Legal
This is the privacy policy for BoardVoice itself. Your board is the one that decides what documents to publish; we just host the platform.
BoardVoice is operated by True Anchor LLC ("we," "us," or "our"). This Privacy Policy describes how we collect, use, and disclose personal information when you use the BoardVoice platform, including our website at boardvoice.app and the public meeting sites we host on behalf of governing bodies ("Organizations").
Each Organization using BoardVoice is the data controller for the content it publishes (meeting minutes, board packets, policies, public comments, subscriber lists). BoardVoice acts as the hosting and processing platform. If you have questions about a specific Organization's records or comment policy, contact that Organization directly.
We collect only what the service needs to run: account info for admins, subscription info for residents who sign up for email updates, and comment text for anyone who submits a public comment.
When an Organization administrator creates an account, we collect their name, email address, and authentication credentials provided through Firebase Authentication. We do not store passwords directly; authentication is handled by Google Firebase.
Residents who subscribe to an Organization's email notifications voluntarily provide their name and email address. This information is stored alongside a timestamp and an active/unsubscribed status.
Residents who submit public comments provide their name, optionally an email address, and the text of their comment. Comments are tied to a specific meeting and a specific agenda item where applicable.
Residents who submit a public records (FOIA) request through the Service provide their first and last name, an email address, optionally a phone number, and a description of the records being requested. This information is collected to identify the requester, communicate about the request, and maintain it as part of the public records-request file required by applicable law. It is visible only to administrators of the Organization receiving the request.
When you visit the Service, our hosting provider (Vercel) and our database provider (Firebase) automatically receive standard technical information such as IP address, browser type, operating system, referring page, and pages viewed. This is used for security, abuse prevention, and service reliability.
We use your data to run the service and to send the emails you ask for. We do not sell your data, and we do not use it for advertising.
We use the information described above to:
We do not sell personal information. We do not share personal information with third parties for their own marketing purposes. We do not use behavioral advertising tracking on BoardVoice-hosted pages.
If you submit a public comment and it is approved by the Organization, your name and the text of your comment become part of the public meeting record.
Public bodies using BoardVoice are typically subject to state open meetings and public records laws. Content that an Organization publishes — meeting agendas, approved minutes, board packets, adopted policies, and approved public comments — is visible to anyone who visits that Organization's public site, including via search engines.
When you submit a public comment, you are giving the Organization permission to publish your name and comment text as part of the meeting record if the Organization approves the comment under its comment policy. Do not include information you are not willing to make public (such as Social Security numbers, financial account numbers, or private health information).
Email addresses provided with a public comment are visible only to Organization administrators and are not published, unless the Organization expressly chooses to publish contact information.
We use a small set of well-known vendors to run BoardVoice. Each one only handles the specific data they need to do their job.
BoardVoice relies on the following service providers ("subprocessors") to operate. Each processes data only as needed to provide their service and under their own published privacy terms:
| Provider | Purpose | Data Processed |
|---|---|---|
| Google Firebase | Database, file storage, and authentication | Account info, Organization content, public comments, subscriber lists, public records requests, audit log entries |
| Vercel | Application hosting and serverless functions | Standard server logs, IP addresses |
| Resend | Transactional email delivery | Recipient email addresses, email content |
| Google (Drive API) | Optional document library integration | Drive tokens and document metadata (only if the Organization connects a Drive account) |
We do not share personal information with any other third parties except (a) to comply with a valid legal process, (b) to protect the rights, property, or safety of BoardVoice, our users, or the public, or (c) in connection with a corporate transaction such as a merger or asset sale, in which case we will provide notice before any personal information is transferred.
We use the minimum cookies needed to keep administrators signed in. We don't use advertising cookies or third-party trackers.
BoardVoice uses the following client-side storage:
Administrator state — selected board, screen-lock PIN, UI preferences — is stored in our Firestore database tied to the administrator's account, not in browser storage, so the same selections follow the administrator between work and home computers.
Public pages set no tracking cookies. We do not use Google Analytics or similar behavioral analytics products on BoardVoice-hosted public sites.
We use industry-standard measures to protect information, including HTTPS in transit, encrypted storage at rest through Firebase, role-based access controls, and Firestore security rules that restrict write access to authenticated administrators. Public read access is limited to content that the Organization has chosen to publish.
No online service is completely secure. You are responsible for protecting your account credentials. If you believe your account has been compromised, contact us immediately at connect@boardvoice.app.
We retain information for as long as it is needed to provide the Service or to comply with legal obligations, whichever is longer. Public records that an Organization has published generally remain in place as long as the Organization maintains its account, consistent with public records retention schedules.
Subscribers who unsubscribe are marked inactive; their email address is retained so the system can honor the unsubscribe request. Accounts terminated by an Organization are retained for 90 days and then permanently deleted, during which an administrator may request an export.
You can unsubscribe, request a copy of your data, or ask us to delete it. For published public comments, you will generally need to ask the Organization that published them, because they own the public record.
Subscribers may unsubscribe at any time using the link in any notification email. Administrators may update or remove their account at any time from the admin dashboard or by contacting us.
Depending on where you live, you may have the right to (a) know what personal information we hold about you, (b) request access or a copy, (c) request correction of inaccurate information, (d) request deletion, or (e) object to certain processing. To exercise any of these rights, email connect@boardvoice.app. We will respond within 30 days.
If your request concerns content that was published by an Organization as part of a public meeting record, we will forward the request to the Organization, which is the data controller for that content. Public records laws may limit the Organization's ability to remove approved meeting content once it has been published.
BoardVoice is intended for use by adult Organization administrators and adult members of the public. We do not knowingly collect personal information from children under 13. If you believe a child has submitted information through the Service, please contact us and we will take reasonable steps to remove it.
We may update this Privacy Policy from time to time. For material changes we will provide notice by email to Organization administrators or by a prominent notice within the Service at least 30 days before the change takes effect. The "Effective" date at the top of this page shows when the policy was last updated.
Questions about this Privacy Policy or a privacy-related request can be sent to:
True Anchor LLC
Michigan, USA
connect@boardvoice.app
boardvoice.app