5.1 Political Opinion Privacy Controls

Default Privacy: All political opinions are private by default. Your “I Support” or “I Oppose” stances and issue priority rankings are never shared with third parties without your explicit permission.

Optional Public Sharing: We are developing features that will allow you to make your political opinions public if you choose. This will include:

• Explicit Opt-In: Clear confirmation that you want to make specific opinions public
• Granular Control: Choose which opinions to make public and which to keep private
• Easy Reversal: Change your mind and make public opinions private again at any time
• Clear Consequences: Full explanation of what making opinions public means

Anonymous Participation: While we require identity verification for account creation, your participation in our platform can remain functionally anonymous:

• Your real name is not displayed to other users
• Your opinions are aggregated anonymously into public statistics
• You can use a username or display name of your choice
• Other users cannot see your individual political positions

5.2 Data Access and Control Rights

Account Access:

• View all personal information we store about you
• Download a copy of your political opinions and account data
• Review your identity verification status and information
• Access your complete account activity history

Data Correction:

• Update your political opinions and issue priorities at any time
• Correct errors in your account information
• Modify your communication preferences
• Update contact information (subject to re-verification for address changes)

Data Deletion:

Complete Account Deletion: Visit [your-account-deletion-url] to permanently delete your account.

What Gets Deleted:

• All political opinions and issue rankings
• Personal account information in our database
• Identity verification data from Stripe's servers
• Communication history and preferences

What Remains:

• Anonymous aggregated statistics (no personal identification possible)
• Legal compliance records as required by law
• General usage analytics (no personal information)

Data Portability:

• Export your political opinions in a structured format
• Receive a comprehensive report of all data we store about you
• Transfer your opinion history to other platforms (if compatible services exist)

5.3 Communication Preferences

Email Communications:

• Opt out of non-essential email communications
• Choose specific types of updates you want to receive
• Unsubscribe from all communications except critical account notifications
• Set frequency preferences for different types of messages

Marketing and Fundraising:

• Opt out of all fundraising communications
• Choose to receive only major campaign updates
• Specify donation acknowledgment preferences
• Control inclusion in donor recognition materials

6.1 Technical Security Measures

Data Encryption :

• In Transit: All data transmitted using TLS 1.3 encryption
• At Rest: Database encryption using AES-256 standards
• Identity Data: Secured by Stripe’s enterprise-grade encryption
• Backup Systems: All backups encrypted with separate keys

Access Controls :

• Multi-Factor Authentication: Required for all administrative access
• Role-Based Permissions: Staff access limited to job requirements only
• Identity Verification Data: Accessible only to [CEO/founder name] and select senior staff
• Regular Access Reviews: Quarterly review of all system access permissions

Infrastructure Security :

• Cloud Security: Hosting on enterprise-grade cloud platforms with SOC 2 compliance
• Network Protection: Firewalls, intrusion detection, and DDoS protection
• Regular Updates: Automated security patches and updates
• Vulnerability Scanning: Regular security assessments and penetration testing

6.2 Organizational Security Measures

Staff Training :

• Comprehensive privacy and security training for all employees
• Regular updates on best practices and emerging threats
• Specific training on handling sensitive political opinion data
• Non-disclosure agreements for all staff and contractors

Physical Security :

• Secure office facilities with restricted access
• Locked storage for any physical documents
• Clean desk policies and secure disposal of sensitive materials
• Remote work security protocols and requirements

Incident Response :

• Breach Detection: 24/7 monitoring for security incidents
• Response Team: Dedicated team for security incident management
• User Notification: Commitment to notify affected users within 72 hours
• Regulatory Reporting: Compliance with all applicable breach notification laws

6.3 Third-Party Security

Stripe Identity Security :

• SOC 2 Type II certified data centers
• PCI DSS Level 1 compliance for payment data
• Regular third-party security audits
• Industry-leading identity verification security practices

Service Provider Requirements :

• All service providers must meet our security standards
• Data processing agreements with strong privacy protections
• Regular security assessments of third-party providers
• Contractual requirements for breach notification and response

