OpenCongress NYC is in beta. We'd love your feedback!

Privacy Policy

Last updated: June 20, 2026

OpenCongress (“we”) is committed to protecting your privacy. This policy describes the data we collect, how we use it, and your rights.

1. Data we collect

1.1 Usage data

  • Anonymous session identifier (generated locally, in memory only — no tracking cookie)
  • Pages viewed and actions taken
  • Device and browser type
  • Approximate location (country/region via IP address)

1.2 Account data (if you sign in)

  • Name and email address (via Google OAuth or email sign-up)
  • Google profile photo (if applicable)
  • Preferences (followed council members, notifications)
  • Address and council district (if provided, to find your representative)

1.3 AI conversation data

  • Messages exchanged with the AI assistant
  • Results of tools used by the assistant
  • Usage statistics (token counts, model used)

AI conversations are sent to third-party AI providers (see section 5) to generate responses. These providers do not retain your messages beyond processing the request.

1.4 Payment data

If you subscribe, your payment information is processed directly by Stripe. We never store your card numbers — only your Stripe customer identifier and subscription status.

1.5 Technical data

  • Server logs (anonymized after 90 days)
  • Error reports (via Sentry, anonymized)
  • Session cookies (authentication only — see section 6)

2. How we use data

  • Running the service: authentication, personalization, following representatives, AI assistant
  • Improving the service: anonymous usage analytics (no tracking cookies), bug fixing
  • Communication: daily and weekly email recaps (opt-out in settings)
  • Security: abuse detection and protection

3. Data retention

  • Analytics events: 90 days (raw), aggregates kept indefinitely
  • Account data: kept while the account is active, deleted within 30 days of account deletion
  • AI conversations: kept while the account is active, deleted with the account; conversations inactive for 12+ months may be purged automatically
  • Server logs: 90 days
  • Payment data: kept as required by law (invoices)

4. Data sharing

We do not sell or share your personal data with third parties for commercial purposes. The following technical processors may handle your data:

  • Vercel (USA) — frontend hosting
  • Railway (USA) — backend and database hosting
  • Google (USA) — OAuth authentication
  • Stripe (USA) — payment processing
  • PostHog (USA) — anonymous analytics (no cookies, memory mode only)
  • Resend (USA) — transactional and recap emails
  • Sentry (USA) — error monitoring
  • Anthropic (conversational assistant) and OpenAI (summary generation) — AI providers. Your chat messages are transmitted to generate responses; these providers do not retain your data beyond processing.

5. Your rights

You can:

  • Access a copy of your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a structured format (JSON)

Exercising your rights: You can export your data and delete your account directly from your profile settings. For any other request, contact us at privacy@opencongress.app.

6. Cookies

The Service uses only strictly necessary cookies:

  • NextAuth session cookie — keeps you signed in. Duration: browser session.

No advertising, profiling, or third-party tracking cookies are set. Analytics (PostHog) run in memory mode (no cookies) — data does not persist between browsing sessions.

7. Changes

We may update this policy at any time. Changes are published on this page with a revised update date. For material changes, we will notify you by email or via an in-app notification.

8. Contact

  • Email: privacy@opencongress.app
  • Data controller: Pierre Pariente Dimitrov

You can also review our Terms of Service.