Privacy Policy

This is the privacy policy for The Future Party PAC. It is written in plain English because hiding data practices behind legal jargon is the kind of thing we exist to replace.

It covers what categories of data we collect, why we collect them, who receives them, how long they are kept, and what rights you have. It applies to the entire site, including the contact form, the donation flow, the public ledger, the newsletter, and The Relay civic information tool at /relay.

Who Operates the Site

The Future Party is an independent political action committee (PAC) registered in Idaho. Donor information is reported to the Idaho Secretary of State as required by campaign-finance law and becomes part of the public record through those filings.

Paid for by The Future Party PAC. Not authorized by any candidate or candidate's committee.

What We Do Not Do

We want to be clear about this before listing what we collect.

We do not use advertising, analytics, retargeting, or cross-site tracking cookies. The site is designed to operate without user accounts or tracking cookies, and you can verify what your browser receives in its developer tools.

We do not use tracking pixels, web beacons, or invisible images.

We do not run third-party advertising networks, retargeting scripts, or behavioral tracking. No Google Analytics. No Facebook Pixel. No Meta tracking. No Google Tag Manager.

We do not sell, rent, lease, or trade your personal data to anyone — not to other political organizations, not to data brokers, not to advertisers, not to anyone.

We do not build behavioral profiles or fingerprint your browser for advertising.

We do not send unsolicited email. If you receive email from us, it is because you submitted a form or subscribed to the newsletter.

We do not use Relay conversations or correction reports to train AI models.

Cookies and Local Storage

We do not use advertising cookies, analytics cookies, retargeting cookies, or cross-site tracking cookies. The site is designed to operate without user accounts or tracking cookies.

The Relay may use your browser's local storage to keep your conversation visible across reloads, remember interface state, and improve the user experience. Local storage stays on your device. Clearing your browser storage — or pressing the "Clear" button on /relay — may remove your local conversation history.

There is no analytics ID, no fingerprint, no advertising token, and no cross-site identifier in our local storage.

Analytics

We use Plausible for aggregate, privacy-focused analytics. Plausible does not use cookies, does not track visitors across sites, and gives us aggregate traffic statistics rather than individual visitor profiles.

What Plausible shows us: total page views, which pages are visited, which country visitors are in, what browser and device type they use, and where they came from. All of it aggregate.

Plausible's data policy: plausible.io/data-policy

Contact Form

When you submit the form on the Get Involved page, we collect your name, email address, state, ZIP code, the lane you want to work in, a description of work you have already done, what you can do in the next thirty days, any links you choose to share, and — if you are interested in running for office — the jurisdiction you are considering and whether you have looked up the filing requirements. We also collect browser and device metadata and abuse-prevention fingerprints described in the Abuse and Security Logs section below.

Submissions may be emailed to the founder via Resend and stored in a private Supabase database used for routing, follow-up, security review, and integrity verification. Submissions are not public. Submissions are not sold. Access is limited to the founder and operators authorized by the PAC.

Contact and submission forms may also process technical and interaction signals to detect spam, abuse, fraud, or automated submissions. These signals may include network information, browser and device information, timing information, and interaction patterns. They are processed to protect the site and to help us decide whether to act on a submission.

The Relay

When you use The Relay, we process your message, the recent conversation context, and relevant public-data context to generate a response. We use third-party AI infrastructure to provide this feature.

We do not intentionally store full Relay conversations in our application database. Your conversation lives in your browser's local storage unless you submit it to us as part of a correction report.

If you click "Report incorrect" on a Relay response, we store the response, your typed correction, the question that produced the response, and a short summary of the data sources used, so we can evaluate accuracy and improve the tool. Correction reports are not intended to identify you unless you include identifying information in the correction text. Separate abuse-prevention logs may process technical request data. Anything you type into the correction box is stored as you wrote it, so do not type information you would not want stored.

We do not use Relay conversations or correction reports to train models. Our AI infrastructure provider, Together AI, states that it does not use submitted data for model training without opt-in consent. We will update this policy if our position or our provider's published position changes.

Donations

When you make a donation, we collect donor compliance information before checkout, including your name, email address, mailing address, occupation, employer, donation amount, date, and donor attestations. We use this information to process the contribution, maintain PAC records, reconcile payment records, comply with campaign-finance obligations, and file required reports.

Stripe directly collects and processes your card number, expiration date, CVC, and payment-authentication details through its hosted checkout flow. Those card details do not pass through our servers, and we do not see or store your full card number. Stripe is PCI DSS Level 1 certified. Stripe's privacy policy: stripe.com/privacy

We retain donor compliance records as required for PAC recordkeeping and campaign-finance compliance. Access to those records is limited to the PAC treasurer and any administrators the PAC authorizes. Some donor information must be reported to government agencies when applicable disclosure thresholds are met and may become part of the public record through those filings.

