Privacy Policy

1. Who we are

Capitol Commons, LLC ("Capitol Commons," "we," "our," or "us") is a Colorado limited liability company providing a workflow and data platform for civic and political information. Contact us at info@capitolcommons.ai.

2. Scope

This Privacy Policy explains how we collect, use, disclose, and protect information about users of our websites, mobile applications (the "Mobile Apps"), APIs, datasets, and related services (collectively, the "Service"). It applies where we act as a controller (we decide why/how data is processed) and as a processor (we process on behalf of an organization customer) as described below.

a. When you use a personal account or we determine purposes/means of processing, we are a controller.

b. When an organization (e.g., your employer, client, or association) configures a workspace and invites you, we generally act as a processor for that organization's instructions. The organization's own privacy policy and data retention rules may apply.

3. Information we collect

We collect the following categories of information. The specific data we collect depends on how you use the Service and the settings chosen by your organization.

A. Account & contact data. Name, email address, password hashes, organization, role, billing contacts, authentication logs, and—on mobile—the address or ZIP code you provide so we can map you to your legislative district.

B. Payment data. Payment method details and billing information processed by our payment processor(s). We do not store full card numbers. The Mobile Apps currently do not offer in-app purchases or subscriptions.

C. Workspace & content data ("Your Content"). Files, notes, comments, datasets, annotations, tags, configuration metadata, API inputs/outputs, model prompts/responses, and, in the Mobile Apps: bills you follow, support/oppose positions, civic priorities, poll and survey responses, RSVPs, action history, and the text of messages you compose to legislators through the app.

D. Usage & device data. IP address, device/browser type, operating system, app version, settings, identifiers (see Section 3.G below for mobile identifiers), pages and screens viewed, features used, referring/exit pages, timestamps, crash and performance logs, breadcrumbs (with personal information scrubbed), clickstream, and telemetry.

E. Cookies and similar technologies. Cookies, local storage, and similar tools for authentication, preferences, analytics, and fraud prevention (see Section 10). The Mobile Apps use the operating-system Keychain (iOS) / Keystore (Android) and on-device storage in place of browser cookies.

F. Public/third-party data. Public records (e.g., legislation, hearings, campaign filings), licensed datasets, and data from integrated services you connect to the Service.

G. Mobile-app identifiers and telemetry. The Mobile Apps are built using the Capacitor framework, which wraps a web application inside a native iOS or Android container. The identifiers and telemetry described below are produced by the underlying operating system and the SDKs we embed; Capacitor itself does not generate or transmit any device identifier separately. When you use a Mobile App we collect:

We do not request precise device location, the device's microphone (voice search is a future feature and is not currently enabled), or access to your device contacts. We do not present the iOS App Tracking Transparency prompt because we do not track users across other companies' apps or websites (see Section 10).

H. Support communications. Messages, attachments, and metadata when you contact support or participate in research, feedback sessions, or surveys.

We do not intentionally collect sensitive personal information unless you provide it (e.g., civic priorities, political opinions, or support/oppose positions on bills, which you control). Please avoid uploading sensitive data unless necessary and permitted by your policies and applicable law.

4. How we use information (purposes of processing)

We use information to:

a. Provide, secure, and maintain the Service (authentication, fraud prevention, debugging, reliability, and support).

b. Operate organizational workspaces, roles, and permissions; enforce access controls.

c. Process content and generate outputs (summaries, analyses, predictions) that you request.

d. Map you to your legislative district based on the address or ZIP code you provide.

e. Send you push notifications you have opted in to receive (action alerts, hearing reminders, bill updates) using APNs or FCM.

f. Deliver feature flags and remote configuration that controls which features are enabled for your install.

g. Diagnose crashes and measure performance through Sentry and Firebase Crashlytics so we can improve stability.

h. Improve and develop the Service, including analytics, testing, and new features.

i. Communicate with you about the Service, including updates, security notices, and marketing (you may opt out of marketing).

j. Comply with law, enforce terms, and protect rights, safety, and property.

Model/AI improvement. We may use de-identified, aggregated, or synthetic data derived from usage to improve features and quality. If we propose to use Your Content for model training in a way that could reasonably re-identify you or your organization, we will do so only in accordance with workspace settings and/or your organization's agreement, including opt-in where required.

5. Legal bases (EEA/UK/Switzerland)

Where required by law, we rely on the following legal bases: (a) performance of a contract (to provide the Service); (b) legitimate interests (to secure and improve the Service, prevent fraud, personalize experience, and engage in limited direct marketing); (c) consent (for certain cookies/marketing and for push notifications on iOS and Android 13+); and (d) compliance with legal obligations.

