MyCapitol Logo
MyCapitol

Privacy Policy

How we collect, use, and protect your data

Effective Date: April 28, 2026 | Version: 1.2

This Privacy Policy should be read in conjunction with our Terms of Service

Our Privacy Commitment

  • ✓ We only store your user ID — no email or name in our database
  • ✓ Your notes are encrypted with AES-256
  • ✓ We never sell your data
  • ✓ You can export or delete your data anytime
  • ✓ No IP address tracking, no browser fingerprinting, and no third-party cookies
  • ✓ A single first-party cookie with a random visitor ID is used only to count unique visitors in aggregate (no personal information)
  • ✓ Signed-in user analytics are anonymous and aggregate — we track which pages and features are popular, not what individual users do. You can opt out anytime.

1. Information We Collect

Anonymous Visitors (No Account)

If you visit MyCapitol without signing in, we collect no personal information. We do not record IP addresses, do not use browser fingerprinting, and do not load third-party analytics or advertising trackers.

We set a single first-party cookie named mycapitol_vid containing a randomly generated visitor ID (a UUID). This cookie:

  • Is used solely to count unique visitors in aggregate (e.g., “5,000 unique visitors this week”)
  • Contains no personal information — just a random identifier we generate
  • Is HttpOnly and SameSite=Lax, so it cannot be read by JavaScript or sent on cross-site requests
  • Is never shared with third parties
  • Expires after 1 year
  • Is not used for advertising, retargeting, or any individual profiling

If you sign up for an account, we link your visitor ID to your account once so we can avoid double-counting you across signed-out and signed-in sessions. The visitor ID is not used for any other purpose.

Registered Users

When you create an account, we store:

  • User ID — A unique identifier from our authentication provider (Clerk). We do not store your email address or name in our database.
  • Bills, representatives, and organizations you follow
  • Notes you create — Encrypted with AES-256 encryption
  • Privacy preferences — Your notification and analytics opt-out settings
  • Feature usage analytics — Anonymous, aggregate data about which features you use (you can opt out)

Authentication Data

Account authentication is handled by Clerk, a third-party authentication provider. Clerk manages your email address, password, and login sessions under their own Privacy Policy. We only receive your unique user ID from Clerk — not your email or password.

AI Interactions

When you use AI features (Billie assistant, bill summaries, semantic search, document generation), your queries are sent to Anthropic's Claude API for processing. Anthropic does not use API inputs to train their models. We do not store your AI conversation history in our database.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the MyCapitol platform
  • Save your followed bills, representatives, and organizations
  • Store and encrypt your personal notes
  • Send notifications about legislative updates you've opted into
  • Understand aggregate platform usage to improve features
  • Detect and prevent abuse of the platform

We will NEVER:

  • Sell your data to third parties
  • Share your data with advertisers
  • Use your data for political targeting or campaigns
  • Share your notes, follows, or activity with other users
  • Build profiles of individual browsing behavior or sessions from the visitor ID cookie
  • Share visitor IDs with any third party

3. Data Storage & Security

Your data is stored in a secure Neo4j graph database hosted by Neo4j Aura (cloud-managed). All connections are encrypted in transit using TLS.

Security measures include:

  • Encryption at rest — Your notes are encrypted with AES-256 before storage
  • Encryption in transit — All data transmitted over HTTPS/TLS
  • CSRF protection — All state-changing operations are protected against cross-site request forgery
  • Input validation — All user inputs are validated and sanitized
  • Parameterized queries — All database queries use parameters to prevent injection attacks
  • Content Security Policy — Strict CSP headers prevent XSS attacks
  • No sensitive logging — We never log passwords, tokens, or personal data

4. Third-Party Services

MyCapitol uses the following third-party services that may process limited data:

  • Clerk — Authentication provider. Manages your login credentials and sessions. See Clerk's Privacy Policy.
  • Anthropic (Claude API) — Powers AI features. Queries are processed but not used for model training. See Anthropic's Privacy Policy.
  • Voyage AI — Generates semantic search embeddings. Text is processed for embedding generation only. See Voyage AI's Privacy Policy.
  • Vercel — Hosts the MyCapitol platform. Standard web server logs may be collected. See Vercel's Privacy Policy.
  • Neo4j Aura — Cloud database provider. Stores application data with encryption at rest.

5. Your Rights

You have the following rights regarding your data, in accordance with GDPR and CCPA:

  • Right to Access — You can view all data we store about you in your privacy settings.
  • Right to Export — You can download all your data (follows, notes, preferences) as a JSON file at any time from your privacy settings.
  • Right to Delete — You can permanently delete all your data from MyCapitol at any time from your privacy settings. Deletion is immediate and irreversible.
  • Right to Opt Out — You can opt out of anonymous usage analytics at any time in your privacy settings.
  • Right to Rectification — You can update your followed content and notes at any time.

To exercise any of these rights, sign in and visit your Privacy Settings, or contact us at support@mycapitol.ai.

6. Data Retention

We retain your data only as long as your account is active. When you delete your data:

  • All follows, notes, and preferences are deleted immediately from our database
  • Encrypted note content is permanently destroyed
  • Aggregate analytics data (which cannot identify you) may be retained
  • Authentication data is managed by Clerk per their retention policies

If we discontinue the service, we will provide at least 60 days' notice and the opportunity to export your data before deletion.

7. Children's Privacy

MyCapitol is designed for civic engagement and is available to users aged 13 and older. We do not knowingly collect personal information from children under 13. Users between 13 and 17 should have parental or guardian permission to create an account.

If you believe a child under 13 has provided personal information to us, please contact us at support@mycapitol.ai and we will promptly delete the information.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Effective Date" at the top of this page
  • Post the revised policy on this page
  • Notify registered users of material changes via email or site notice

We will provide at least 30 days' notice for material changes that affect how we collect, use, or share your data.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: support@mycapitol.ai

Subject Line: Please include "Privacy" or "Data Request"

Response Time: We will respond within 5 business days

MyCapitol is a 501(c)(3) nonprofit organization (EIN: 39-3244027) based in the District of Columbia.