Privacy Policy
Last Updated: January 2026
Overview
Democracy Direct is designed with privacy as a core principle. We minimize data collection and never sell or share your information with third parties.
Data Collection
We collect minimal information to provide our services:
Information We Do NOT Collect
- Email addresses: We never store your email address. When you log in, we hash it using SHA-256 and store only the hash. We cannot recover your email from this hash.
- ZIP code lookups: ZIP code lookups happen entirely in your browser using pre-loaded data. We have no way to know what ZIP codes you've searched.
- Your letters: When you copy a letter to send to your representative, the content never touches our servers. It goes directly to your clipboard.
- Tracking data: We do not use cookies for tracking. We do not use third-party analytics that identify users.
Information We DO Collect
- Email hash (optional): If you create an account, we store a SHA-256 hash of your email for authentication.
- Templates you create: If you contribute templates, we store the template content and associate it with your account.
- Aggregate statistics: We count total page views and template usage, but these are not tied to individual users.
Data Retention
We retain data only as long as necessary to provide our services:
- Account data is retained until you delete your account
- Templates are retained until deleted by you or removed for policy violations
- Session data expires after 30 days of inactivity
Your Rights
You have the right to:
- Access: View all data associated with your account
- Delete: Request deletion of your account and all associated data
- Export: Download your templates and account data
- Opt out: Use the site without creating an account
Security
We use industry-standard security practices including:
- HTTPS encryption for all connections
- Secure password hashing (SHA-256 for email, bcrypt for OTPs)
- Regular security audits
- Minimal data collection to reduce breach impact
Third-Party Services
We use the following third-party services:
- Cloudflare: For hosting and DDoS protection
- Neon: For database hosting (PostgreSQL)
We do not use advertising networks, social media trackers, or analytics platforms that identify individual users.
Contact
For privacy-related questions, open an issue on our GitHub repository .