7.1 Retention Periods

Active User Data :

• Account Information: Retained while account is active
• Political Opinions: Stored until account deletion or user modification
• Identity Verification: Maintained for account verification integrity
• Communication History: Retained for ongoing customer service

Inactive Account Management :

• Dormancy Period: Accounts considered inactive after 2 years of no login
• Notification Process: Email notifications sent 90, 60, and 30 days before deletion
• Automatic Deletion: Inactive accounts may be deleted after notification period
• Data Export: Users can export data before automatic deletion

Analytics and Usage Data :

• Individual Session Data: 90 days maximum retention
• Aggregated Analytics: Up to 2 years for trend analysis
• Performance Metrics: 1 year for system optimization
• Security Logs: 1 year for security analysis and compliance

Legal and Compliance Data :

• Tax Records: 7 years as required by IRS regulations
• Audit Trails: 3 years for operational auditing
• Legal Hold Data: Retained as required by specific legal proceedings
• Regulatory Compliance: As required by applicable election and non-profit laws

7.2 Data Deletion Procedures

User-Initiated Deletion :

1. Account Deletion Request: User visits our account deletion page
2. Identity Confirmation: Verification to prevent unauthorized deletions
3. Deletion Process: 30-day processing period for complete removal
4. Confirmation: Email confirmation when deletion is complete
5. Data Verification: Internal audit to ensure complete removal

Automatic Data Purging :

• Scheduled Deletion: Automated deletion of expired data categories
• Secure Disposal: Cryptographic deletion of encrypted data
• Third-Party Coordination: Ensure deletion from service provider systems

8.1 Types of Cookies and Tracking

Essential Cookies (Cannot be Disabled) :

• Authentication: Secure login and session management
• Security: CSRF protection and security token validation
• Functionality: Core application features and user preferences

Analytics Cookies (Can be Disabled) :

• Google Analytics: Website and application usage patterns
• Performance Monitoring: Application speed and error tracking
• User Experience: Feature usage and navigation analysis

Marketing Cookies (Can be Disabled) :

• Meta Pixel: Fundraising campaign effectiveness measurement
• Conversion Tracking: Donation and engagement tracking
• Audience Insights: Anonymous demographic analysis for outreach

8.2 Managing Cookie Preferences

Cookie Control Options :

• Browser Settings: Disable cookies through your browser preferences
• Opt-Out Tools: Use Google Analytics opt-out browser add-on
• Do Not Track: We respect browser “Do Not Track” settings
• Cookie Banner: Manage preferences through our website cookie banner

Impact of Disabling Cookies :

• Essential Cookies: Disabling may prevent application functionality
• Analytics Cookies: No impact on core features; reduces our ability to improve service
• Marketing Cookies: No impact on functionality; you may still see generic fundraising content

9.1 Strict 18+ Age Requirement

Minimum Age: Our services require users to be 18 years of age or older. This age requirement is strictly enforced and consistent with:

• US voting age requirements
• Identity verification requirements using government-issued photo ID

Account Creation: You must be at least 18 years old to create an account or use our web application. During the identity verification process, we verify that users meet this age requirement through government ID validation.

No Exceptions: We do not make exceptions to the 18+ age requirement, even with parental consent.

9.2 Protection of Minors

No Intentional Collection: We do not knowingly collect personal information from anyone under 18 years of age.

Discovery and Response: If we discover we have collected information from someone under 18, we will:

• Delete all account information immediately
• Remove all associated opinion data
• Permanently block the account from further use
• Notify parents or guardians if contact information is available

Website Access: While minors may view our informational website (voteonissues.org), they cannot create accounts or participate (vote/rank issues) in the web application (app.voteonissues.org). Minors can view public opinion data on the web application without creating an account.

9.3 Educational Information

Civics Education: We support civic education for all ages. While our age limit to participate in democracy is 18 years of age, all public opinion data on our platform is available without creating an account. There are no age requirements to view public opinion on issues for any jurisdiction.

Educational Resources: Teachers and parents seeking civic engagement resources for minors should contact us at education@voteonissues.org.

