Privacy Policy

Last Updated: April 7, 2026

1. Introduction

ballot.watch ("we", "us", "our") is a non-partisan civic information platform dedicated to making election data accessible to every American voter. We provide coverage across all 50 states, the District of Columbia, and U.S. territories (Puerto Rico, Guam, U.S. Virgin Islands, American Samoa, and the Northern Mariana Islands).

This Privacy Policy describes how we collect, use, store, and protect your information when you use our website and services. By using ballot.watch, you agree to the practices described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

We collect information in the following ways:

• Account information — When you sign in via Apple Sign In, Google Sign In, or email, we collect your email address and name to create and manage your account.
• Address and location — If you use the My Ballot feature, we collect the address you provide to determine which races and candidates appear on your ballot and to look up your polling locations. Your address is stored in your user profile so you do not need to re-enter it.
• Ballot preferences — If you use the My Ballot feature, we store your candidate selections (ballot picks) so they persist across sessions and devices.
• Favorites — If you star races or candidates as favorites, we store those selections linked to your account.
• Party affiliation preference — If you set a party affiliation in your Account settings, we store this preference to personalize your experience. This is for ballot.watch only and does not affect your official voter registration.
• Issue priorities — If you complete the issue priorities interview, we store your responses to calculate candidate alignment scores as you browse.
• Campaign claims — If you submit a campaign claim (as a candidate or campaign manager), we collect your name, email, phone number, role, verification description, and any proof you provide.
• Organization data — If you create or join an endorsing organization, we collect organization details, membership information, and endorsement records you provide.
• Issue reports — If you report inaccurate data or a problem via the flag icon, we collect the details of your report along with the page URL.
• Usage analytics — We collect anonymized usage data including page views, session duration, entry/exit pages, referrer, browser, operating system, device type, screen size, and language to understand how the platform is used and where to improve. This data is not linked to your identity.
• Approximate location — When you visit ballot.watch, we use your IP address to determine your approximate geographic location (city, region, and country) for analytics purposes. We use the IP2Location LITE database for this lookup. Your IP address is not stored — only the derived location is retained in anonymized form.

We do NOT collect your voting records, government-issued identification numbers, or any information about how you actually vote. ballot.watch is an informational tool only.

3. Local Storage & Authentication

ballot.watch does not use cookies.

When you sign in, your authentication tokens (issued by AWS Cognito) are stored in your browser's localStorage. These tokens:

• Are sent to our servers as a Bearer token in the Authorization header to authenticate API requests
• Are scoped to same-origin requests only — they are never sent to third-party services
• Expire after one hour and are automatically refreshed using a Cognito refresh token
• Are cleared when you sign out

We also use localStorage to store non-sensitive user preferences such as your user ID, ballot picks, favorites, disclosure acknowledgment, and interface settings. All localStorage data is cleared when you sign out.

We do not use tracking cookies, advertising cookies, retargeting pixels, or third-party analytics services. Our analytics are self-hosted and privacy-preserving — we do not use Google Analytics or similar third-party trackers.

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and personalize the ballot.watch service
• Determine which races and candidates appear on your ballot based on your address
• Save your favorites, ballot picks, and issue priorities across sessions and devices
• Calculate candidate alignment scores based on your issue priorities
• Look up your polling locations and early voting sites
• Process and review campaign ownership claims
• Send a one-time welcome email when you create an account
• Send important product update emails if you have opted in to receive them
• Support endorsing organization features, including endorsement records and voter guides
• Improve our platform, diagnose technical issues, and develop new features

We never sell your personal information to third parties. Your data is used solely to operate and improve ballot.watch.

5. Data Storage & Security

We take the security of your data seriously:

• All data is stored on Amazon Web Services (AWS) infrastructure located in the United States (us-west-2 region).
• User authentication is handled through AWS Cognito with industry-standard encryption protocols. ballot.watch never has access to your password — it is managed entirely by AWS Cognito and is never transmitted to or stored on our servers.
• Authentication tokens are stored in browser localStorage and sent via the Authorization header. Tokens are validated server-side on every request, including verification of the token issuer.
• All connections to ballot.watch use HTTPS/TLS encryption.
• API responses containing election data are encrypted in transit using StratusShield, an additional layer of application-level encryption on top of TLS.
• Database access is restricted to authorized systems within a private network, with no public-facing database endpoints.
• User roles and permissions are verified server-side on every request and are never trusted from client-side storage.

