Privacy Policy

We collect three categories of information:

Account information

• Email address and password (passwords are hashed; we never see them in clear text)
• Account creation timestamp and last sign-in time
• For Pro subscribers: the Paddle customer ID and subscription metadata Paddle returns to us (status, period end, cancellation date) — no payment-card details, those stay with Paddle

Information you provide directly

• Your address (or just state and ZIP code), used only to identify your senators and U.S. House representative
• Your answers to the values quiz — support / oppose / unsure / skip on each policy topic
• Your alert subscriptions and watchlists
• Pro waitlist note (if you submit one)

Information collected automatically

• IP address (used for security logging, not associated with quiz answers)
• Browser user agent and basic device info
• Pages you visit on the site (we use first-party logs only — no Google Analytics, no Facebook Pixel, no third-party trackers)

Your information is used only to operate the service:

• Quiz answers and address are used to compute your alignment scores against bills and your representatives. The math is symmetric — the same scoring function runs across both — and the only person who sees your scores is you.
• Alert subscriptions are used to send the alerts you asked for and nothing else.
• Email address is used for transactional messages: account confirmation, password reset, alert delivery, and Pro subscription receipts. We do not send marketing emails unless you opt in.
• Server logs (IP, browser, page) are used for security, debugging, and aggregate site analytics. They are retained for 30 days and then deleted.

We collect anonymous, aggregate usage analytics (page views and funnel steps) using our own first-party system — no third-party trackers, no cookies, no cross-session or cross-site identifiers, and never linked to your identity or your political views. We do not use your data to train AI models. We do not sell, rent, or share your personal information with advertisers or data brokers. We do not use your quiz answers or political views for any purpose other than producing alignment scores you can see.

The service runs on a small set of vendors. Each is contractually bound to use your data only to provide their service:

• Supabase hosts our database and authentication. Your account data and quiz answers are stored there with row-level security policies that prevent cross-account access.
• Vercel hosts the website. Server logs are kept on Vercel infrastructure.
• Paddle processes Pro subscription payments. They handle credit-card data; we never see it. Paddle has their own privacy policy.
• Resend sends transactional email (confirmations, alerts). They process recipient addresses and message content.
• Anthropic provides the AI models that power our bill summaries, race analyses, and head-to-head comparisons. Your quiz answers and the bill or rep being analyzed are sent to Anthropic at request time. Per Anthropic's commercial terms, your data is not used to train their models.

Public source data (Congress.gov bill text, FEC filings, House Clerk + Senate eFD STOCK Act disclosures, news mentions from a curated outlet list) flows into our database from these official upstream sources. None of it is your personal information.

We use a small number of cookies, all first-party and all required for the service to work:

• An authentication session cookie set by Supabase, so you stay signed in
• A CSRF token to prevent cross-site request forgery on form submissions

We do not use advertising cookies, analytics cookies that follow you across sites, or tracking pixels. You will not see a cookie banner because we do not have anything to obtain consent for beyond what's strictly required.

You can do all of the following at any time:

• Access the personal data we hold about you. Email hello@deepsyte.app and we'll send you a portable export within 14 days.
• Correct any inaccurate information. Most account fields (address, alerts, quiz answers) are editable directly in your account settings.
• Delete your account and all associated data. You can request deletion by emailing hello@deepsyte.app. Cascading deletes happen within 7 days of confirmation.
• Object to specific processing or restrict it. We'll comply unless we have a legal obligation to retain it (rare for our use case).

California residents have additional rights under the CCPA. Residents of EU/EEA jurisdictions are covered by GDPR. Both give you the rights above plus a right to non-discrimination for exercising them. We treat all users to the strictest applicable standard.

Your account data is retained as long as your account is active. When you delete your account, all personal information is removed within 7 days, except where we're legally obligated to retain transaction records (Paddle billing data is held for 7 years per US tax law).

Server logs are retained for 30 days. AI analysis caches (bill deep-reads, race deep-reads, head-to-head compares) are tied to your user_id and removed when your account is deleted.

All data in transit is encrypted via TLS 1.2 or higher. Data at rest in Supabase is encrypted via AES-256. Database access is restricted by row-level security — your account can only see your own data. We do not store passwords; we store cryptographic hashes (Argon2id) computed by Supabase.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you within 72 hours of confirming the incident, as required under most data-protection laws.

DeepSyte is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact hello@deepsyte.app and we will delete it.

DeepSyte is a U.S.-focused civic tool — we cover U.S. federal legislation and elections. The service is operated from the United States. If you access the site from outside the U.S., your information will be transferred to and processed in the U.S. By using the service, you consent to this transfer.

When we change this policy materially, we will update the “Last updated” date at the top and notify active users by email at least 7 days before the change takes effect. For non-material changes (typo fixes, clarifications), only the date is updated.

Questions about this policy or your data? Email hello@deepsyte.app. We respond to privacy requests within 14 days, usually faster.