← About

Privacy Policy

Last updated: March 2026

We believe in transparency — both about political money and about how we handle your data. We collect minimal data and never sell it.

What We Collect

Follow the Money collects minimal data:

  • Analytics (Plausible): We use Plausible Analytics, a privacy-respecting analytics tool that does not use cookies and does not collect personal data. We track aggregate page views, referral sources, and custom events (zip lookups, searches, shares) without identifying individual users.
  • Server logs: Our hosting provider (Railway) may collect standard server access logs including IP addresses. These are retained for operational purposes only and are not used for tracking.
  • Zip codes: When you enter a zip code to look up your representatives, this is processed on our server to return results. We do not store individual zip code lookups linked to any user identifier.

User Accounts

If you create an account (via GitHub or Google OAuth), we store:

  • Account information: Your name, email address, and profile image as provided by your OAuth provider (GitHub or Google).
  • Session data: A secure session token stored as an httpOnly cookie to keep you signed in. This cookie is used solely for authentication and is not used for tracking.
  • Bookmarks & saved searches: Any officials you bookmark or searches you save are stored in our database linked to your account.

Account creation is optional. All public features work without an account.

What We Don't Collect

  • No cookies for tracking purposes (auth cookies only)
  • No device fingerprinting
  • No cross-site tracking
  • No data sold to third parties

Public Data

All campaign finance data displayed on Follow the Money is derived from publicly available government records, primarily from the Federal Election Commission (FEC). This data is already in the public domain. We do not collect, store, or display any private financial information.

Third-Party Services

Plausible Analytics

Privacy-first analytics. No cookies, no personal data, GDPR compliant by design. Data is processed in the EU.

Railway (Hosting)

Our application, database, and cache are hosted on Railway. Standard server logs may be retained per their privacy policy.

Your Rights (GDPR/CCPA)

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your data (bookmarks, saved searches)
  • Opt out of data collection

To exercise these rights, please contact us via our GitHub repository. Account deletion requests will be processed within 30 days.

Changes to This Policy

We may update this privacy policy as we add features (such as user accounts in future phases). We will note the date of the last update at the top of this page.

Contact

For privacy-related questions, please reach out via our GitHub repository.