Overview

Overview

This policy explains what we collect, how we use it, and your choices. It applies to ballotscope.com, our features (report cards, alignment quiz, Campaign Central, Explore Leaders), our APIs, and community spaces we manage or link from our site.

We practice data minimization. We do not store full SSNs, and we do not retain full mailing addresses after verification. Ballotscope currently only supports users located in the United States.

Questions? Email privacy@ballotscope.com.

Information We Collect

1. Information you provide

  • Account & profile: name, email, username/handle, preferences.
  • Optional phone for account recovery/alerts.
  • Content: comments, feedback, support messages.
  • Quizzes & badges: your answers and completion data (used to personalize your experience and improve insights).

2. Verification & voter-record matching

Some features (e.g., verified comments, district-specific alerts) require verification. With your explicit consent at sign-up:

  • Open-data states: we use the info you provide (e.g., name, date of birth, and—where allowed—address fragments) to query public/state or trusted third-party datasets to match your voter registration.
  • Closed-data states: if your state doesn’t allow free/open lookup, you may upload a screenshot (e.g., of your voter registration confirmation). We run image analysis to extract only the fields we need, namely, district identifiers, voter ID, and registration status. This helps us to effectively verify that a user exists.

Automatic vs. human review

  • If our automated OCR + matching is high-confidence, we verify immediately and delete the uploaded screenshot right away.
  • If confidence is low, we retain the screenshot temporarily for human review and aim to complete review within 24–72 hours, then delete the screenshot once verification is confirmed or the review concludes.

Address handling. We do not store full mailing addresses after matching. If address fragments are needed to confirm a match, we process them transiently and discard them when the match is complete. We may retain non-address results such as district codes, registration status, and a hashed or tokenized voter ID.

Sensitive IDs. We never store full SSNs or driver’s license numbers. If a jurisdiction requires sensitive fields to match, we either (a) do not support in-product verification for that jurisdiction or (b) process such fields ephemerally and discard them immediately after matching.

3. Usage & device data

  • Events & telemetry: pages viewed, features used, clickstream, approximate geolocation from IP (coarse city/region), referral data.
  • Device info: browser, OS, device type, language, and similar technical metadata.

Used to keep the service reliable, secure, and useful.

4. Cookies & similar technologies

We use cookies or local storage for:

  • Essential: authentication (passwordless sessions), fraud prevention, preferences.
  • Analytics/performance: aggregate usage and performance metrics.

Manage cookies in your browser and (where required) through our banner.

5. Public sources & third-party APIs

We incorporate public and government-provided data to power features, including FEC datasets, Congress.gov information, and applicable state/local election feeds.

How We Use Information

  • Provide and improve Ballotscope features (campaigns, our internal platform, alerts, campaign management).
  • Verification & abuse prevention, including rate-limiting, fraud detection, automated OCR review, and—where needed—human review for closed-data states.
  • Communications you choose:
    • Transactional: passwordless sign-in links, account notices.
    • Monthly newsletter on product and civic updates (sent on signup; you can opt out anytime).
    • Custom newsletters/alerts based on your notification preferences (topics, reps, districts).
  • Personalization: your Explore feed and in-product recommendations may reflect your likes, follows, and interactions with figures, campaigns, and organizations.
  • Research, transparency, and insights: we create aggregated and de-identified reports about civic engagement and public-interest trends (see §Aggregation, De-identification & Insights).
  • Compliance & protection: to enforce our Terms, respond to lawful requests, and maintain safety.

Passwordless Sign-In

We use passwordless authentication (e.g., magic links or one-time codes) to reduce credential risk and simplify sign-in. Keep your email/phone secure and do not share codes. If you suspect unauthorized access, contact support immediately.

Email & site analytics

  • Email analytics: we may analyze aggregate metrics (deliveries, opens, clicks) to understand which topics and campaigns resonate. You can opt out of marketing emails at any time via the unsubscribe link; transactional emails related to your account may still be sent.
  • Website analytics: we collect usage and performance data to improve user experience, reliability, and security. Where required, we honor your consent choices.

