Open source · Sovereign · Accountable

A grounded, sovereign citizen support agent councils can trust.

CiviQ answers residents only from the council's own published content, runs a policy gate before it engages, cites every answer, refuses rather than guesses, and records every decision on a small local model, with zero data egress.

Get the build Read the manifesto

Runs on a ~3B local model Zero data egress Apache-2.0 222 tests, green eval gate

A governed answer, end to end

Watch one resident question travel the whole accountable pipeline, policy gate, retrieval, refusal checks, citation, audit and come back as an answer you can defend.

CiviQ · resident console (illustration)

ResidentI need to get rid of an old sofa and a mattress.

CiviQ That's a bulky waste collection. You can book one on the council website and choose a collection date. Want me to take you straight to the booking page?

✓ policy: answer ✓ grounded ✓ confidence 0.92

Source: waste & recycling page · updated Mar 2026

audit · sha256 9f3a…c1 · reason: grounded+policy:answer

Ask CiviQ a question…

The category

Not another council chatbot.

The chatbot is a commodity now, anyone can wire a model to a website this year. The value isn't the conversation. It's the accountability, governance, and intelligence layer beneath it: the part that decides whether to answer at all, proves where every word came from, and turns each question into a record you can defend.

That layer is the USP - and it's the part we own.

WHAT'S COMMODITY · WHAT'S THE USP

The problem

Information existing isn't the same as a resident getting helped.

Booking a bulk-waste collection should take less than two minutes. But, it took me twenty to thirty minutes, hunting through PDFs and website pages, second-guessing the whole way, nearly giving up to phone instead. The information existed. Getting a straight, trustworthy answer to it at nine o'clock on a Sunday did not.

The public-sector twist

The requirements here are different from a regular consumer chatbot. A public service has to:

→Be correct, or honestly silent.
→Be accountable for every answer it gives.
→Be accessible to everyone, by default.
→Keep data on the institution's own infrastructure.

None of that comes from just a bigger models.

What holds it up

Six pillars.

◆01

Policy-first accountability gate

A configurable policy runs before CiviQ engages at all answer, refuse, escalate, or hand to human-review and attaches its decision to every response.

◆02

Refusal-first

It answers only when it has supporting content and clears its checks. Refusal correctness is measured, not assumed. Saying "I don't know" is a first-class outcome.

◆03

Glass-box evidence

Every answer ships its sources and policy checks; every decision is hash-chained in a tamper-evident audit.

◆04

Sovereign / zero-egress

Runs on your infrastructure, on a small local model or none at all. No resident data leaves the institution.

◆05

Omni-channel

One governed core behind channel adapters - web, embed, SMS, messaging, voice, each unit-tested against simulated provider payloads.

◆06

Citizen-experience intelligence (CiX)

Every question, and every refusal, becomes signal, a ranked backlog of what to fix, write, and automate next. The assistant is the sensor, the intelligence is the wedge.

How it works

One governed request lifecycle.

Every resident question travels the same accountable path. It isn't a model improvising an answer, it's a sequence of deliberate stages, each one able to stop, refuse, or hand over before anything reaches the resident.

Two gates can halt a request cold rather than let it guess: one before generation, if there's no supporting content, and one after, if the answer can't clear its own checks. Whatever happens, the decision and its reason are recorded.

See the full technical architecture

01

Policy gate gate

your policy decides whether to engage, and how

02

Skills

deterministic answers where appropriate, with provenance

03

Hybrid retrieval

finds relevant passages in your published content

04

Ground-or-refuse gate

stops here unless there is real supporting content

05

Grounded generation

drafts strictly from the retrieved passages

06

Self-check + confidence

challenges its own draft and scores its certainty

07

Refuse gate gate

discards the answer if the check or confidence falls short

08

Accessibility check

verifies the wording is plain and clear

09

Cited answer or named handover

delivers a cited answer, or hands over with context

10

Tamper-evident audit

records the decision and its reason, hash-chained

Accountability

Every answer is evidence. Every decision is a record.

Each response carries its sources, the basis for its confidence, and the policy checks it passed. Each decision is hash-chained with the reason it was made, into a signed, exportable log built for the Ombudsman, IG, and FOI. Not logging as an afterthought -accountability as the architecture.

Hash-chained ledger

#1042 answer · grounded+policy:answer · 9f3a…c1

#1043 refuse · low-confidence · prev 9f3a…c1 → 2b77…e4

#1044 handover · out-of-scope · prev 2b77…e4 → c10d…9a

each entry seals the one before it · break one and the chain breaks visibly

Sovereign & affordable

Your data never leaves the building and the bill doesn't grow with every question.

Because CiviQ runs a small model on your own infrastructure (or no model at all) with zero egress, cost is bound to infrastructure, not metered per query. It stays roughly flat as usage grows — the opposite of cloud-API pricing, which scales with every message. Sovereignty isn't a premium tier here; it's the default.

Detailed sample cost modelling is in the repo for those who want it.

