THE CANDIDATE

Privacy policy

How we handle your information

Last reviewed April 30, 2026.

The Candidate (“we,” “us,” “our”) operates thecandidate.com (the “Platform”), a non-partisan federal political discovery site. This policy explains what we collect, how we use it, and the rights you have over the information that ends up in our systems.

1. What we collect

  • Public visitor data. Pages you view, the IP address your request came from, browser/OS strings, and the referrer URL. Standard web-server log data.
  • Email addresses. When you opt in to a newsletter, claim a candidate page, or submit a correction we keep the email you provided.
  • Account data. If you create an account or sign in to claim a page, we store the same minimum identity fields any auth provider would (email, hashed password or magic-link token, basic profile info you supply).
  • Public candidate data. Sourced from the FEC and other public records. Provenance for every fact is shown on the candidate profile page.

2. How we use it

  • To operate the site, including auth, candidate claims, and admin moderation.
  • To send you email you specifically asked for (newsletter, claim status updates, corrections you reported). We do not send marketing email unsolicited.
  • To prevent abuse — e.g. rate-limiting, fraud detection, blocking obvious scraping bursts.
  • To produce aggregate, non-identifying analytics about how the site is used.

3. What we don’t do

  • We do not sell your personal information to third parties.
  • We do not use your data to build profiles for political ad targeting on this or any other platform.
  • We do not require an account to read public candidate or race pages.

4. Service providers

We use a small set of vendors to run the site: Supabase (database + auth), Vercel (hosting), Cloudflare (DDoS / bot protection), and email delivery providers (Resend, SendGrid, or similar). Each vendor processes data only to deliver their service to us; none are given a license to repurpose your data for their own advertising.

5. Cookies

We use first-party cookies for auth sessions and to remember your preferences. We do not load third-party advertising or tracking cookies on the public-discovery pages.

6. Your rights

You can request a copy of the personal data we hold about you, ask us to correct it, or ask us to delete it. Email [email protected] with your request. California residents have additional rights under the CCPA; please reference “CCPA” in the subject line so we route your request correctly. We respond within 30 days for routine requests and 45 days for CCPA requests, in line with the statutory windows.

7. Security

We use TLS for everything in transit, encrypted-at-rest storage at our cloud providers, and strict access controls for the small team that operates the platform. No system is perfectly secure, so if you discover a vulnerability please report it to [email protected].

8. Changes to this policy

We’ll update the “last reviewed” date at the top of this page when we change anything material. For substantive changes we’ll also email account holders.

9. Contact

Privacy questions: [email protected]. General contact: /contact.