Sharing & Disclosures

We do not share personal information with third parties for their own direct marketing. We may share:

  • Service providers (processors): hosting, analytics, OCR, email/SMS, error logging, security—bound by contract to act only on our instructions.
  • Aggregated & de-identified outputs: we may provide or license aggregated, de-identified insights derived from platform activity to qualified partners (e.g., campaigns, representatives, NGOs, researchers, media) to help them understand civic engagement and the issues people care about. We do not include names, emails, phone numbers, or full addresses and take steps to prevent re-identification (see §Aggregation, De-identification & Insights).
  • Community display: content you share publicly (e.g., comments) is visible to others.
  • Legal & safety: to comply with law, protect rights and safety, or respond to lawful requests.
  • Business transfers: if involved in a merger, acquisition, or asset sale, we will provide notice and continue to protect your information consistent with this policy.

Personal information is not sold. We may license aggregated, de-identified insights as described above.

Aggregation, De-identification & Insights

To generate insights (e.g., topic interest by district, engagement trends), we:

  • Remove direct identifiers (name, email, phone).
  • Hash or tokenize residual fields (e.g., voter IDs) and retain district-level or higher granularity.
  • Apply minimum audience thresholds and similar safeguards to reduce re-identification risk.

Recipients are contractually prohibited from attempting re-identification and must protect any insights they receive.

Your Choices & Rights

  • Access / correction / deletion / export: request via privacy@ballotscope.com; we may need to verify your identity.
  • Marketing & alerts: manage preferences or unsubscribe in email footers or settings.
  • Cookie controls: manage in your browser and (where required) via our banner.
  • Do Not Track/US signals: we honor applicable U.S. privacy signals and requirements; state laws vary.

Data Retention

We retain personal information only as long as necessary to provide the service, meet legal obligations, and resolve disputes. Examples:

  • Verification screenshots:
    • High-confidence OCR: verify immediately and delete the screenshot right away.
    • Low-confidence OCR: temporarily retain for human review; our target window is 24–72 hours; delete after verification or once review concludes.
  • Address fragments for matching: processed transiently and discarded once matching is complete.
  • District codes, registration status, and hashed/tokenized voter IDs: retained to support features and audits, where permitted.
  • Logs: ~12 months (shorter where feasible).
  • Backups: ~35–90 days rolling.
  • Inactive accounts: deleted or anonymized after [X] months of inactivity (we’ll publish changes here).

Security

We use administrative, technical, and organizational measures appropriate to the risk (encryption in transit, strict access controls, vendor reviews, least-privilege access). We also conduct regular security testing, including independent penetration testing at least twice per year and additional testing after material infrastructure changes. No system is perfectly secure; if a breach affects your information, we will notify you and regulators as required by law.

Report security issues to security@ballotscope.com.

Why “twice per year” in writing? It’s a strong, sustainable baseline. If you later move to quarterly, great—you’ll exceed the commitment without risking non-compliance.

Children & Teens

Ballotscope is intended for adults (18+). We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information, contact us and we will delete it. We also prohibit any attempt to contact or solicit minors through our community spaces.

U.S. Scope

Ballotscope currently supports users located in the United States. If this changes, we will update this policy.

Cookies & Similar Technologies

  • Essential: login/session, security, preferences.
  • Analytics/performance: aggregate usage, performance, and error diagnostics.

Where required, you can reject non-essential cookies.

Referrers. For standard links we do not strip referrers; browsers typically send the site origin as the referrer (useful for attribution). If you open links in a new tab with rel="noreferrer", the destination will not see referrer information.

Personalization & Automated Decisions

We use rules and models to rank content and personalize experiences (e.g., your Explore feed and recommendations) based on your follows, likes, and interactions. These processes do not make legal, credit, or employment decisions. You can adjust preferences in settings or contact us to learn more.

API, Developers & Campaign Policies

Use of our API/SDKs is subject to the Developer Terms (rate limits, permitted use, attribution, no re-identification). API logs may include IPs and timestamps to prevent abuse.

Campaign-specific policies. From time to time, we may run campaigns or initiatives with additional terms or privacy addenda. When applicable, those will be linked from the campaign page and from this policy:

  • [Link placeholder: Campaign A Privacy Addendum]
  • [Link placeholder: Campaign B Privacy Addendum]

If we materially change how we use your information for a campaign, we will notify you by email and update this policy.

Changes to This Policy

We will post updates with a new Effective date and, for material changes, provide reasonable notice (e.g., in-app banner or email).

Contact

privacy@ballotscope.com

Ballotscope LLC, [Postal Address]