically moved to a "cold storage" archive or permanently purged from our active production database.
  • Account Deletion: Upon your request to delete your account, your profile and content are hidden from the public feed instantly. We initiate a 30-day "Shredding Window" during which identifiers are scrubbed from our systems.
  • Backup Purging: Due to the nature of digital backups, remnants of deleted data may exist in encrypted archives for up to 60 days following the initial shredding window before being completely overwritten.

9. Data Security and Technical Safeguards

We implement a multi-layered security stack to protect your information from unauthorized access, alteration, or destruction:

  • Encryption Protocols: All data is encrypted in transit via Transport Layer Security (TLS 1.3) and at rest utilizing industry-standard AES-256 encryption.
  • Access Controls: We enforce strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for all internal administrative tools. No CityBuzz employee can access your account data without an audited, time-bound internal ticket.
  • Regular Audits: We conduct quarterly vulnerability assessments and annual third-party penetration tests to identify and remediate potential security risks within the Tabania digital ecosystem.

10. Children’s Privacy (Strict 13+ Policy)

CityBuzz is an environment designed for adults and teenagers; it is strictly prohibited for children under 13 years of age. We take this mandate seriously:

  • Proactive Prevention: We utilize age-verification prompts and OS-level "Age Signals" provided by mobile platforms to prevent registration by minors.
  • Immediate Purge: If we become aware that we have inadvertently collected personal data from a child under 13, we will execute an immediate, permanent purge of the account and all associated metadata.
  • Reporting: Parents or guardians who believe a child has created an account can contact us at privacy@citybuzz.app for expedited removal.

11. Your Privacy Rights (CCPA/GDPR/Delete Act)

Regardless of your location, CityBuzz provides you with comprehensive tools to exercise your privacy rights. You have the right to:

  • Access and Portability: Request a copy of all data we hold about you in a machine-readable format via your account settings.
  • Correction: Update or rectify any inaccurate personal information at any time.
  • Deletion: Exercise your "Right to be Forgotten." CityBuzz is a registered participant in the 2026 California Delete Act (DROP) platform, simplifying the process for residents to remove their digital footprint.
  • Non-Discrimination: We will never discriminate against you (through pricing or service levels) for exercising your privacy rights.

12. Cookies and In-App Tracking

To keep CityBuzz fast and secure, we use a minimal "Essential-Only" cookie framework:

  • Functional Cookies: These allow the app to remember your "Home City" selection and keep you logged into your session.
  • Security & Anti-Fraud: We use localized tracking to identify suspicious login patterns or coordinated spam attacks.
  • Analytics: We use de-identified, aggregated analytics to understand feature usage. You can opt-out of non-essential analytics via your device's "App Tracking" or "Privacy" settings.

13. Changes to This Privacy Policy

As the "Buzz" grows, so will our policies. We reserve the right to modify this document to reflect changes in the law or our Service. We will notify you of material changes by:

  • Posting a prominent notice within the "System Thread" in the CityBuzz app.
  • Sending a notification to the email address associated with your account.
  • Updating the "Last Revised" date at the top of this page. We encourage you to review this policy periodically.

14. Contact Information

CityBuzz, Inc. Attn: Data Privacy Officer
1 Tabania Way
Email: privacy@citybuzz.app