Privacy Policy

We collect minimal data. Specifically:

• Email address — only if you create an account or set up watchlist alerts. Used only to send alerts you requested. Never sold or shared.
• ZIP code — used to look up candidates in your district. Not stored server-side; processed in real time.
• API request logs — IP address, timestamp, endpoint, and response code. Retained for 90 days. Used to enforce rate limits and detect abuse.

We do not use third-party analytics, advertising trackers, or social sharing pixels. We use a session cookie only to keep you logged in if you create an account. No cross-site tracking.

We do not sell, rent, or share your personal data with third parties. API request logs are used solely for platform operations and are not shared with data brokers or advertisers.

Account data is retained until you delete your account. API logs are purged after 90 days. Community submissions are retained indefinitely (even retracted submissions are kept marked but not deleted — this is part of our public accountability model).

You may request deletion of your account and associated personal data at any time. Community submissions attributed to your account can be retracted on request, but remain in the database marked as retracted per our public-record commitment.

Data is stored on a self-hosted server with restricted access. All connections are encrypted via TLS. We follow industry-standard practices for database security and access control.

Questions about this policy? Email privacy@campainintheass.com.