Skip to main content
← Back to home

Privacy Policy

Last updated: April 9, 2026

Yea or Nay ("we", "us", "our") operates the website at yeaornay.org. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

We collect the following information when you use the Service:

  • Account information: Email address and password (passwords are hashed and never stored in plain text)
  • Location information: ZIP code, state, and congressional district, used solely to identify your elected representatives
  • Voting data: Your yea or nay votes on congressional bills
  • Two-factor authentication: TOTP secret keys if you choose to enable 2FA
  • Session data: Authentication session cookies required to keep you signed in

We do not collect browsing history, device fingerprints, or any information beyond what is listed above.

2. How We Use Your Information

Your information is used exclusively to:

  • Authenticate your account and maintain your session
  • Identify your congressional representatives based on your ZIP code
  • Record and display your votes on bills
  • Calculate agreement percentages between your votes and your representatives' votes
  • Send transactional emails (password resets, account verification)

We do not use your data for advertising, profiling, or any commercial purpose. We never sell, rent, or share your personal information with third parties for their marketing purposes.

3. Third-Party Services

We use the following third-party services to operate Yea or Nay. Each processes only the minimum data necessary:

  • Supabase: Database hosting and user authentication. Stores your account data, votes, and profile information. See Supabase Privacy Policy.
  • Resend: Transactional email delivery (password resets, verification emails). Receives only your email address. See Resend Privacy Policy.
  • Congress.gov API: Provides congressional bill and vote data. No user data is sent to this service.
  • 5 Calls API: Looks up your congressional representatives based on your ZIP code. Only your ZIP code is sent to this service.
  • Cloudflare Turnstile: CAPTCHA verification to prevent automated abuse. See Cloudflare Privacy Policy.

4. Cookies

We use only essential cookies required for authentication and session management, provided by Supabase Auth. We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

5. Data Security

We take the security of your data seriously. Measures include:

  • Passwords are hashed using industry-standard algorithms (bcrypt)
  • All data is encrypted in transit via TLS/HTTPS
  • Data at rest is encrypted by our database provider (Supabase)
  • Row-Level Security (RLS) ensures users can only access their own data
  • Optional two-factor authentication (TOTP) for account protection
  • API keys and secrets are stored server-side and never exposed to the client

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data (profile, votes, and authentication records) will be permanently removed from our systems. Anonymized, aggregated data may be retained for statistical purposes.

7. Your Rights

You have the right to:

  • Access your data: View all personal information associated with your account through your profile settings
  • Delete your data: Permanently delete your account and all associated data through your profile settings
  • Export your data: Request a copy of your data by contacting us
  • Correct your data: Update your profile information at any time

8. California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at info@yeaornay.org.

9. European Residents (GDPR)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to access, rectify, port, and erase your data, as well as the right to restrict or object to processing. Our legal basis for processing your data is your consent (provided at account creation) and our legitimate interest in operating the Service. To exercise your rights, contact us at info@yeaornay.org.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or your data, please contact us at info@yeaornay.org.

See also our Terms of Service