10.1 Federal Privacy Laws

First Amendment Protections:

• Recognition that political opinions are protected speech
• Commitment to not limit free expression through data practices
• Respect for anonymous political participation rights

Federal Election Law Compliance:

• Compliance with campaign finance disclosure requirements
• Proper handling of any data that might relate to federal elections
• Cooperation with authorized election law investigations

Non-Profit Regulations:

• Compliance with IRS regulations for 501(c) organizations
• Proper handling of donor information and recognition
• Adherence to non-profit governance and transparency requirements

10.2 State Privacy Laws

California Consumer Privacy Act (CCPA/CPRA): For California residents, we provide enhanced rights including:

• Right to Know: Detailed information about data collection and use
• Right to Delete: Comprehensive deletion of personal information
• Right to Opt-Out: We don’t sell data, but you can opt-out of sharing for analytics
• Right to Non-Discrimination: Equal service regardless of privacy choices

Other State Privacy Laws:

• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Other emerging state privacy regulations

We comply with the strongest applicable privacy law for each user’s location.

10.3 Nevada-Specific Considerations

Nevada Privacy Law:

• Compliance with Nevada’s data broker and privacy requirements
• Respect for Nevada residents’ rights regarding data sales (we don’t sell data)
• Adherence to Nevada non-profit corporation regulations

State Political Regulations:

• Compliance with Nevada election and campaign finance laws
• Proper handling of data that may relate to Nevada elections
• Cooperation with Nevada Secretary of State investigations if required

11.1 US-Only Operations

Current Scope: Vote On Issues currently operates only within the United States and serves only US residents.

No International Data Transfers: Personal data is stored and processed only within the United States, eliminating concerns about international data transfer regulations.

Future Expansion: If we ever expand internationally, users will be notified of any changes to data handling practices and asked for renewed consent.

11.2 Foreign Visitor Policy

Non-US Visitors: Individuals visiting from outside the US may view our public website but cannot create accounts or use our application.

Data Collection: We may collect basic analytics data from international visitors to our website but do not store personal information from non-US residents.

Compliance: Should we expand internationally, we would comply with applicable international privacy laws such as GDPR.

12.1 Change Notification Process

Material Changes:

• Email notification to all registered users at least 30 days before changes take effect
• Prominent notice on our website and application for 60 days
• Clear explanation of what changes are being made and why

Minor Updates:

• Updated “Last Modified” date at the top of this policy
• Notification in our next regular user communication
• Continued use of service constitutes acceptance of minor changes

12.2 User Response to Changes

Acceptance: Continued use of our service after the effective date constitutes acceptance of privacy policy updates.

Rejection: If you disagree with material changes:

• You may delete your account at our account deletion page before changes take effect
• Contact us with concerns before the effective date
• Export your data before deletion if desired

Granular Consent: For significant changes to how we handle opinion data or personal information, we may require explicit re-consent rather than implied consent through continued use.

13.1 Privacy Contact Information

General Privacy Inquiries:

• Email: privacy@voteonissues.org
• Phone: 775.339.0550
• Address: PO Box 2882, Stateline, NV 89449

Data Protection Requests:

For requests related to accessing, correcting, or deleting your data, please email
privacy@voteonissues.org with the subject line: “Data Protection Request - [Your Name]”

Security Concerns: For reporting security issues or suspected breaches:

• Email: support@voteonissues.org
• Phone: 775.339.0550

13.2 Response Commitments

Response Times:

• General Inquiries: Within 5 business days
• Data Protection Requests: Within 30 days (or 60 days for complex requests)
• Security Reports: Acknowledgment within 24 hours; full response within 72 hours

Identity Verification: For security purposes, we may require identity verification before processing certain requests, particularly those involving access to or deletion of personal opinion data.

13.3 Regulatory Contact Information

State Compliance:

Nevada Secretary of State — Commercial Recordings Division (for corporate compliance matters)

Federal Compliance:

• Federal Election Commission (for any election law–related matters)
• Internal Revenue Service (for non-profit compliance matters)