Privacy policy

RAQEB is built on the principle that transparency requires accountability. This privacy policy describes — in plain language — what data SmartGov Société Civile collects through this website and the RAQEB platform, why, how it is used, how long it is kept, and what rights you have over it. Where the policy commits to a behavior, the commitment is real; where the policy describes a limitation, the limitation is stated honestly. This page is updated when our practices change, and the change is logged.

1. Who we are

This website and the RAQEB platform are operated by SmartGov Société Civile, a Lebanese civil-society organization registered in Lebanon. SmartGov can be reached at contact@smartgov.tech or via the contact details on www.smartgov.tech.

For the purposes of data-protection law, SmartGov acts as the data controller for personal data collected through this website and through the application process described at /apply. Where adopting organizations operate their own RAQEB deployments, those organizations are the data controllers for the data their deployments collect and process.

2. What this policy covers

This policy covers:

• Personal data collected through this website (raqeb.org and related subdomains)
• Personal data submitted through the deployment application form at /apply
• Personal data shared with us through email, contact forms, or other communication channels
• Cookies and similar technologies used on this website
• Data shared with us by adopting organizations during the licensing and onboarding process

This policy does not cover

• Personal data processed by individual RAQEB deployments operated by adopting organizations — each deployment publishes its own policy
• Personal data on third-party platforms we link to (e.g., Meta, X, partner websites) — those platforms have their own policies

3. What we collect

Information you give us directly

• Deployment application data (organization name, applicant name and role, email, phone, country, organizational details, governance information, funding sources, declarations, and other content submitted through the form at /apply)
• Correspondence content (the text and attachments of emails or messages you send us)
• Demonstration or briefing request data (name, organization, role, contact details, and the context of your interest)
• Subscription data, if you opt in to communications (email address and the specific list you joined)

Information collected automatically when you visit

• Server logs: IP address, browser type and version, operating system, referring page, pages visited, and timestamps. These are standard web server logs and are retained as described in the retention section.
• Cookie data: see the cookies section below.
• Aggregated analytics: anonymized usage patterns (pages viewed, time on page, navigation flow). We use privacy-respecting analytics that do not build individual user profiles. Where we use analytics, the provider and the data shared with that provider are listed in the cookies section.

Information we do not collect

• We do not require account creation to read this website
• We do not collect biometric data
• We do not collect data about your political opinions, religious beliefs, health, or other sensitive categories unless you choose to include them in correspondence with us
• We do not track you across other websites

4. How we use your data

We use personal data only for the purposes listed below. We do not sell personal data, we do not share it with advertisers, and we do not use it for commercial profiling.

• To review and respond to deployment applications submitted at /apply
• To communicate with you about applications, demonstrations, partnerships, methodology questions, or corrections
• To send communications you have opted in to receive
• To operate, maintain, and improve this website and the application infrastructure
• To detect, prevent, and respond to security incidents, abuse, or misuse of the application form
• To meet legal, regulatory, and donor-reporting obligations applicable to SmartGov
• To produce aggregated, non-identifying statistics about how the website is used

Where the legal basis for processing is consent (e.g., subscription to communications), you can withdraw consent at any time. Where the basis is legitimate interest (e.g., responding to an unsolicited inquiry), we balance our interest against your rights and document the assessment.

5. The application form at /apply

Because the deployment application collects substantial organizational and personal information, it deserves its own section.

What the application collects

The application collects information about the applying organization (legal name, governance, funding sources, past work, declarations), the electoral context for the proposed deployment, the application team (names, roles, contact details), and the applicant's organizational and personal credentials. The form is structured intentionally as a vetting application, not a marketing intake — see /license for why this depth is necessary.

How it is reviewed

• Applications are reviewed by SmartGov staff against the eligibility criteria published at /license
• Access to applications within SmartGov is limited to staff and reviewers with a legitimate role in evaluating the application
• Where a senior reviewer or editorial board input is needed, the application may be shared with additional reviewers under the same access discipline
• Notes, comments, and decisions associated with an application are stored alongside the application

What we do with declined applications

• Declined applications are retained for the retention period described below
• They are not shared with third parties
• They do not affect the applying organization's ability to apply again for a future cycle

What we do with approved applications

• Approved applications inform the configuration of the deployment and the onboarding plan
• They are referenced during the deployment as part of the license record
• They remain confidential except where the adopting organization consents to public reference (e.g., a public announcement that a named organization has been approved)

6. Cookies and similar technologies

This website uses a limited number of cookies. We aim to minimize the use of cookies to what is necessary or what materially improves your experience.

Strictly necessary cookies

These cookies are required for the website to function. They include session cookies for the application form (so your progress is saved between steps) and basic security cookies. They cannot be disabled.

Analytics cookies

We use a privacy-respecting analytics provider that does not build individual user profiles, does not use third-party cookies, and does not track visitors across other websites. We collect aggregated, non-identifying usage data (pages viewed, time on page, navigation flow) to understand how this site is used. The specific provider is documented in our cookies list and is available on request.

No advertising cookies

We do not use cookies for advertising, retargeting, or third-party marketing.

Cookie controls

You can manage cookies through your browser settings. Most browsers allow you to block or delete cookies; doing so may affect the function of the application form (in particular, the ability to save your progress).

