Trust & data handling

Political data is sensitive. Here is how we handle yours.

Written honestly. If something is not yet certified or built, we say so. If you have questions, email us.

Jump to a section
  1. Data residency
  2. Donor data
  3. Retention & deletion
  4. Access controls
  5. AI models & your data
  6. FEC & campaign finance
  7. SOC 2 & compliance
  8. Incident response
  9. Questions

Data residency

All campaign data is stored in AWS us-east-1 (Northern Virginia). No cross-region replication. No data leaves the United States.

Database: Amazon RDS (Postgres) behind RDS Proxy. Files and assets: Amazon S3 in us-east-1. Backups are encrypted at rest with AWS-managed keys and retained in-region only.

Donor data

What we store, where, and for how long:

Data typeWhereRetentionWho can read
Donor names + emailsRDS us-east-1Life of campaignCampaign team
Donor amounts + datesRDS us-east-1Life of campaignCampaign team
Opposition researchRDS us-east-1Life of campaignCampaign team
Analytics eventsRDS + PostHog12 months rollingCovenant team

Analytics events use your user ID and campaign ID — never donor names, never donor emails.

Retention & deletion

Delete your campaign, delete your data. When you delete a campaign in Covenant, every related record — donors, tasks, briefings, opponents, progress, plans — is removed via database cascade within seconds.

Deletion requests by email are honored within 72 hours. Backups are purged on a rolling 30-day window, so the complete erasure horizon is 30 days.

Access controls

Your campaign data is scoped to your campaign ID. No other campaign can read it. Team members you invite can read only the data their role permits (candidate, campaign manager, paid intern, volunteer — each with different permissions).

Covenant engineers have production access only for break-glass incident response. Those sessions are logged. We do not browse customer data; it is not part of our workflow.

AI models & your data

Covenant uses Groq (Llama 3.3 70B) as its primary AI provider and AWS Bedrock (Amazon Nova Lite) as fallback. CloudWatch logging for Bedrock model invocations is disabled — AWS does not retain your prompts or completions.

Your campaign data is not used to train any model. Covenant does not contribute to model training at Groq, AWS, or anywhere else.

When we generate a briefing, plan, or talking point, your campaign context is sent to the model provider for that single inference and is not retained by them.

FEC & campaign finance

Covenant is software you use to run your campaign. It is not a political committee, does not make independent expenditures, and does not coordinate with any other campaign or committee.

Because Covenant is free to 2026 Pilot Partners, the product is offered on the same terms to all accepted candidates regardless of party. We do not make in-kind contributions. If your state has reporting requirements that could apply here, we are happy to walk through the posture with you.

SOC 2 & compliance

We are not SOC 2 certified yet. Honest answer: we are an early-stage pilot. We plan to pursue SOC 2 Type II after the 2026 cycle, once we have stable volume and a paid tier to fund it.

We do follow the practices that SOC 2 measures: encryption in transit and at rest, least-privilege access, versioned code review, per-environment secrets, structured logging, and monitored error reporting. If you need a formal certification before adopting Covenant, we understand — this is a real constraint.

Incident response

If we detect unauthorized access to your campaign data, we notify affected campaigns within 72 hours with what happened, what data was involved, and what we did about it. We do not have a dedicated security team yet; detection relies on AWS CloudTrail alerts and our error monitoring. Ask if you want the runbook.

Questions

Email deepak@covenantpolitical.com. We answer the trust question directly — no routing, no ticketing system, no boilerplate.

See also: 2026 Pilot Partner terms.