Back to Home

Privacy Policy

Last Modified: January 5, 2026

Introduction

Municipal Labs, LLC ("Municipal Labs," "Company," "we," "us," or "our") respects privacy and is committed to protecting information processed through its platform in accordance with this Privacy Policy.

Municipal Labs provides a web-based software platform, including the Legaside platform, that develops and offers automation, classification, analytics, and data retrieval tools for use by public officials and governmental entities (collectively, the "Platform"). The Platform, together with all related features, functionality, software, and services provided by Municipal Labs, is referred to in this Privacy Policy as the "Services."

This Privacy Policy describes how Municipal Labs collects, receives, uses, stores, secures, and discloses information in connection with the operation of the Platform and the Services.

Please read this Privacy Policy carefully to understand our practices regarding information processed through the Platform. If you do not agree with this Privacy Policy, you must not access or use the Platform or the Services.

Information Processed Through the Services

Municipal Labs collects and receives information in connection with the operation of the Services and related support, security, and administrative activities. Such information consists of (i) Customer Data and (ii) certain operational, account, and usage information generated in connection with use of the Services ("Other Information").

Customer Data

Customers and Authorized Users routinely submit or cause the submission of Customer Data to the Services. Customer Data may include, without limitation:

  • constituent email content processed through the Platform, including email body text and inline images;
  • sender and recipient email addresses, subject lines, message snippets, timestamps, and related email metadata;
  • message identifiers, such as Gmail message IDs and thread IDs;
  • AI-generated classifications and metadata derived from Customer Data at the Customer's direction, including topic categorizations, sentiment indicators, urgency markers, stance, and confidence scores; and
  • workflow-related information reflecting how Authorized Users interact with Customer Data, such as read, archive, reply, assignment, or foldering status.

Other Information

In addition to Customer Data, Municipal Labs collects, generates, and receives certain Other Information:

  • Account and Authentication Information: Authorized User name, official email address, role, and tenant affiliation; authentication credentials and tokens (such as OAuth tokens), stored in encrypted form.
  • Usage and Interaction Information: records of Authorized User interactions with the Services, such as feature usage, classifications performed, workflow actions taken, and administrative changes.
  • Log and Security Information: audit logs relating to authentication events, data access, administrative actions, AI processing operations, and security-related events; network and technical information such as IP addresses, user agent strings, and session identifiers.
  • Support and Communications Information: information provided when communicating with Municipal Labs for support, security inquiries, or operational assistance.

How We Use Your Information

Municipal Labs processes Customer Data solely on behalf of, and in accordance with the instructions of, the applicable Customer. With respect to Customer Data, Municipal Labs acts as a service provider or data processor, and the Customer acts as the data controller.

Customer Data is processed exclusively for the following purposes:

  • to provide, operate, maintain, and support the Services for the Customer's official governmental purposes;
  • to enable Authorized Users to access, organize, classify, analyze, manage, and respond to constituent communications;
  • to authenticate Authorized Users, manage access credentials, enforce role-based access controls, and maintain tenant-level isolation;
  • to ingest, process, store, and retrieve constituent email communications;
  • to generate and store AI-assisted classifications and metadata derived from Customer Data;
  • to record and reflect Authorized User interactions with Customer Data;
  • to maintain system logs and audit trails;
  • to ensure the security, integrity, availability, and reliability of the Services; and
  • to comply with applicable laws, regulations, court orders, subpoenas, or other lawful governmental requests.

AI-Assisted and Automated Processing

Municipal Labs uses automated and artificial intelligence-enabled technologies as part of the Services to assist Customers and Authorized Users with classification, analysis, and drafting workflows.

Data Minimization and Redaction

The Services are designed to apply data minimization and redaction processes to Customer Data prior to AI-assisted processing. As a default matter, AI systems are provided only with redacted versions of email content for purposes of generating classifications, metadata, or drafting assistance. Full, unredacted content remains encrypted at rest within the Services.

Inference-Focused Processing

AI technologies used in the Services are designed primarily to perform inference on individual messages in order to generate classifications, metadata, and drafting assistance. Customer Data is not used to train, fine-tune, or improve proprietary or third-party artificial intelligence or machine learning models.

