Privacy Policy

• To provide and maintain the service — account access, bill tracking, comments, and supporter attribution.
• To process contributions and send receipts through Stripe.
• To moderate public donor display names (see section 4).
• To respond to support requests and correspondence.
• To protect against fraud, abuse, rate-limit violations, and unauthorized access.
• To comply with legal obligations, subpoenas, or lawful process.

We do not sell, rent, or share your personal information for advertising, marketing, or cross-context behavioral advertising purposes.

We use the following third-party providers to operate Govroll. Each has its own privacy policy governing how it handles data.

• Vercel: website hosting, function execution, CDN, and request logging.
• Supabase: managed Postgres database and authentication (including the Google and GitHub OAuth flows).
• Stripe: payment processing for contributions. Governed by Stripe's privacy policy.
• U.S. Census Bureau geocoding API: converts an address you provide into a state and congressional district. Governed by the Census Bureau's privacy notice.
• Anthropic: primary AI provider. Generates plain-language bill summaries from publicly available bill text, and answers questions asked through the Ask-an-AI feature. For chat, the bill content, the question you typed, and the recent turns in that conversation are sent; your email, account ID, address, and other profile data are not.
• OpenAI: used for two purposes: (1) screening user-submitted text — donor display names, usernames, and comments — via the free /moderations endpoint; and (2) as a secondary chat provider when Anthropic is unavailable. Only the specific text being moderated or the chat inputs described above are sent; no account identifier is attached.
• Resend: sends transactional email — receipts, contact replies, and redacted operational error alerts to site staff. Error alerts do not include addresses, comment text, or account credentials.

We select providers with strong privacy practices and review this list periodically. If we add or remove a material provider, this page will be updated.

We use AI for three narrow, server-side purposes:

• Bill summaries: generating plain-language summaries of public bill text retrieved from congress.gov. No personal information is sent, and summaries are cached so the same bill is not reprocessed.
• Ask-an-AI (bill chat): an authenticated feature that lets you ask questions about a specific bill. When you send a message, we transmit the bill text, your question, and up to the most recent ten turns of that conversation to the AI provider. We do not send your email, your account ID, your address, or any data from other bills. The conversation is saved to your account so you can return to it, and is permanently deleted when you delete your account. To cut cost and latency, we cache responses to first-turn questions keyed by a hash of the question and the bill; a matching cached response may be served to another user who asks the same question on the same bill. The cache entry contains the question text (not who asked it) and expires after 24 hours.
• Content safety: screening user-submitted text — donor display names, usernames, and comments — for slurs, harassment, sexual content, violence, and other policy violations before publishing. Submissions that are flagged are rejected with a generic message and are not stored. A deterministic pre-filter (no AI) runs first to catch obvious issues instantly.

AI-generated bill summaries are for informational purposes only and may contain inaccuracies — always consult the original bill text for authoritative content. We do not allow our providers to use your information to train their models, and we send only the specific piece of text needed for each task — nothing from your profile or from unrelated activity on the site.

If the moderation service is temporarily unavailable, the deterministic deny-list still applies and the content may be posted pending review. Comments determined to violate our guidelines after the fact will be removed.

Account data is retained while your account is active. You can delete your account at any time from your account settings. Deletion permanently removes your profile, display name, comment authorship, and your AI chat conversations. Comments may be retained in anonymized form (author attribution removed) so that surrounding discussion remains coherent; you can request full content removal by contacting us.

Financial records related to contributions — including donor identity on attributed donations — are retained for the period required by U.S. tax and record-keeping law, typically seven years. Server logs are retained for up to 30 days. Cached AI chat responses expire after 24 hours. Your locally-stored address is cleared from your device whenever you clear it or your browser storage.

Govroll is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your personal information.
• Object to or restrict processing of your information.
• Request portability of your data in a machine-readable format.
• Withdraw consent previously granted, where we rely on consent.

To exercise any of these rights, email privacy@govroll.com. We will respond within 30 days. We will not retaliate against you for exercising any of these rights.

We use industry-standard safeguards to protect your data: encrypted connections (HTTPS/TLS) everywhere, managed authentication via Supabase, PCI-compliant payment processing via Stripe, access controls on administrative tooling, and least-privilege service credentials. No system is perfectly secure and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you as required by applicable law.

We may disclose information when we believe, in good faith, that disclosure is required to (a) comply with applicable law, a subpoena, court order, or other lawful process; (b) protect the rights, property, or safety of Govroll, our users, or the public; or (c) investigate, prevent, or respond to suspected fraud, security incidents, or abuse. Where legally permitted, we will attempt to notify affected users before responding to a government request.

We may update this Privacy Policy from time to time. If we make material changes, we will update the date at the top of this page and, when practical, provide a more prominent notice (such as an in-product notification or an email to account holders). Your continued use of Govroll after changes are posted constitutes acceptance of the updated policy.

Questions about this Privacy Policy or our data practices? Email privacy@govroll.com, or reach us through the contact page.