Privacy Policy

1. Web Server Logs

Like any website, we log basic request information: IP addresses (via Cloudflare), request paths, timestamps, and HTTP status codes. These logs are used exclusively for security monitoring and debugging.

Retention: Log files are rotated daily and automatically deleted after 30 days.

2. District Lookup

When you look up your district by address, your address is sent to two external services to determine your districts and polling place:

• U.S. Census Bureau Geocoder (geocoding.geo.census.gov) to identify your congressional and state legislative districts
• Google Civic Information API (googleapis.com) to find your polling place near elections

These services are operated by the U.S. government and Google, respectively. Your address is sent directly to their servers to process the lookup. We have no control over how they handle that data. See the Census Bureau privacy policy and Google privacy policy for details.

On our end, we cache the district result (not your address) so repeated lookups are fast. Your address is stored only as a one-way hash (SHA-256). We do not store the readable address and cannot reverse the hash to recover it.

Retention: Cache entries expire after 30 days.

3. Browser Local Storage

If you use the district lookup feature, your district numbers (like "Congressional District 3") are saved in your browser's local storage. This stays on your device and is never sent to our servers. You can clear it anytime through your browser settings.

4. AI Chat Conversations

Chat messages are processed in real-time and are not stored by default. Once you close the page, the conversation is gone from our side. We do not use chat content for training or analytics. The only exception is the optional feedback flow described in §6 below, where you can choose to share a single question/response pair so we can debug a bad answer.

5. Email (Future Feature)

When we add email alerts in the future, submitting your email will only be used to send the notifications you signed up for. We will never share your email with third parties.

6. Chat Feedback (Optional)

If you rate an AI response using the thumbs up/down buttons, we store your rating along with technical metadata about the interaction (which tools were used, how relevant the search results were, and the length of the response). Your question is also hashed (SHA-256) so we can detect repeated failures without knowing what was asked.

If you give a thumbs-down, an optional form opens where you can pick a reason and add a free-text comment. The comment is run through an automatic scrubber that removes US addresses, email addresses, phone numbers, SSN-shaped sequences, and credit-card-shaped digit runs before it reaches our database.

That form also has a checkbox: “Share my question and the AI’s response so the team can debug.”The checkbox is off by default. If you tick it, your question and the response are stored in addition to the rating, after the same PII scrubber removes the patterns listed above. If you don’t tick it, neither value is sent to our database.

Retention:The rating, hash, and technical metadata are kept indefinitely to track quality trends. The free-text fields (your question, the response, and any comment) are automatically NULLed 14 days after the feedback was submitted. PII scrubbing is best-effort — please review what you type before submitting and avoid including personal details if you can.

• We do not use cookies
• We do not run Google Analytics or any third-party tracking
• We do not fingerprint browsers
• We do not store your street address. The hash is only used as a temporary cache key to reduce repeat calls to external services.
• We do not log what you type in the AI chat, unless you explicitly opt in via the thumbs-down feedback form (see §6 for the rules)

Candidate and legislator photos displayed on this site are loaded directly from their original sources. When you view a profile page, your browser makes requests to these external servers to fetch the image:

• Maryland General Assembly (mgaleg.maryland.gov) for legislator photos
• U.S. Congress (theunitedstates.io) for federal incumbent photos
• Ballotpedia (ballotpedia-api4.s3.amazonaws.com) for some candidate photos
• Candidate campaign websites for self-hosted campaign photos

These image requests are subject to those sites' own privacy policies. We do not control or track these requests.

This site uses the following third-party infrastructure services. Your browser may make requests to these services when you use the site:

• Cloudflare hosts and serves our frontend pages and acts as a CDN and security proxy for our API. Cloudflare processes your IP address and request headers as part of normal operation. See the Cloudflare privacy policy.
• MapLibre (demotiles.maplibre.org) provides map font files used to render district labels on the interactive map.

Fonts used on this site (Playfair Display and Inter) are bundled with the site at build time and served from our own domain. They are not loaded from Google at runtime.

All candidate, legislator, and bill data comes from official public government sources (Maryland General Assembly, MD State Board of Elections, OpenStates, U.S. Census Bureau, FEC). For a complete list, see our Data Sources page.

The only user-specific data we store is the hashed address cache, which auto-expires after 30 days. Since we store only a hash (not your actual address), there is nothing personally identifiable to delete.

If you have any concerns or want to confirm what data we hold, contact us at showupmaryland@gmail.com.

If we change this policy, we will update the date at the top of this page. Major changes will be noted on our homepage.