Privacy Policy

Account Information. When you create an account, we collect your email address and password (stored in hashed form). If you register with a registration key, we record the key used for access-level validation.

Usage Data. We collect information about how you interact with the Service, including queries submitted, features used, session duration, and timestamps. This helps us improve query accuracy and user experience.

Automatically Collected Data. We may collect device type, browser type, IP address, and general location (city/state level) through standard server logs. We use this data for security, rate limiting, and service optimization.

Voter Data (Processed, Not Collected). DataDirector queries publicly available voter registration data on your behalf. We do not collect, copy, or store voter records — all queries execute against the source database in real-time and results are streamed directly to your session.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account access level
• Process and respond to your natural language queries accurately
• Enforce rate limits and prevent abuse (40 messages/day for guest users, 100 messages/day for registered users)
• Communicate with you about service updates, security alerts, or support requests
• Analyze usage patterns to improve query accuracy and AI performance
• Comply with legal obligations

We do not sell your personal information. We may share information in the following circumstances:

Service Providers. We use third-party services for hosting (Supabase), AI processing (OpenAI via AI Gateway), and authentication. These providers process data on our behalf under contractual obligations to protect your information.

AI Processing. When you submit a query, your natural language input is sent to our AI provider to interpret and translate into database queries. We do not send voter record data to the AI provider — only your query text and the resulting structured filters.

Legal Requirements. We may disclose information if required by law, subpoena, or legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of DataDirector, our users, or the public.

We implement industry-standard security measures to protect your information, including:

• Encrypted data transmission (HTTPS/TLS)
• Hashed password storage
• Read-only database access — the Service cannot modify voter data
• Server-side API key management (keys are never client-exposed)
• Rate limiting to prevent abuse
• Regular security audits

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we take commercially reasonable steps to protect your data.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to certain processing of your personal data

To exercise these rights, contact us at privacy@datadirector.app. We will respond within 30 days.