What you don't pay for

One core, every channel

Wherever a resident reaches you, the same governed core answers.

Each channel is a thin adapter, built and unit-tested against simulated provider payloads — ready to wire to a live carrier, not yet running against one. Whichever surface a resident uses, the request meets the same policy, grounding, refusal logic, and audit; the accountable core never changes.

One governed core — not a chatbot bolted onto each surface.

Channel adapters · simulated-payload tested

Web Embed / iframe SMS WhatsApp Telegram Short-code / USSD Voice / IVR

CzX intelligence · the wedge

Every question and every refusal - is a backlog of what to fix next.

A refusal isn't a failure; it's a flag that your content has a gap. CiviQ clusters demand and gaps over its own audit log, scores the citizen experience, and ranks what to write or automate next. The assistant is the sensor; the intelligence is the wedge, where CiviQ stops being a chat surface and starts improving the service itself.

CiX score (illustrative)

B+

grounded · cited · resolved

Top content gaps — ranked from refusals

01Garden waste subscription dates ▮▮▮▮▮
02Blue-badge renewal evidence ▮▮▮▯▯
03Missed-collection reporting window ▮▮▯▯▯

15/15

Answerable

7/7

Correct refusals

3/3

Out-of-scope

0

Confident-wrong

Eval-gate results from the 27-item set, not live traffic. The CiX score and content gaps above are illustrative.

Honest comparison

How it compares.

A fair comparison — other approaches can be configured well; these are their common defaults.
Capability	Typical cloud chatbot	Frontier-LLM cloud	CiviQ
Answers from your content, cited	Sometimes; rarely cited	If retrieval is added; citations optional	Always grounded + cited
Hallucination control	Minimal	Reduced, not eliminated	Refusal-first + self-check
Honest refusal	Rarely	Inconsistent	Core, and measured
Data residency	Vendor cloud	US / vendor cloud	On-prem, zero egress
Running-cost behaviour	Per-seat / per-query	Per-token, scales with use	Infrastructure-bound, flat
Lock-in	High	High	Apache-2.0, portable
Audit trail	Limited	Provider logs	Tamper-evident, signed
Named human handover	Rare	Bolt-on	Built-in, with context
Governed policy before answering	None	None by default	Policy gate runs first

Where the moat could travel

Built for councils. The governed core is what could extend.

CiviQ is built for councils, and government bodies - that's the focus, and where it's getting tested. Because the moat is the governed core (policy, grounding, refusal, audit), the same approach could extend to other public institutions that answer to the same bar. Institution profiles are config-driven, so a new context is configuration rather than a fork, but councils are the only one it's built and proven for today.

◆Built & proven here first

Local government

Waste, council tax, planning, parking, missed collections - the everyday, high-volume questions that flood the contact centre. This is CiviQ's home turf: where the policy gate, grounding, refusal, and audit are built and proven before anything else.

Universities

Admissions, fees, accommodation, visas - high-stakes answers that must come from the prospectus and policy, never guessed.

NHS trusts

Appointments, services, and guidance - where an honest refusal matters more than a confident wrong answer.

Housing providers

Repairs, tenancies, complaints - with a named handover the moment a case needs a person.

Police & public safety

Non-emergency guidance from force content, under strict scope and an up-front policy gate.

Universities, NHS trusts, housing and police are illustrative of where the same approach could be applied, not contexts CiviQ is built or tested for yet.

Honest status

What's built and what's honestly still ahead.

Discovery-stage and open-source - not live-deployed, with no council pilot yet. The eval gate runs green: 15/15 answerable, 7/7 correct refusals, 3/3 out-of-scope, 0 false refusals, 0 confident-wrong, on a 27-item set, not live traffic. Next in our pipeline is to expand the eval pipeline to 1000 and test it, I will keep updating here the true numbers.

Built & verified

✓222 automated tests
✓Green accuracy / refusal eval gate
✓Tamper-evident audit log
✓ GOV.UK design system based control panel
✓One-command install
✓DPIA pack, threat model & cert-readiness map

Still ahead, stated plainly

○A live design-partner council, with real-traffic numbers
○An external WCAG 2.2 AA audit
○A signed DPIA
○Cyber Essentials / penetration test
○A head-to-head small-vs-frontier benchmark

Get started

Run it on your own infrastructure, or talk through a pilot.

CiviQ is open-source and self-hostable, clone it, point it at the council's published content, and it runs on your own infrastructure. Or get in touch to talk through a discovery-stage pilot.

Get the build Connect on LinkedIn

Get involved

It's open source. Help shape it.

CiviQ is Apache-2.0 and open to contribution. If the approach resonates, the simplest first step is to star and watch the repo to follow along - and to tell me where it's wrong.

Star on GitHub Contributing guide

Where help moves it forward

→A council willing to run a discovery-stage pilot
→Contributors on the channel adapters
→An accessibility audit against WCAG 2.2 AA
→Content-ingestion adapters for more sources
→Honest feedback on the approach