6. How we share information

We share information with:

a. Service providers/processors who perform services for us, including cloud hosting, security, payments, customer support, error monitoring (Sentry), product analytics and crash reporting (Google's Firebase), push delivery (Apple Push Notification service on iOS; Firebase Cloud Messaging on Android), and feature-flag delivery. Service providers may only use personal information as instructed and must protect it.

b. Organization administrators and members, consistent with workspace settings and role permissions. Your organization can see your activity within its workspace (bills followed, positions, action-alert engagement, poll responses).

c. Integration partners and APIs you choose to connect.

d. Legal and safety recipients when required by law, to protect rights/safety, or to respond to lawful requests.

e. Business transfers (e.g., merger, acquisition, financing, or sale) subject to standard confidentiality and successor protections.

We do not sell your personal information. The Mobile Apps do not share data with data brokers, and we do not link app data with third-party data for advertising or measurement. We do not share personal information for targeted advertising. If we ever engage in cross-context behavioral advertising, you will have the right to opt out.

7. International transfers

We may transfer, process, and store information in the United States and other countries where we or our providers operate. We use appropriate safeguards for international transfers, such as Standard Contractual Clauses and supplemental measures where required.

8. Data retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Workspace and content data — general rule. Each organization that invites you to a workspace controls how long the data you contribute to that workspace is kept. Organization administrators can configure retention and deletion windows in line with their own policies and any obligations they owe their members. Where we act as a processor for the organization (see Section 2), the organization's retention rules apply to your workspace contributions, including the bills you follow, the positions you take, and the messages you send to legislators through the Mobile App.

Workspace and content data — mobile-specific behaviors.

Mobile telemetry. Crash and performance data is retained by Sentry and Firebase Crashlytics in accordance with their retention defaults (typically 90 days for crash detail, longer for aggregated metrics). Push tokens issued by APNs (iOS) or FCM (Android) are deleted within thirty (30) days of account deletion or when your device unregisters from notifications. Feature-flag client identifiers (Firebase Remote Config / LaunchDarkly) are retained while you have the app installed and are released when you uninstall.

Certain telemetry, audit logs, and derived/aggregated datasets may be retained for security, compliance, and analytics. We publish or provide a retention schedule upon request.

9. Security

We maintain administrative, technical, and physical safeguards appropriate to our size and the nature of the data, including TLS 1.2+ encryption in transit, encryption at rest for production data, access controls, and vulnerability management. No system is perfectly secure; you are responsible for securing your credentials, endpoints, and workspace configuration.

10. Cookies, SDKs, and similar technologies

On our websites we use cookies, local storage, pixels, and SDKs for:

a. Strictly necessary (authentication, load balancing, security);

b. Preferences (remember settings);

c. Analytics (feature usage, performance, diagnostics);

d. Functional (improving features and reliability).

You can control cookies through browser settings and, where required, through our consent manager. Disabling certain cookies may affect functionality.

Mobile SDKs and services. Our Mobile Apps include the following SDKs and services, which receive limited categories of data as described:

a. Firebase Analytics (Google LLC) — first-party in-app analytics (screen views, taps, retention, funnels). Receives device identifiers (IDFV / install ID), a Capitol Commons user ID, and usage events. Not used for advertising; we do not link to AdMob or any ads SDK.

b. Firebase Crashlytics (Google LLC) — crash reporting and stability monitoring. Receives crash diagnostics, device model, OS, app version.

c. Firebase Cloud Messaging (Google LLC, Android only) — Android push notification delivery. Receives push token and message-delivery telemetry.

d. Apple Push Notification service (Apple Inc., iOS only) — iOS push notification delivery. Receives APNs device token and message-delivery telemetry.

e. Firebase Remote Config / LaunchDarkly (Google LLC / Catamorphic Co.) — server-controlled feature flags and remote configuration. Receives app version, an install or client identifier, and (for LaunchDarkly) a hashed Capitol Commons user ID used solely to deliver consistent feature rollouts. No advertising use.

f. Sentry (Functional Software, Inc.) — crash and error reporting. Receives diagnostics, device model, OS, app version, and breadcrumbs from which personal information is scrubbed.

g. StoreKit (Apple Inc., iOS) — App Store receipt validation. No in-app purchases currently.

h. Capacitor runtime (Ionic / open-source) — cross-platform web-to-native bridge. No data leaves the device through Capacitor itself.

We do not present the iOS App Tracking Transparency prompt because we do not track users for cross-app/cross-website advertising or measurement and do not share data with data brokers.

