Privacy Policy

We collect anonymous engagement data tied only to a session token in your browser cookies. We don't ask for your name, phone number, or precise location. We may sell aggregated, district-level insights to researchers, polling firms, and newsrooms — but only with your explicit consent, and only in cohorts of 100+ users.

One exception: if you submit a “Report inaccurate” form on a candidate's page and choose to include your email, we store it alongside the report so we can follow up. Email is optional; the form works without it. See Report inaccurate below.

Manage your data choices anytime at /data-rights.

Tier A — Functional (always on, strictly necessary)

• Session token (anonymous random string, cookie)
• Zip code you enter (cookie, used to find races)
• CSRF protection tokens

Tier B — Analytics (consent_analytics opt-in)

• Page views (which scorecards you view)
• Candidate interactions (saves, full-record views, dwell time)
• Funnel completion (race-picker → carousel → poll → free-text → results)
• Coarse device hints (mobile/desktop, browser family — never version)
• Coarse geo (country and state, derived from IP — IP itself never stored)
• UTM parameters and apex referrer domain (first-touch attribution)
• Multi-session counters (return visit count, days since first visit)

Tier C — Sale of aggregated data (consent_data_sale opt-in)

• All of Tier B, plus your free-text submissions and quick-poll weights
• Aggregated to district level with minimum cohort size of 100
• Sold to vetted buyers (polling firms, academic researchers, newsrooms)

• Your IP address (raw — we derive coarse geo and discard)
• Your user agent (we hash it and store the hash, never the raw string)
• Phone, name, address (we don't ask). Email only via the optional Report Inaccurate form — see below.
• Browser fingerprinting signals (canvas, audio, font enumeration, plugin list)
• Cross-site browsing history (no third-party cookies, no pixel partners)
• Precise geolocation (no GPS, no Geolocation API)

• voter_session — anonymous session token (1 year)
• voter_consent — your consent choices (1 year)
• voter_visitor_id — return-visit detection, only after analytics opt-in (2 years)
• voter_utm — first-touch attribution (90 days)
• voter_zip — your zip code for race lookup (30 days)

All cookies are first-party (set on our domain only) and use SameSite=Lax. We use no third-party cookies, ad-network beacons, or fingerprinting trackers.

Each candidate page has a “Report inaccurate” button. If you spot a wrong stance attribution, an outdated quote, or a fabricated bill citation, you can flag it for manual review.

The form asks for a category (factual error / wrong attribution / outdated / other), a description of what's wrong (required, 20–2000 characters), and optionally your email address.

• Email is optional. The form submits and the report is recorded whether or not you provide one.
• What we do with it: If you provided an email and the report is actionable, we may reach out for follow-up detail or to let you know the outcome.
• What we don't do with it: Never sold, never shared with third parties, never used for marketing or added to any mailing list. Not joined to your voter_session for cross-page tracking.
• Retention: Stored as long as the report stays in the review queue. Resolved/dismissed reports are kept for audit per the consent-log retention policy (24 months) and then purged with the report.
• Right to delete: Use /data-rights or email the maintainer to remove a report you filed.

• Right to know: Download everything we have about you as JSON at /data-rights.
• Right to delete: Purge all data linked to your session at /data-rights.
• Right to opt out of sale: Disable the “Sale of aggregated data” toggle anytime.
• California (CCPA/CPRA): All of the above, plus the “Do Not Sell My Personal Information” control on the data-rights page.
• Colorado, Connecticut, Virginia, Utah: Political opinion data is treated as sensitive — we require opt-in (not opt-out) for sale.

Every commercial buyer of aggregated data signs an agreement forbidding (a) attempted re-identification, (b) resale of our data to third parties, and (c) any use for voter suppression, harassment, or influence operations. Buyers based in countries on US sanctions lists are blocked.

If we materially change what we collect or sell, we will bump the consent version, which re-prompts you the next time you visit. The old consent record is preserved in our audit log for compliance.

Questions or complaints: open an issue on our public GitHub repo, or email the maintainer (link in the repo).