Privacy Policy

Effective date: June 17, 2026

Overview

subCivic (“we”, “us”, “our”) is a congressional accountability tool that helps you track how your elected representatives vote. We collect only what we need to run the service, we do not sell your data, and we do not show you advertising.

This policy explains what information we collect, how we use it, and what rights you have. If you have questions, email us at contact@subcivic.com.

Information We Collect

Account information

When you create an account with email and password, we store your email address. When you sign in with Google, we receive your name, email address, and profile picture from Google. We do not store your password in plaintext — authentication is handled by Supabase, which stores a secure hash.

Preferences you set

  • Your home state (free plan users)
  • Which members of Congress you follow
  • Your subscription plan (free, monthly, or yearly)

Payment information

Payments are processed by Stripe. We never see or store your credit card number, CVV, or full card details. Stripe provides us with a customer ID and subscription status. You can review Stripe’s privacy policy at stripe.com/privacy.

Usage data

We do not run analytics, tracking pixels, or third-party advertising scripts. Our hosting provider (Vercel) may log standard server request data such as IP addresses and request timestamps for infrastructure purposes. These logs are not used to build profiles about you.

How We Use Your Information

  • To create and maintain your account
  • To show you a personalized feed of votes by members you follow
  • To enforce plan limits (home state restriction on the free plan)
  • To process and manage your subscription through Stripe
  • To send transactional emails related to your account or billing (via Supabase Auth — no marketing emails)

We do not use your data to train AI models. Congressional vote data used to generate bill summaries comes entirely from public government sources (Congress.gov) and does not include any personal information.

Third-Party Services

We use the following third-party services to operate subCivic. Each has its own privacy policy.

SupabaseDatabase, authentication, and real-time data

Your account data and preferences are stored on Supabase infrastructure. Supabase is SOC 2 Type II certified.

supabase.com/privacy

StripePayment processing

All billing data is handled by Stripe. We store only your Stripe customer ID and subscription status.

stripe.com/privacy

GoogleOptional sign-in provider

Only used if you choose "Continue with Google." We receive your name, email, and profile picture.

policies.google.com/privacy

VercelHosting and infrastructure

The application runs on Vercel's platform. Standard server logs may be retained by Vercel.

vercel.com/legal/privacy-policy

AnthropicAI bill summaries

Bill text from Congress.gov is sent to Claude to generate plain-language summaries. No user data is included in these requests.

anthropic.com/privacy

Data Retention

  • Your account and preferences are retained as long as your account exists.
  • If you delete your account, your personal data (email, follows, home state) is deleted. Congressional vote records are public data and remain in the database.
  • Billing records are retained by Stripe per their legal obligations.

Your Rights

Regardless of where you live, you can:

  • Access — request a copy of the personal data we hold about you
  • Delete — request deletion of your account and associated personal data
  • Correct — update your email or other account information
  • Cancel — cancel your paid subscription at any time from Settings; access continues until the end of the billing period
  • Portability — request an export of your data

To exercise any of these rights, email contact@subcivic.com. We will respond within 30 days.

Security

We take reasonable technical measures to protect your data. These include:

  • Row Level Security (RLS) on all database tables — users can only access their own data
  • All traffic served over HTTPS
  • Stripe webhook signatures verified on every payment event
  • Subscription plan status is only writable by our server (via Stripe webhook) — not by the client
  • Passwords are never stored in plaintext

No system is perfectly secure. If you discover a vulnerability, please disclose it responsibly by emailing contact@subcivic.com.

Children

subCivic is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will update the effective date at the top of this page. Continued use of subCivic after changes constitutes acceptance of the revised policy.

Contact

Questions about this policy or your data: contact@subcivic.com