Vol. 2026 · Privacy · Plain-English Edition
PrivacyMost privacy policies are long because the company has a lot to confess. Ours is short because we don’t.
The short versionFive sentences
- We don’t make you sign in, and we never see your name.
- Your ZIP and the identities you pick live in your browser’s storage on your device, not on our server.
- When you search, your ZIP and tags travel to OpenStates, Congress.gov, and our bill cache so they can return matching bills. Our cache only remembers state + keyword, not who asked.
- When you ask the app to draft a letter, the bill excerpt, your tags, and any sentence you wrote about your situation are sent to Anthropic and Google so a model can write back. The draft never lands on our servers.
- The one exception is bill alerts: if you opt in to be notified when a bill moves, we store the minimum we need to send you that one notification. Details in the section below.
The mental modelOn your device. On our server.
Two columns. The left is everything that stays with you. The right is everything that lands on a CivicRadar-controlled server. The asymmetry is the whole point.
- ZIP code
- not stored
- Identity and issue tags
- not stored
- Anything you typed about yourself
- not stored
- Letters and call scripts you drafted
- not stored
-
- A bill cache keyed by state + keyword, no person attached
-
- Per-IP rate-limit counters so bots don’t burn our API budget (auto-expire within minutes)
You can erase what we know in one move: clear this site’s storage in your browser, and we’re back to knowing nothing about you.
Bill alertsThe one thing that does need server storage
If you opt in to be alerted when a specific bill moves, we need a way to reach you. That requires storing the minimum we need per channel:
- Browser push:a salted, peppered hash of the push endpoint your browser gives us. We can’t turn it back into your identity; it’s only a key we use when sending the notification. Stored for 90 days, then deleted.
- Email: the address you typed, plus a confirm-link state. Stored for 365 days from your last opt-in action. You can unsubscribe from every email we send.
Subscriptions are per-bill, never per-profile. We don’t attach your ZIP, identities, or any free-text sentence to a subscription. The two pieces of information stay on separate sides of the wall.
We also keep a short notify-dedup cache (14 days) so a bill that moves three times in a week doesn’t hammer your inbox.
RefusalsThings we won’t do
- Sell your data. We have nothing to sell.
- Run third-party trackers that follow you across the web. No Facebook pixel, no Google Analytics, no Hotjar, no cross-site advertising cookies. We do use Vercel Analytics and Vercel Speed Insights, our hosting provider’s first-party telemetry, to count page views, measure real page-load times, and surface error spikes. Vercel never receives your ZIP, identities, or message drafts; it sees only the URL visited, browser type, and country-level location. Vercel’s analytics privacy policy documents what they collect server-side.
- Hand over your identity selections to anyone, including advocacy organizations whose positions appear in our data. Org positions flow one way: org → CivicRadar → you. Never the reverse.
- Add an account system. Accounts mean stored profiles, stored profiles mean breaches and subpoenas. We aren’t going to build that.
Questions, changesIf something here is wrong
We treat this page as a contract with our readers. If you read the code and find a place where what we do drifts from what we say, that’s a bug. Open an issue on the public GitHub repository and we’ll fix one or the other (probably the code).
When we change this page, we’ll list the change at the top so you can see what shifted. No tracked deletions, no silent edits.