Privacy Policy

Effective: March 17, 2026 · Last updated: March 17, 2026

OpenGov ("we," "us," or "our") operates the legislative intelligence platform at opengov.info. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

As a civic transparency platform, we believe our own operations should reflect the same standard of openness we advocate for in government.

1. Information We Collect

Information you provide

  • Account information: email address, password (hashed with bcrypt)
  • Profile data: zip code, state, congressional district, age bracket, organization name
  • Preferences: tracked issues, watchlisted bills, alert frequency, dashboard layout
  • Billing details: processed by Stripe — we never store card numbers
  • Feedback and support communications

Information collected automatically

  • Pages visited, features used, and interaction patterns (for service improvement)
  • Browser type, operating system, and device type
  • IP address (used for security and congressional district lookup)
  • AI usage metadata: action type and timestamp only — not query text

Information we do NOT collect

  • Advertising or behavioral targeting data
  • Biometric data
  • AI query content after response generation
  • Social Security numbers or government IDs

2. How We Use Your Information

  • Provide and personalize the Service (dashboards, alerts, delegation views)
  • Process payments via Stripe
  • Send alert digests, weekly briefings, and account communications
  • Improve features through aggregate, anonymized analysis
  • Detect fraud, abuse, and unauthorized access
  • Generate district-level and organization-level engagement intelligence (B2B features)

We do not use your information to serve advertisements, sell to third parties, build marketing profiles, or train AI models.

3. Information Sharing

We share information only in these limited circumstances:

  • Service providers: Stripe (payments), SendGrid (email delivery), hosting infrastructure — under strict data processing agreements
  • AI providers: Anthropic processes queries to generate analysis — query content is not retained by the provider after response generation
  • Legal requirements: When required by law, court order, or to protect rights and safety
  • B2B intelligence: Aggregated, anonymized engagement data may be provided to organizational subscribers — never individual-level data without consent

We do not sell personal information to any third party.

4. Cookies & Analytics

We use essential cookies for authentication and session management. We do not use third-party advertising trackers.

We may use privacy-respecting analytics to understand aggregate usage patterns. You can opt out of analytics through your browser settings or by contacting us.

5. Data Retention

  • Account data: Deleted within 30 days of account deletion request
  • Billing records: Retained for 7 years (tax and legal compliance)
  • AI usage metadata: 90 days
  • Behavioral analytics: Anonymized and aggregated — retained indefinitely
  • Alert history: 90 days after delivery

6. Data Security

We protect your data using industry-standard measures including encrypted connections (TLS), hashed passwords (bcrypt), and access controls on databases. No system is perfectly secure, and we cannot guarantee absolute security, but we take reasonable precautions to protect your information.

7. Your Rights

All users may:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your account and associated data
  • Export your data in a machine-readable format
  • Opt out of non-essential communications

California residents (CCPA)

You have the right to know what personal information we collect, request deletion, and not be discriminated against for exercising these rights. We do not sell personal information.

Texas residents (TDPSA)

You have the right to access, correct, delete, and obtain a portable copy of your personal data. You may opt out of the processing of personal data for targeted advertising (we do not engage in this).

EEA residents (GDPR)

You have additional rights including restriction of processing, objection to processing based on legitimate interest, and the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at [email protected]. We respond within 30 days.

8. Children's Privacy

The Service is not directed to children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 14 days before taking effect.

10. Contact

Questions about this Privacy Policy? Contact us at [email protected]