Skip to main content

Privacy Policy

Last updated: February 2026

Democracy Direct is designed with privacy as a core principle. We minimize data collection and never sell or share your information with third parties.

Information We Do NOT Collect

  • Email addresses: We never store your email address. When you log in, we hash it using SHA-256 and store only the hash. We cannot recover your email from this hash.
  • ZIP code lookups: ZIP code lookups happen entirely in your browser using pre-loaded data. We have no way to know what ZIP codes you've searched.
  • Your location: If you use the "Use my location" feature on the district map, your coordinates are processed entirely in your browser to center the map. They are never sent to our servers.
  • Your letters: When you copy a letter to send to your representative, the content never touches our servers. It goes directly to your clipboard.
  • IP addresses: We do not store or log IP addresses in our own database. Our analytics provider (PostHog) temporarily processes IPs for coarse geolocation only.

Information We DO Collect

  • Email hash (optional): If you create an account, we store a SHA-256 hash of your email for authentication.
  • Templates you create: If you contribute templates, we store the template content and associate it with your account.
  • Anonymous analytics: We collect anonymous usage data (page views, button clicks, general browser/device type, geographic region) to improve the site. We do not include email addresses in analytics, minimizing the ability to link this data to you.

Data Retention

  • Account data retained until you delete your account
  • Templates retained until deleted by you or removed for policy violations
  • Session data expires after 30 days of inactivity

Your Rights

  • Access: View all data associated with your account
  • Delete: Request deletion of your account and all associated data
  • Export: Download your templates and account data
  • Opt out: Use the site without creating an account

Security

We use industry-standard security practices including:

HTTPS encryption
Passwordless authentication
Regular security audits
Minimal data collection

Third-Party Services

We use the following third-party services:

  • Cloudflare: For hosting and DDoS protection
  • Neon: For database hosting (PostgreSQL)
  • PostHog: For anonymous website analytics. We use PostHog to understand how visitors use our site (page views, button clicks, general geographic regions). PostHog receives IP addresses for geolocation. We do not enable session recordings. Email addresses are stored as one-way cryptographic hashes that cannot be reversed, and are never shared with analytics.

We do not use advertising networks or social media trackers. Email addresses are stored only as irreversible cryptographic hashes and are never shared with analytics.

Questions?

For privacy-related questions, open an issue on our GitHub repository. We're committed to transparency and will respond to all inquiries.

Contact Us on GitHub