Privacy Policy

• Email address (for account creation and communication)
• Name (if you choose to provide it)
• Profile preferences (theme, notification settings, accessibility options)
• Educational status (for educational access verification)
• Language preferences and accessibility settings

FERPA Compliance: We act as a School Official with a legitimate educational interest when handling student data. Educational records are isolated in our school schema with enhanced protections.

• Student names, grades, and school identification numbers
• Course enrollments and teacher assignments
• Quiz scores and educational progress tracking
• Parent/guardian contact information (when applicable)
• LMS integration data: When you connect Google Classroom or other learning management systems, we receive only the information necessary to sync your class rosters and assignments. We do not access other information in your LMS account.

Educational Institution Accounts: Schools and districts that use Principle under institutional agreements are governed by separate Data Processing Agreements (DPAs) that include FERPA compliance commitments, enhanced data security requirements, institutional data access controls, and audit rights for district administrators.

• Quiz scores, performance metrics, and progress tracking
• Questions answered, time spent, and learning patterns
• Skill assessments and knowledge gap analysis
• Content preferences and personalized recommendations
• Gamification data (progress tracking, achievements, learning streaks)
• Learning objectives and study goals

• Browser information: Browser type and version (web users only)
• General platform: iOS or Android
• IP address: For security and regional content delivery
• Usage patterns: Feature usage and app interactions
• Error logs: Crash reports and error data (anonymized)
• Performance data: App load times and feature performance metrics

What we never collect for tracking: Device fingerprints, UDID, serial numbers, or battery levels. We do not use device hardware identifiers for tracking purposes. Our iOS app may access device storage information solely to ensure adequate space for app functionality — this information is not linked to your identity or shared with third parties. Biometric data (e.g., Face ID) never leaves your device.

Transparency First: We measure our effectiveness to improve civic education quality. Here's what we track:

• Content engagement patterns (which topics generate learning vs. clicks away)
• Educational effectiveness metrics (knowledge retention and skill development)
• Community feedback quality (user reports, content bookmarking, sharing patterns)
• Accessibility usage data (text-to-speech, translation features, device compatibility)
• Platform performance metrics (load times, error rates, feature adoption)
• Source credibility tracking (how our content verification systems perform)

• Subscription status and billing history (processed by Stripe)
• Donation records for access verification
• Educational access verification documents
• Gift credit transactions and redemptions

When you make a donation or gift purchase — whether or not you have a Principle account — we collect:

• Name and email address (provided at Stripe checkout)
• IP address and device information (collected for fraud prevention)
• Payment confirmation details (amount, date, transaction ID — not full card numbers)
• Gift recipient email (if you purchase a gift for another person)

Processing and retention: Checkout data is transmitted to and processed by Stripe and stored in our Supabase database. Donation records are retained for 7 years for tax and legal compliance.

• Your chosen display name (Anonymous, your platform username, or a custom first name you enter)
• Your state (selected by you or confirmed from your account profile)
• Your letter subject and body
• Any references you attach (linked bills, news articles, or Principle content)

When you submit a Letter, we also collect and store your IP address at the time of submission, your browser’s user-agent string, and a timestamped, cryptographically signed record of the submission event. We collect this data to detect abuse, prevent spam, and maintain platform integrity. This data is never displayed publicly and is retained for 90 days, then deleted.

Published Letters display:

• Your chosen display name and state
• Your letter subject and body
• The congressional recipients you selected
• Aggregated cosign (support) counts

Your email address, full legal name, IP address, and user-agent are never displayed publicly.

Published Letters may be indexed by third-party search engines including Google. Once a Letter is indexed, search engines may retain cached copies. If you delete your Letter, we will remove it from Principle and submit removal requests to major search engines, but we cannot guarantee removal of cached copies within any particular timeframe or at all.

• You may delete your Letter at any time from your account. The Letter is removed from public display immediately.
• Submission metadata (IP address, user-agent, timestamp) is retained for 90 days for fraud-prevention purposes, then deleted.
• Letter text and display data are purged from our database within 30 days of deletion, except as retained in anonymized aggregate form.

If you are between 13 and 17, your Letter may be published publicly with your chosen display name and state. We recommend using “Anonymous” as your display name. Parents or guardians may contact privacy@principlecivics.comto request deletion of any content associated with a minor’s account. You may also delete your own Letters from your account settings at any time.