Human Review and Oversight

AI-generated outputs are assistive in nature only and do not constitute final determinations or official responses. Authorized Users remain solely responsible for reviewing, validating, approving, and determining whether and how to rely on or disseminate any AI-generated output.

Disclosure of Your Information

Municipal Labs may share or disclose Customer Data and Other Information in accordance with a Customer's documented instructions and configurations.

Municipal Labs may disclose information to third-party service providers and subprocessors, which may include:

  • cloud infrastructure and database hosting providers;
  • email service and authentication providers;
  • artificial intelligence service providers used for inference-only processing on redacted content; and
  • security, monitoring, and support service providers.

Municipal Labs does not disclose Customer Data or Other Information for advertising, marketing, data brokerage, or behavioral profiling purposes.

Data Retention

Municipal Labs retains Customer Data solely on behalf of, and in accordance with the documented instructions of, the applicable Customer.

The Customer determines the duration for which Customer Data is retained by controlling (i) the submission of Customer Data to the Services, (ii) the continued use or discontinuation of the Services, and (iii) any instructions provided to Municipal Labs regarding deletion or removal of Customer Data.

Customer Data may be retained in encrypted backups maintained for disaster recovery and business continuity purposes for approximately seven (7) to thirty (30) days before being overwritten or deleted.

Your California Privacy Rights

This section applies solely to individuals who reside in the State of California and describes Municipal Labs' obligations and practices under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA").

Municipal Labs provides the Services exclusively to governmental entities and processes personal information solely on behalf of, and at the direction of, the applicable Customer in its official governmental capacity.

Municipal Labs does not sell personal information and does not share personal information for purposes that constitute a "sale" or "sharing" under the CCPA.

Data Security

Municipal Labs maintains administrative, technical, and organizational measures designed to protect the confidentiality, integrity, and availability of information processed through the Services.

Municipal Labs' security measures include, without limitation:

  • Encryption at Rest and in Transit: Sensitive fields and Customer Data are encrypted at rest using AES-256-GCM with tenant-scoped encryption keys. Data transmitted to and from the Services is protected using industry-standard TLS encryption.
  • Access Controls: Role-based access control (RBAC) is enforced to restrict access to information based on authorized roles.
  • Tenant Isolation: Customer Data is logically isolated at the database level to prevent unauthorized cross-tenant access.
  • Authentication and Session Security: Authentication credentials and OAuth tokens are stored in encrypted form. Sessions are subject to expiration and are invalidated upon logout or account deletion.
  • Audit Logging and Monitoring: Municipal Labs maintains audit logs of authentication events, data access, administrative actions, and AI processing operations.
  • AI Processing Controls: Mandatory redaction of personally identifiable information is applied prior to any AI processing. AI systems receive only redacted content and are used solely for inference, not for training or analytics.

Age Limitations

The Services are intended solely for use by governmental entities and Authorized Users acting in their official capacities. The Services are not directed to, and are not intended for use by, children or minors.

Municipal Labs does not knowingly permit individuals under the age of eighteen (18) to create accounts or access the Services in their personal capacity.

International Data Transfers

Municipal Labs provides the Services using cloud-based infrastructure and third-party service providers that may be located in, or may process information from, multiple jurisdictions.

As a result, Customer Data and Other Information may be transferred to, stored in, or otherwise processed in jurisdictions outside the Customer's state, province, or country, including the United States, solely as necessary to provide, operate, maintain, secure, and support the Services.

Changes to Our Privacy Policy

Municipal Labs may update this Privacy Policy from time to time to reflect changes in applicable laws or regulations, industry standards, or the Services or business practices of Municipal Labs.

Any updates will be posted on this page, and the revised Privacy Policy will indicate the effective date of the most recent update. Continued access to or use of the Services after an updated Privacy Policy becomes effective constitutes acceptance of the revised Privacy Policy.

Contact Information

For questions or concerns regarding this Privacy Policy or Municipal Labs' privacy practices, please contact: support@municipallabs.ai