Every donation also creates a public ledger entry. The public entry includes the donation amount, the date, a display name (either "Anonymous" or your name if you opted in or if the applicable disclosure threshold is met), and a cryptographic chain hash. The public ledger does not include your email address, mailing address, occupation, or employer.

Newsletter

When you subscribe to the newsletter, we retain your email address, the page you subscribed from, and the date. We use Resend to send the emails; your address is shared with Resend solely for delivery.

You can unsubscribe at any time by replying to any newsletter email or by emailing contact@thefutureparty.org. We will remove your email promptly. We comply with CAN-SPAM even though political email is technically exempt.

Abuse and Security Logs

To prevent abuse and protect the site, we log network information, request metadata, timing information, and device/browser information when you submit a form, create a donation session, send a Relay message, submit feedback, or use another rate-limited feature. These records are kept only as long as needed to enforce the relevant limit or investigate abuse, and they are not linked to the contents of your message.

Service Providers

We intentionally use the service providers listed below to operate the site. Each receives only the data needed for its role. These providers may use their own subprocessors under their own terms and privacy policies.

Vercel — hosts the site and runs the serverless functions that handle requests. vercel.com/legal/privacy-policy

Supabase — provides our database (PostgreSQL on AWS in the United States). Holds donor compliance records, the public ledger, the newsletter list, join-form submissions, abuse-prevention logs, the Relay public-data graph, and correction reports. supabase.com/privacy

Stripe — processes donation payments and collects card details directly. stripe.com/privacy

Resend — delivers transactional email (contact-form forwards, newsletter messages). resend.com/legal/privacy-policy

Plausible — privacy-respecting aggregate analytics. Never receives a personal identifier. plausible.io/data-policy

Together AI — provides the language-model infrastructure behind The Relay. Receives only what is needed to generate a response (the system context, the public-data context, your message, and the recent conversation context). together.ai/privacy

Data Retention

Donor compliance records are retained as required by campaign-finance law.

The public donation ledger is intended to be permanent and append-only. Entries are not edited or removed in the normal course; doing so would defeat the purpose of the chain.

Join-form submissions are retained in the private Supabase intake table until they are routed, declined, or removed on request. The matching email copy is retained at the founder's discretion.

Newsletter subscriptions are retained until you unsubscribe.

Abuse-prevention logs are retained only as long as needed to enforce the relevant limit or investigate abuse.

Relay conversations are not retained by us in our application database. The browser-side copy stays in your local storage until you clear it.

Correction reports submitted via "Report incorrect" are retained while we operate The Relay so we can evaluate and improve it. They do not include your IP address or name unless you typed one in.

Security

We follow standard practices to protect the data described above, including a strict Content Security Policy and modern TLS on every page, server-side validation of requests, access controls on our database, and credentials kept out of error messages and logs. No system is perfectly secure. If you find a vulnerability, please email contact@thefutureparty.org rather than exploiting it. We will respond.

International Visitors

Our infrastructure is operated from the United States, and the data described here is processed and stored in the United States. If you are visiting from another jurisdiction, your local privacy law may not provide the same level of protection as your home country's law. By using the site you consent to that transfer for the purposes described above.

Children

This site is a general-audience site and is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you are under 13, do not submit any forms and do not use The Relay. If we learn that we have collected information from a child under 13, we will delete it. Donations are limited to people 18 and older.

Data Breaches

If we determine that a breach requires notice under applicable law, we will notify affected individuals as required by law and as promptly as reasonably possible.

Your Rights

Depending on where you live, you may have specific privacy rights under applicable law. We do not sell personal information and we do not share it for cross-context behavioral advertising.

Even where not legally required, you may contact us to request access to, correction of, or deletion of personal information we control. We can usually act on these requests, subject to campaign-finance retention obligations, the append-only nature of the public ledger, security needs, and any other applicable legal limits.

To make a request, email contact@thefutureparty.org from the address on file. We will respond within a reasonable time, and within any deadline the law requires.

Law Enforcement and Legal Process

We will comply with valid legal process — subpoenas, court orders, warrants — as required by law. Where we are legally permitted to do so, we will notify the affected user before disclosing their information.

Changes

If we change this policy, we update this page and change the date at the top. We do not send notification emails for policy changes because we do not track who has read this page. Bookmark it if you want to check back.

Contact

Questions about this policy: contact@thefutureparty.org

The Future Party PAC
Boise, Idaho