Last updated: May 14, 2026
Open Council is a community project operated by a number of active volunteer contributors.
1. Data we collect from visitors
All visitors
We run Google Analytics to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected.
Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Google Analytics works and collects information here.
We’ve implemented a tracking code in order to collect demographic information in Google Analytics. You can opt-out of this program anytime by adjusting your Ads Settings. You may also wish to review other available opt-outs.
When you leave a comment
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
When you upload an image
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
When you contact us
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Data from public sources
Personal data of individuals mentioned in public meeting documents (e.g. elected officials, participants, citizens taking the floor), such as names, positions, and opinions expressed. This data is collected from publicly accessible sources (e.g. videos of city council meetings).
2. Data we collect from registered users
On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform.
To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement.
We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services.
We use your email to:
- Notify you about posts and other activity on the websites or services.
- Reset your password and help keep your account secure.
- Contact you in special circumstances related to your account.
- Contact you about legal requests, such as DMCA takedown requests.
We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days.
Cookies
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
3. Processing purposes and legal basis
We use the data for the following purposes, based on the following legal bases:
For the provision of our services
Contacting users upon request
- Legal basis: Our legitimate interest to contact you.
User update
- Legal basis: Consent which you provide to us to subscribe to our newsletter and receive updates about our activities.
Ensuring the security and integrity of the website
- Legal basis: Our legitimate interest to protect our systems from malicious activity.
For example, through server logs, anonymous statistics on the use of various functions.
Processing and publishing data from public sources
- Legal basis: Our legitimate interest to pursue our statutory purpose, which is to promote transparency, accountability and archiving in the public interest.
Fulfillment of legal obligations (e.g. tax authorities)
4. Data Sharing
Traffic analysis
- Google Analytics: Acts as a traffic data processor and is bound by contractual data protection clauses.
Communication
- Amazon SES: Email provider for sending authentication emails and notifications. Resend acts as a processor and is bound by contractual data protection clauses.
Artificial intelligence and search
- Anthropic: We use artificial intelligence services to analyze public meetings. Anthropic acts as a processor and is bound by contractual data protection clauses.
Infrastructure and storage
- DigitalOcean: Media files and data are stored on servers in Toronto, Ontario, Canada. Digital Ocean acts as a processor and is bound by contractual data protection clauses.
Other services
- Google Places API: We use Google Places to auto-populate locations. Google acts as a processor and is bound by contractual data protection clauses.
In case the user submits a request for their Municipality to participate in our platform (on the page opencouncil.ca/petition), we share names and email addresses with the municipalities for which the user requests it, based on our legitimate interest in promoting our platform as well as the user’s own legitimate interest in enhancing transparency in their municipality.
We do not make any other data transfers outside Canada. We do not sell, rent or exchange your personal data with third parties for commercial purposes.
5. Data Security
We take appropriate technical and organizational measures to protect your personal data, such as using encryption (SSL) for data transfer and implementing controlled access policies to our systems.
6. Your Rights
You have the following rights:
- Access to your data.
- Correction of inaccurate data.
- Deletion (“forgetting”) of your data.
- Restriction of processing.
- Data portability.
- Objection to processing (especially when based on legitimate interest).
- Withdraw your consent at any time (when the processing is based on it).
Note: Certain rights (e.g. deletion, objection) may be restricted when the processing concerns data contained in public records and is carried out for public transparency purposes.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
7. Data Retention
We retain your data for specific periods:
- Traffic data (Google Analytics): 12 months (anonymized).
- Server logs (IPs): 30 days.
- Registered user data: For as long as you maintain an active account.
- In case you contact us: We will retain the communication and its metadata for 2 years from the last interaction.
- For your subscription to notifications, we retain your data until you request deletion of your data or withdraw your consent.
- Data contained in public records: They are retained indefinitely, as they serve an archiving purpose in the public interest.
8. Cookie Policy
Our website uses only technically necessary cookies for its basic functionality. According to the legislation (ePrivacy Directive, as incorporated into Greek legislation by Law 3471/2006), your consent is not required for these cookies.
Specifically, we use cookies to:
- Maintaining your connection (Session cookies): If you log in to your account.
- Memorizing preferences (Functional cookies): Such as language selection (e.g. fr/en).
We do not use cookies for analytics, advertising or tracking. You can set your browser to block these cookies, but some parts of the website (such as user login) may stop working.
9. Minors
Our services are not directed at individuals under the age of 18. If we determine that we have collected personal data from a minor without parental consent, we will take steps to delete that information.
10. Automated Decision Making
We do not use automated decision-making or profiling that produces legal or other significant results for you.
11. Contact
For any questions regarding your personal data or to exercise your rights, you can contact our Data Protection Officer (DPO).
We will respond to you within 30 days of receiving your request.
About this policy
We will post any new versions of this statement here. We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the Privacy Policy for the latest contact information at any time.