Privacy Policy

Who We Are

CivicCTA™ is a civic advocacy platform for Oregon residents. The platform is operated by Upside AI, LLC, an Oregon limited liability company. In this policy, "we," "us," and "our" refer to Upside AI, LLC. "You" and "your" refer to anyone who creates an account, subscribes, or otherwise uses the platform.

Upside AI, LLC is the data controller for the personal information described in this policy. Our principal place of business is Oregon. You can reach our privacy team at privacy@civiccta.com.

What This Policy Covers

This policy explains:

• What information we collect about you and why
• How we use that information
• Who we share it with (a short list)
• What we do not do with it (a longer list)
• Your rights under the Oregon Consumer Privacy Act (OCPA)
• How to exercise those rights

This policy applies to civiccta.com and to the platform's web and mobile applications. It does not apply to third-party websites we link to. Those have their own policies.

What We Collect

We collect only what we need to operate the platform. Categories of personal information we collect:

Account information. Your name, email address, and Oregon ZIP code. Your name appears on the letters you authorize. Your email is your account login and where we send transactional confirmations. Your ZIP code is used only to identify the Oregon officials who represent you.

Authentication information. A hashed version of your password (we never store your password in readable form), session tokens, and the IP address from which you signed in. If you add a passkey to your account, the passkey's public key is stored on our servers; the private key remains on your device and is never transmitted to us.

Communications you create and authorize. When you use the platform to draft a constituent communication, we store: the content of the draft, any edits you make, the final authorized text, the recipient (the Oregon official or public comment process), and a timestamp.

Consent ledger. When you authorize a communication, we record an entry in your consent ledger. The entry contains your account identifier, the exact text sent, a SHA-256 hash of the content, the recipient, the time of authorization (in UTC), the delivery status, and the IP address from which you authorized. The consent ledger is append-only. We cannot modify or delete entries, and neither can you. This protects both of us: you have proof of what you sent; we have proof we sent only what you authorized.

Payment information. If you subscribe, your payment information is collected and processed by Stripe. We never see your credit card number, bank account number, or other payment credentials. We receive only a record that the payment succeeded or failed, and a Stripe customer identifier we use to manage your subscription.

Newsletter and communications preferences. If you opt in to the newsletter or other optional communications, we record your preference. You can opt out at any time.

Technical and operational logs. Standard server logs that help us operate and secure the platform: timestamped access records, error logs, and aggregated usage metrics. We do not use third-party analytics that profile individual users (no Google Analytics, no Meta Pixel, no similar tools).

We do not collect:

• Your political party affiliation
• Your voting history
• Your race, ethnicity, religion, sexual orientation, gender identity, immigration status, or any other sensitive demographic category
• Information about you from data brokers
• Information about other people from your contacts, social media, or address book

How We Use What We Collect

We use your information to:

• Create and maintain your account
• Authenticate you when you sign in
• Identify the Oregon officials who represent you (using only your ZIP code)
• Generate personalized drafts of constituent communications based on your stated priorities
• Route authorized communications to the correct recipient through the correct channel
• Record per-action authorization in your consent ledger
• Send you transactional confirmations (account activity, receipts, delivery confirmations)
• Send you the newsletter or other optional communications, if you opted in
• Operate, secure, and improve the platform
• Comply with legal obligations

That is the complete list. We do not use your information for any other purpose without telling you and asking your permission.

What We Do Not Do

This is the part of the policy that matters most. We do not do the following, by design and by commitment:

• We do not sell your personal information. Not now, not ever.
• We do not share your information with political parties, campaigns, political action committees, or advocacy organizations.
• We do not share your information with data brokers.
• We do not use Google Analytics, the Meta Pixel, or any third-party analytics tool that profiles individual users.
• We do not use SMS-based two-factor authentication. SMS is vulnerable to SIM-swap attacks, and our users are civic advocates whose accounts deserve stronger protection.
• We do not offer sign-in with Google, Apple, or Facebook. We do not want to maintain data-sharing relationships with companies whose practices the platform enables our users to challenge.
• We do not target advertising at you. We do not run ads on the platform.
• We do not profile you to make automated decisions about you that produce legal or similarly significant effects.
• We do not allow law enforcement, government agencies, or third parties access to your account or your communications without a valid legal process. If we receive a request, we evaluate it carefully and challenge it where appropriate.
• We do not retain your data forever. See "How Long We Keep Your Data" below.

Who Touches Your Data

A small number of service providers process your data on our behalf. They are not permitted to use your data for their own purposes. The list:

Stripe. Payment processing. Stripe receives the payment information you enter on the subscribe page. Stripe's privacy practices are at stripe.com/privacy.

Transactional email provider. We use a transactional email service (SendGrid or Postmark; provider selection is finalizing during Phase 0) to deliver account confirmation emails, receipts, and delivery confirmations. The provider receives your email address and the content of the email we send you.

Anthropic. Letter generation is performed via Anthropic, our automated drafting provider. The platform sends the issue brief content, your stated priorities, and your account information (your name, your Oregon ZIP code, and your selected issue) to Anthropic's API. The API returns a draft. We have requested a Zero Data Retention (ZDR) agreement with Anthropic; until that agreement is in place, the content of generated drafts may be retained briefly by Anthropic under their standard processing terms. Anthropic does not use the content of our API calls to train their models. We will publish the ZDR confirmation when received and will update this policy.

Amazon Web Services (AWS). All platform data is stored on AWS servers in the US-West-2 region (Oregon). AWS provides infrastructure (computing, database, storage). AWS does not have access to your data for its own purposes.

Cloudflare. Cloudflare provides content delivery and basic security (e.g., distributed denial-of-service protection) for the public website.

We do not currently share your data with any other third parties. If that ever changes, this policy will be updated and you will be notified.

