Privacy Policy

Last Updated: December 9, 2024

1. Introduction

Welcome to Campaign Finance Manager ("we," "our," or "us"). We are committed to protecting your privacy and the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our campaign finance management platform.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address, phone number)
  • Campaign information (campaign name, candidate details, committee information)
  • Donor and contributor information (names, addresses, occupation, employer, donation amounts)
  • Financial transaction data (contributions, expenditures, pledges)
  • Bank account information (when connecting via Plaid)

2.2 Information We Collect Automatically

  • Usage data (pages visited, features used, time spent)
  • Device information (browser type, IP address, operating system)
  • Log data (access times, error logs)

2.3 Financial Data via Plaid

When you connect your bank account through Plaid, we collect:

  • Bank account and routing numbers
  • Account balances
  • Transaction history (last 24 months)
  • Account holder information

3. How We Use Your Information

We use your information to:

  • Provide and maintain our campaign finance management services
  • Process and track campaign contributions and expenditures
  • Generate FEC and state-level compliance reports
  • Automatically sync and categorize bank transactions
  • Send notifications about filing deadlines and compliance requirements
  • Provide customer support
  • Improve our services and develop new features
  • Detect and prevent fraud or security issues
  • Comply with legal obligations and campaign finance regulations

4. How We Share Your Information

4.1 Public Disclosure

Important: Certain campaign finance information is required by law to be publicly disclosed to the Federal Election Commission (FEC) or state election commissions. This includes:

  • Donor names, addresses, occupations, and employers (for contributions above legal thresholds)
  • Contribution amounts and dates
  • Expenditure information
  • Committee financial summaries

4.2 Service Providers

We share information with trusted service providers:

  • Plaid: Secure bank account connection and transaction data
  • Stripe: Payment processing for donations
  • Twilio: SMS and voice calling services
  • Anthropic: AI-powered features (analytics, predictions)
  • Neon/PostgreSQL: Secure database hosting
  • Railway: Application hosting and infrastructure

4.3 Legal Requirements

We may disclose information when required by law, court order, or government regulation.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted over HTTPS with TLS 1.3
  • Database Encryption: Data encrypted at rest in PostgreSQL
  • Access Tokens: Plaid access tokens encrypted using AES-256-GCM
  • Authentication: NextAuth.js with two-factor authentication (2FA) support
  • Access Controls: Role-based access control (RBAC) and least privilege principles
  • Regular Updates: Automated security patches and dependency updates
  • Monitoring: Continuous security monitoring and audit logging

6. Data Retention

We retain your information as follows:

  • Campaign Finance Records: Retained for 3-7 years per FEC/state requirements
  • Bank Transaction Data: 90-day rolling window for unmatched transactions
  • User Account Data: Retained while account is active
  • Backup Data: 30-day retention period

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Export your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Revoke Consent: Disconnect bank accounts or revoke data access at any time

To exercise these rights, please contact us or use the data deletion request feature in your account settings.

8. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by us (with exceptions)
  • Opt-out of the sale of personal information (we do not sell your information)
  • Non-discrimination for exercising CCPA rights

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we discover we have collected information from a child, we will delete it immediately.

10. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending email notification for significant changes

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@yourdomain.com

Support: support@yourdomain.com

Address: [Your Business Address]

13. Consent

By using our platform, you consent to this Privacy Policy and agree to its terms.

← Back to Home