7. How long we keep data

Application data

• Submitted applications are retained for 3 years from submission
• Approved-application records are retained for the duration of the deployment plus 3 years after the deployment ends, for accountability and audit purposes
• Declined-application records are retained for 2 years from the decision, in case of re-application

Correspondence

• Email and message threads are retained as needed for the matter they concern, then archived under SmartGov's records-retention policy
• Communications about an active deployment are retained for the duration of the deployment plus the same post-deployment period as approved applications

Server logs and aggregated analytics

• Standard server logs are retained for 90 days for security and operational purposes
• Aggregated, non-identifying analytics are retained for up to 24 months for institutional learning

Subscription data

• Subscription data is retained until you unsubscribe, plus a 30-day grace period afterward to confirm the unsubscribe took effect

Specific retention periods may be adjusted to comply with donor-reporting obligations or applicable laws. Where the retention period exceeds what is described here, the reason is documented.

8. Who we share data with

We share personal data only as described below. We do not sell personal data and do not share it for commercial purposes.

Within SmartGov

Data is accessible to SmartGov staff and reviewers with a legitimate role in operating this website, reviewing applications, supporting deployments, or fulfilling SmartGov's organizational obligations. Access is restricted by role.

Service providers (processors)

We use a small number of third-party service providers — for hosting, email delivery, form processing, and similar operational needs. These providers act as data processors, are bound by contractual confidentiality obligations, and may only process data on our instructions and for the purposes described in this policy. The current list of categories of providers is below; specific provider names are available on request.

• Web hosting and infrastructure
• Email delivery
• Form processing and storage
• Privacy-respecting analytics
• Backup and disaster recovery

Donors and funders

SmartGov reports to its donors (including CIVICUS via the Digital Democracy Initiative, and EU-derived funders) under grant agreements that may require reporting on activities and outcomes. Where reporting includes any personal data, that data is provided in aggregate, non-identifying form unless individual identification is specifically required by the grant agreement and the individual concerned has been informed.

Adopting organizations

Where you contact us in a capacity related to a specific adopting organization or its deployment, your contact information may be shared with that organization to facilitate the matter — for example, a correction request about a finding published by a specific deployment will typically be routed to the deployment's correction channel.

Legal obligations

We may disclose data if required by law, court order, or regulatory authority with jurisdiction over SmartGov. Where legally permissible, we will inform you before disclosure.

What we will not do

• We will not share applicant data with political parties, candidates, or campaigns
• We will not share data with media for marketing purposes
• We will not share data with the public without consent
• We will not share data with foreign governments outside of formal legal channels with jurisdiction over SmartGov

9. International transfers

SmartGov is based in Lebanon. Some of our service providers are based in other countries. Where personal data is transferred outside the country of origin of the data subject:

• We use providers that offer adequate data-protection safeguards
• We rely on standard contractual clauses or equivalent legal mechanisms where required
• We minimize the data transferred to what is necessary for the service

If you have specific questions about a transfer relevant to your data, contact us at the address in the Contact section.

10. Your rights

Depending on your country of residence, you may have specific legal rights over your personal data. SmartGov respects the following rights for all users, regardless of jurisdiction, to the extent reasonably possible:

• Access — request a copy of the personal data we hold about you
• Correction — request that we correct inaccurate or incomplete data
• Deletion — request that we delete personal data we hold about you, subject to legal retention obligations
• Objection — object to processing based on legitimate interest
• Withdrawal of consent — for processing based on consent, withdraw consent at any time
• Portability — receive your data in a portable format where technically feasible
• Complaint — lodge a complaint with a relevant data-protection authority

To exercise any of these rights, contact us at privacy@raqebinitiative.org. We will respond within 30 days. Where a request involves data relevant to an active deployment application or a published finding, we will explain how the request will be handled and any limitations.

11. Sensitive contexts

Citizen and observer submissions to deployments

If you submit a report or evidence to a specific RAQEB deployment, the privacy of your submission is governed by that deployment's policy. SmartGov does not directly handle submissions to deployments. If a submission is escalated to SmartGov for methodology consultation, your identifying information is redacted before review unless you explicitly request otherwise.

Source protection

If you contact us as a source or whistleblower regarding electoral misconduct, contact us through a secure channel (described at /contact). We will not identify you in any public material without your explicit consent.

Journalists and researchers

We welcome contact from journalists and researchers studying RAQEB or its methodology. Your contact information will be used only for the matter you raise and any agreed follow-up.

Sensitive personal data in correspondence

If you choose to share sensitive personal data with us (about yourself or others) — political views, religious beliefs, health, sexual orientation, etc. — we will handle it with the discretion that subject warrants, store it only as long as needed for the matter, and not share it beyond what is necessary.

12. Security

We take reasonable technical and organizational measures to protect personal data, including:

• Encryption in transit (HTTPS) for this website and the application form
• Access controls limiting who can view applications and correspondence
• Logging of access to sensitive records for audit purposes
• Regular review of security practices and provider arrangements
• Staff training on data-handling responsibilities

No system is fully secure. If a data breach occurs that affects your personal data, we will notify you and the relevant authorities as required by law, with a description of what happened, what data was affected, and what we are doing about it.

13. Children

RAQEB is not directed at children, and the application process is for organizations, not individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected such data, contact us and we will delete it.

14. Changes to this policy

This policy will change as our practices evolve, as the legal and donor environment changes, and as we learn from operating the platform. When it changes:

• The "Last updated" date at the top will be revised
• Material changes will be summarized in a brief change log at the bottom of this page
• Where the change affects active applications or deployments, we will notify affected parties directly

We do not silently edit this policy.

15. Contact

For any privacy-related question, request, or complaint:

• Privacy contact: privacy@raqebinitiative.org
• SmartGov general contact: contact@smartgov.tech
• Postal: Palace of Justice Street, Saray 3106 Building, Floor 4, Tripoli, Lebanon

Data-protection authorities

Depending on your country, you may also contact your national data-protection authority if you are not satisfied with our response to a request or complaint. We will provide information about the relevant authority if asked.