11. Your rights and choices

Your rights depend on your jurisdiction and whether we act as a controller or processor. Where we process on behalf of an organization, we will direct you to that organization to exercise your rights.

A. U.S. state rights (including Colorado, California, Connecticut, Virginia, Utah):

a. Confirm whether we process your personal information and access it.

b. Correct inaccuracies.

c. Delete personal information.

d. Obtain a portable copy (data portability).

e. Opt out of targeted advertising, sales, and certain profiling.

f. Appeal a rights request decision.

To exercise rights, contact us at info@capitolcommons.ai and indicate your state of residence.

B. EEA/UK/Swiss rights: Access, rectification, erasure, restriction, portability, and objection. Where processing is based on consent, you may withdraw consent at any time without affecting prior processing.

We may verify your identity before fulfilling requests and deny requests as permitted by law (e.g., where disclosure would affect others' rights or trade secrets).

Account deletion. You can delete your account at any time from inside the Mobile Apps (Profile → Privacy & Data → Delete Account) or on the web at capitolcommons.ai/account/delete. We confirm completion by email. Legal holds and aggregated/de-identified analytics may persist after deletion.

Push notifications. You can opt out of push notifications at any time from your device's system settings or from Profile → Notification Preferences in the app.

12. Children

The Service is not directed to children under 13 (or the age required by your jurisdiction; in jurisdictions that require it absent verifiable parental consent, the minimum age is 16). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us at info@capitolcommons.ai to request deletion. Inviting organizations are responsible for confirming participant ages in any youth program they operate.

13. Organization administration and user responsibilities

Organization administrators manage members, roles, and data sharing, including public/private workspace settings, integrations, and retention. Users should avoid uploading sensitive personal information unless necessary and authorized.

14. De-identified and aggregated information

We may create and use de-identified and aggregated information for analytics, research, and improving the Service. We implement technical and organizational measures to maintain de-identification and will not attempt to re-identify individuals except to test and confirm de-identification effectiveness.

15. Third-party links, sites, and services

The Service may link to third-party sites, services, or datasets. Their privacy practices are governed by their own policies. Review those policies before engaging.

16. Changes to this Policy

We may update this Policy from time to time. If changes are material, we will provide reasonable notice (e.g., by email or in-product). Your continued use after the effective date constitutes acceptance of the updated Policy.

17. How to contact us

Questions or requests? Email info@capitolcommons.ai. If you reside in the EEA/UK/Switzerland, you may also lodge a complaint with your supervisory authority.

18. Supplemental disclosures for U.S. state laws

This section provides disclosures required by certain U.S. state privacy laws (e.g., Colorado Privacy Act and California Consumer Privacy Act/CPRA).

a. Categories of personal information collected: Identifiers (name, email, address/ZIP, IP, IDFV/install ID, push tokens, hashed user ID for feature flags), commercial information (subscription tier), internet/usage data (logs, analytics, screen views, search queries), geolocation (district-level, derived from your address/ZIP — not precise device location), professional information (organization, role), characteristics that may be protected (civic priorities, political opinions where you voluntarily provide them), inferences (feature engagement). We do not knowingly collect other sensitive personal information unless you provide it.

b. Sources: You, your organization, your devices, public records, service providers, and integration partners.

c. Purposes: As listed in Section 4.

d. Disclosures for business purposes (past 12 months): Shared with service providers for hosting, security, analytics (Firebase), crash reporting (Sentry, Firebase Crashlytics), payments, push delivery (APNs, FCM), feature flags (Firebase Remote Config / LaunchDarkly), and support. No sale of personal information. No sharing for cross-context behavioral advertising.

e. Retention: See Section 8 and our retention schedule.

f. Rights & appeals: See Section 11.

g. Non-discrimination: We will not discriminate against you for exercising your rights.

19. Data processing addendum (DPA)

For organization customers, our DPA (including Standard Contractual Clauses, as applicable) governs processing where we act as a processor. To request a signed DPA, contact info@capitolcommons.ai.

20. Subprocessors

We use third-party subprocessors to deliver the Service, including (without limitation): Amazon Web Services (cloud hosting), Google LLC (Firebase Analytics, Crashlytics, Cloud Messaging, Remote Config), Apple Inc. (APNs), Functional Software, Inc. (Sentry), Catamorphic Co. (LaunchDarkly, where used), and Stripe (payments on the web platform). A current list of subprocessors is available at capitolcommons.ai/subprocessors, and we will provide notice of material changes in accordance with customer agreements.