Legal

Privacy Policy

Updated May 19, 2026

This is the formal policy. For the plain-language version of how we handle politically sensitive campaign data, see Trust & data.

Jump to a section
  1. About Us
  2. About This Policy
  3. What We Collect
  4. How We Use It
  5. How We Share It
  6. Cookies & Tracking
  7. Retention
  8. Your Rights
  9. Sub-Processors
  10. Changes
  11. Contact

About Us

Covenant Political, Inc.

1817 Mt Holly Rd, C7-122

Burlington Twp, NJ 08016

covenantpolitical.com

About This Policy

This Privacy Policy explains how we collect, use, and disclose your personal information when you interact with our website, software, and related online and offline products and services (collectively, the “Services”). For questions or complaints regarding this policy or our handling of your personal information, email amanda@covenantpolitical.com.

What Personal Information We Collect

We collect personal information you provide directly to us:

  • Account & campaign information. When you sign up, you provide your email address and name (via our auth provider, WorkOS). When you create a campaign, you provide candidate-level information including the candidate’s name, party, office sought, election date, district, opponents, and similar race context.
  • Campaign data you input. Tasks, decisions, intel (signals), donor records, progress metrics, and other content you enter while using the Services.
  • Communications. If you contact us, sign up for our newsletter, or fill out a form (such as the Pilot Partner application), we collect your name, email, and the content you send.
  • Booking information. If you book a walkthrough through our Calendly link, Calendly collects your name, email, and the chosen time.
  • Payment information. The 2026 Pilot Partner program is free and no payment data is collected during the pilot. When fees apply in future cycles, payment information (card details, billing address) will be collected and stored by Stripe, our payment processor, and not by us.
  • Public information. Our Services may incorporate publicly available information such as candidate filings, FEC records, and similar public-record data.

How We Use Your Information

  • To provide and operate the Services for your campaign.
  • To generate AI briefings, talking points, and recommendations using your campaign context (see Sub-Processors for the AI providers involved).
  • To send you transactional emails (login links, team invitations, briefing notifications) via AWS Simple Email Service (SES).
  • To respond to your questions, inquiries, or support requests.
  • To monitor usage trends and improve the Services.
  • To detect, investigate, and prevent abuse and fraud.
  • To fulfill contractual obligations, including (in future cycles) billing through Stripe.

How We Share Your Information

We do not sell your personal information. We share it only:

  • With the sub-processors listed below, who provide infrastructure (hosting, auth, email, analytics, AI models) under contract.
  • With members of your own campaign team or organization, as configured by you when you invite teammates or join an operator’s organization.
  • In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or part of our business.
  • When legally required to comply with court orders or law enforcement.

See Trust & data for the specific commitments we make on politically sensitive campaign data, donor data, and AI model handling.

Cookies & Tracking

We use a small number of cookies and similar technologies:

  • Session cookie (wos-session): set when you sign in, HMAC-signed so it cannot be tampered with, valid for up to seven days. This is required to use the application.
  • Product analytics: PostHog sets cookies to deduplicate page views and connect events within a session. See the Sub-Processors section for details and our analytics PII rules.

We do not use Google Analytics, Google Tag Manager, advertising cookies, or cross-site tracking pixels.

Retention of Your Data

We retain your personal information only as long as necessary to operate the Services and fulfill the purposes for which it was collected. When you delete a campaign, all data associated with that campaign is removed via cascade delete in our database. Aggregate, non-identifying usage data may be retained for product improvement.

Your Rights Over Your Data

You may request a copy of the personal data we hold about you, or request that we erase it. Where applicable law (such as the GDPR for European users, or US state privacy laws including the California Consumer Privacy Act) gives you specific rights of access, correction, deletion, or portability, we will honor them. Contact amanda@covenantpolitical.com to exercise these rights. Some data may be retained where required for legal, security, or accounting purposes.

Sub-Processors

These are the third parties that receive personal data on our behalf. Each is contractually bound to handle that data only as we direct.

Amazon Web Services (AWS) — hosting, database, email

We run on AWS Amplify Gen 2 with our database on Amazon RDS (PostgreSQL), both in the us-east-1 region. Transactional email is sent via AWS Simple Email Service (SES). Data residency is us-east-1 only; we do not replicate data across regions.

WorkOS — authentication

WorkOS handles sign-in (magic link), organization membership, and team invitations. WorkOS receives your email address and name, and the organization you belong to.

AWS Bedrock and Groq — AI models

We use Groq (running Llama 3.3 70B Versatile) as our primary AI provider, with AWS Bedrock (Amazon Nova Lite) as a fallback. When we generate a briefing, talking point, or recommendation, the relevant slice of your campaign context is sent to one of these providers to produce the response. We disable CloudWatch logging of Bedrock model invocations so prompt content is not retained in our logs.

PostHog — product analytics

PostHog measures product usage so we can improve the Services. We follow strict PII rules: event properties carry a campaign ID or user ID only, never names or PII. Donor emails, voter emails, and any email a user did not enter on a Covenant surface are never sent to PostHog. A limited exception applies to a user’s own email (entered on a first-party surface such as a referral form), which may be used as the PostHog identifier to attribute that user’s actions across surfaces.

Calendly — meeting bookings

When you click the “walkthrough” CTA on our landing page, Calendly collects your name, email, and chosen time so the meeting can be scheduled. Calendly’s privacy policy governs that data.

Stripe — payment processing (when applicable)

Stripe is our planned payment processor for paid Covenant tiers. The 2026 Pilot Partner program is free, so no payment data is being processed today. When fees apply in future cycles, your card and billing details are transmitted directly to Stripe; we do not store full card numbers. Stripe’s privacy policy is at stripe.com/privacy.

Google Fonts — web typography

Our marketing site loads fonts (League Spartan, Source Sans 3, Geist, JetBrains Mono) from fonts.googleapis.com and fonts.gstatic.com. Your browser makes a request to Google when loading these fonts, which exposes your IP address and user agent to Google. We use Google Fonts for consistent typography, a legitimate interest under GDPR Article 6(1)(f). If your browser does not load web fonts, a system font is used instead.

Changes to This Policy

We may modify this Privacy Policy from time to time. Any changes are effective immediately upon posting of the revised policy on our website. Please review this page periodically for updates.

Contact

For questions or concerns regarding this Privacy Policy, our handling of your personal information, or your rights, contact us at:

Covenant Political, Inc.

1817 Mt Holly Rd, C7-122

Burlington Twp, NJ 08016

amanda@covenantpolitical.com

See also: Terms of Service, 2026 Pilot Partner terms, Trust & data.