Where Your Data Lives

Your data is stored in the United States, in AWS data centers in the US-West-2 region (Oregon). We chose Oregon-based infrastructure deliberately. The platform serves Oregon residents; the data lives in Oregon.

Some service providers (for example, Cloudflare's edge network) may briefly process traffic outside the United States as part of routing. The data of record is in Oregon.

How Long We Keep Your Data

Account data. While your account is active. If you delete your account, we delete your account data within thirty days, with two specific exceptions described below.

Consent ledger. The consent ledger is append-only and survives account deletion. Each ledger entry is a record of a communication you authorized to be sent to a public official or public comment process; that record exists in the public record (the recipient also has a copy). We retain the ledger to demonstrate that the platform sent only what was authorized. You can download your ledger at any time. We will not modify or delete it. If a court order or subpoena ever requires modification, we will challenge it.

Payment records. Retained according to our financial recordkeeping obligations and Stripe's policies.

Operational logs. Server access logs and error logs are retained for thirty days, then deleted automatically.

Email transactional records. Retained according to the transactional email provider's standard terms, generally thirty to ninety days.

Anthropic processing. Until our Zero Data Retention agreement is in place, draft generation content may be retained briefly by Anthropic under their standard processing terms. Once ZDR is in place, this retention drops to zero. We will update this policy when ZDR is confirmed.

Your Rights Under the Oregon Consumer Privacy Act (OCPA)

The Oregon Consumer Privacy Act (ORS Chapter 646A) gives Oregon residents a set of rights regarding their personal information. We honor all of them.

Right to know. You can ask us what categories of personal information we have about you, where we got it, why we have it, and who we have shared it with. We will respond within forty-five days.

Right to access (portability). You can ask for a copy of the personal information we have about you, in a portable format. You can also download your consent ledger directly from your account at any time.

Right to correction. If we have information about you that is wrong, you can ask us to correct it.

Right to deletion. You can ask us to delete your personal information. We will, with the consent ledger exception described above. We will tell you what we deleted and what we could not delete and why.

Right to opt out of the sale of personal information. We do not sell personal information, so there is nothing to opt out of. You have this right anyway.

Right to opt out of targeted advertising. We do not engage in targeted advertising, so there is nothing to opt out of. You have this right anyway.

Right to opt out of profiling. We do not profile you to make automated decisions about you that produce legal or similarly significant effects. You have this right anyway.

Right to appeal. If we deny a request, you can appeal. If we deny the appeal, you can file a complaint with the Oregon Attorney General at justice.oregon.gov.

How to exercise these rights. Email privacy@civiccta.com with your request. We will verify your identity (we will ask you to confirm details we already have on file) and respond within forty-five days. If your request is complex, we may take an additional forty-five days; we will tell you and explain why.

We do not charge a fee for these requests. If you make repeated unfounded or excessive requests, we may charge a reasonable fee or refuse the request. We will explain why.

Security

We use commercially reasonable security practices, including:

• Passwords are stored as argon2id hashes; we never store passwords in readable form.
• Sessions use rotating JSON Web Tokens with reuse detection.
• Passkeys are supported; passkeys replace passwords with a phishing-resistant login method that cannot be stolen or guessed.
• Data is encrypted in transit (HTTPS) and at rest (AWS-managed encryption).
• Database access is role-segregated; the application role can write to the consent ledger but cannot modify or delete entries.
• An independent security engineer reviews the platform's architecture before launch.

No security system is perfect. If we ever experience a breach affecting your data, we will notify you as required by law and will publicly post a notice on the platform.

Automated Drafting Disclosure

Every communication generated by the platform includes a footer identifying CivicCTA as the drafting tool, naming you as the authorizing sender, and recording the timestamp of your authorization. The canonical text is:

"This draft was prepared with the assistance of CivicCTA, a civic engagement platform (Upside AI, LLC). [Your name] reviewed and authorized this communication before sending. Authorization recorded: [date and time UTC]."

We will not pretend your letter was written without our help. The platform drafts. You review, edit, and authorize. We send. Transparency is the whole point.

Children's Data

The platform is not directed at children under thirteen and we do not knowingly collect personal information from anyone under thirteen. If you believe a child under thirteen has provided personal information to the platform, contact us at privacy@civiccta.com and we will delete it promptly.

We do not impose a minimum age above thirteen. Civic participation is for everyone. We design the platform's defaults conservatively for that reason.

Cookies and Similar Technologies

We use a small number of strictly necessary cookies to keep you signed in and to remember your preferences. We do not use advertising cookies, tracking cookies, or third-party analytics cookies. You can disable cookies in your browser; the platform will still work, but you may need to sign in more often.

Warrant Canary

We commit to publishing an annual transparency report and to maintaining a warrant canary on the platform. If we are ever served with a request that we are legally prohibited from disclosing, the canary will reflect that. The canary lives at civiccta.com/canary.

Changes to This Policy

We may update this policy as the platform evolves, as legal requirements change, or in response to counsel review. When we do:

• The "Last updated" date at the top will change.
• A summary of changes will be posted at civiccta.com/privacy-changes for thirty days.
• Material changes (anything that expands what we collect, who we share with, or how we use your data) will trigger a notice to your account email at least thirty days before the change takes effect.

Contact

For privacy questions, requests, or complaints:

Email: privacy@civiccta.com
General contact: contact@civiccta.com

If we cannot resolve your concern, you can file a complaint with the Oregon Attorney General at justice.oregon.gov.

Statutory Basis

This policy is designed to comply with the Oregon Consumer Privacy Act (ORS Chapter 646A) and applicable federal law.

CivicCTA™ (Upside AI, LLC)  |  Oregon  |  Privacy Policy Version 1.0  |  May 2026