While no system is completely immune to security risks, we implement reasonable and appropriate measures to protect your information from unauthorized access, alteration, or destruction.

6. Third-Party Services

We use the following third-party services to operate ballot.watch:

• Amazon Web Services (AWS) — Hosting (EC2, S3, CloudFront), content delivery, authentication (Cognito), email delivery (SES), and data storage.
• Apple Sign In — Optional authentication method. Apple shares only the information you authorize (typically name and email).
• Google Sign In — Optional authentication method. Google shares only the information you authorize (typically name, email, and profile photo).
• Google Civic Information API — Used to look up polling locations and election information based on the address you provide. Your address is sent to Google's API for this purpose.
• Apple MapKit JS — Used to display district boundary maps on state and race pages, and for directions to polling locations. Map tiles are loaded from Apple's servers.
• Google News RSS — Used to aggregate election news headlines. No personal data is shared with Google for this purpose.
• IP2Location LITE — We use the IP2Location LITE database (installed locally on our servers) to determine approximate visitor location from IP addresses for analytics. Your IP address is not sent to any external service — the lookup happens entirely on our infrastructure. This product includes IP2Location LITE data available from lite.ip2location.com.

We do not share your personal data with political campaigns, political parties, or advertisers. Campaigns that claim their listing on ballot.watch receive tools to manage their own profile only — they do not receive any user data.

7. Data Retention

We retain your personal data only as long as necessary to provide our services:

• Account data — Retained while your account is active. Deleted upon your request.
• Ballot picks and favorites — Retained while your account is active. Cleared from localStorage on sign out; server-side data deleted with your account.
• Campaign claims — Retained for the duration of the election cycle and a reasonable period afterward for record-keeping.
• Issue reports — Retained until the reported issue is resolved, then anonymized.
• Usage analytics — Anonymized at collection; aggregate data retained indefinitely.

When you delete your account, we will permanently delete your personal data within 30 days, except where retention is required by law.

8. Your Rights

You have the following rights over your personal data. You can exercise most of these directly from your Account page:

• Access — View your account data, favorites, and ballot picks at any time from your Account page.
• Data portability — Download a copy of all personal data we hold about you in JSON format using the "Request Data Export" button on your Account page.
• Correction — Update any inaccurate personal information directly in your profile settings.
• Restriction — Request that we limit how your data is processed using the "Request Restriction" button on your Account page. Your account will remain active but personalization features will be disabled.
• Deletion — Permanently delete your account and all associated data using the "Delete My Account" button on your Account page. This action cannot be undone.
• Opt out of communications — Unsubscribe from any emails at any time using the link in each message, or from your Account settings.
• Opt out of sale/sharing — ballot.watch does not sell or share your personal information with third parties. There is nothing to opt out of.

We will respond to verified data requests within 30 days (GDPR) or 45 days (CCPA/CPRA). You will not be discriminated against for exercising any of these rights.

For California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), California residents have the right to know what personal information is collected, request its deletion, request its correction, and opt out of its sale or sharing. As stated above, we do not sell or share personal information. You may exercise your rights via your Account page or by emailing privacy@ballot.watch.

For EU/EEA/UK Residents (GDPR)

Under the General Data Protection Regulation, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Our lawful basis for processing is legitimate interest (providing the ballot.watch service) and, where applicable, your consent. You may exercise your rights via your Account page or by emailing privacy@ballot.watch.

For Virginia, Colorado, and Connecticut Residents

Under the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and Connecticut Data Privacy Act (CTDPA), you have similar rights to access, correct, delete, and port your data, and to opt out of targeted advertising, sale of personal data, and profiling. ballot.watch does not engage in targeted advertising, sale of personal data, or automated profiling. You may exercise your rights via your Account page or by emailing privacy@ballot.watch.

9. Children's Privacy

ballot.watch is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at privacy@ballot.watch.

10. International Users

ballot.watch is designed for use by voters in the United States and its territories. If you access ballot.watch from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located. By using our service, you consent to the transfer of your information to the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. If we make material changes, we will notify you through the ballot.watch platform or via email (if you have an account). The "Last Updated" date at the top of this page indicates when the policy was most recently revised.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: privacy@ballot.watch

For data rights requests, you can also use the Data & Privacy section on your Account page to download, restrict, or delete your data directly.