Skip to main content

Privacy Policy

Effective Date: March 1, 2026 · Last Updated: March 26, 2026

1. What Data We Collect

We collect the following categories of information:

Account Data

  • Email address and name (provided during registration)
  • Hashed password (we never store plaintext passwords)

Profile Data

  • Location information (city, state, ZIP code, congressional district)
  • Topics of interest (e.g., healthcare, education, environment)
  • Demographic information you voluntarily provide

Usage Data

  • Saved and bookmarked bills
  • Search history within the platform
  • Notification preferences and settings
  • Dashboard filter preferences

Authentication Data

  • Session cookies for maintaining your login state

2. How We Use Your Data

  • Personalization: Match bills and government actions to your interests, location, and representatives
  • Impact Analysis: Generate AI-powered analyses of how government actions may affect you specifically
  • Notifications: Send you alerts about government actions relevant to your tracked topics
  • Service Improvement: Understand usage patterns to improve features and user experience
  • Account Management: Authenticate your identity and manage your account

3. We Never Sell Your Data

We will NEVER sell, rent, or share your personal data with third parties for marketing or commercial purposes.

Your data exists solely to power your personalized CivicRadar experience. We do not run ads. We do not build advertising profiles. We do not share your information with data brokers. Period.

4. Politically Sensitive Data

We understand that your political interests and civic engagement preferences are sensitive. This data is used solely to personalize your CivicRadar experience and is never shared externally. We do not infer or store your political affiliation, voting history, or partisan preferences. Your tracked topics and saved bills are visible only to you.

5. Data Storage & Security

  • Database: Data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) ensuring users can only access their own data
  • Encryption in Transit: All data is transmitted over HTTPS/TLS
  • Encryption at Rest: Database storage is encrypted at rest
  • Hosting: The Service is hosted in the United States via Vercel and Supabase
  • Access Control: Only essential service components can access user data, and all access is logged

6. Data Retention

We retain your account data and profile information for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymized, aggregated usage statistics may be retained indefinitely for service improvement purposes. Search history is automatically pruned after 90 days.

7. Your Rights

You have the right to:

  • View your data: Access all personal information we store about you through the Settings page
  • Export your data: Download your data in a portable format
  • Delete your data: Delete your account and all associated data through the Settings page
  • Correct your data: Update inaccurate information through your profile settings
  • Opt out of notifications: Manage or disable all notifications through the Settings page

8. Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Your theme preference is stored in localStorage (not a cookie), and dashboard filter preferences are stored in the database.

For more details, see our Cookie Policy.

9. Third-Party Services

We use the following third-party services:

  • Supabase: Authentication and database hosting. Subject to Supabase Privacy Policy
  • Vercel: Application hosting and deployment. Subject to Vercel Privacy Policy
  • Anthropic (Claude AI): AI-generated summaries and impact analysis. Only bill text and anonymized profile data (state, topics) are sent — no personally identifiable information. Subject to Anthropic Privacy Policy
  • Stripe: Payment processing (coming soon). No payment data is stored on our servers

10. Children's Privacy

CivicRadar is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the “Last Updated” date at the top of this page and, for significant changes, by providing notice through the Service.

12. Contact Information

If you have questions about this Privacy Policy or your personal data, contact us at civicradar.io@gmail.com.