Civic Core Institute

Last updated: January 2025

1. Introduction

Civic Core Institute ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard information when you use our platform.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

Account registration details (email, name) for API access
Payment information for API subscriptions (processed by Stripe)
Contact form submissions
Feedback and correspondence

2.2 Information Collected Automatically

IP address and approximate location
Browser type and device information
Pages visited and interaction patterns
API usage logs (for subscribed users)

2.3 Public Data We Process

Our platform aggregates publicly available data about UK Members of Parliament. This data originates from official government sources and is processed under legitimate interest for democratic transparency.

3. How We Use Your Information

To provide and maintain the Service
To process API subscriptions and payments
To respond to inquiries and support requests
To monitor and prevent abuse of the Service
To improve our platform and develop new features
To comply with legal obligations

4. Legal Basis for Processing

Contract: Processing necessary for API subscriptions
Legitimate Interest: Analytics, security, service improvement
Consent: Marketing communications (where applicable)
Legal Obligation: Tax records, fraud prevention

5. Cookies

We use cookies and similar technologies for:

Essential cookies: Authentication, security, preferences
Analytics cookies: Understanding usage patterns (anonymized)

We do not use advertising or tracking cookies. You can control cookies through your browser settings.

6. Data Sharing

We do not sell your personal data. We may share data with:

Service providers: Hosting (Vercel), payments (Stripe), database (Supabase)
Legal authorities: When required by law or to protect rights
Business transfers: In connection with merger or acquisition

7. Data Retention

Account data: Retained until account deletion
API logs: 90 days
Analytics data: 26 months (anonymized)
Financial records: 7 years (legal requirement)

8. Your Rights

Under UK GDPR, you have the right to:

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Request deletion ("right to be forgotten")
Portability: Receive data in machine-readable format
Objection: Object to processing based on legitimate interest
Restriction: Limit how we use your data

To exercise these rights, contact us at our contact page.

9. Data About Public Figures

Our platform processes publicly available information about Members of Parliament. This processing is conducted under legitimate interest for democratic accountability and transparency.

MPs or their representatives with concerns about data accuracy should contact us. We will correct verified inaccuracies promptly.

10. International Transfers

Data may be processed by service providers in countries outside the UK. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

11. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments.

12. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via the platform or email for registered users.

13. Contact & Complaints

For privacy inquiries, contact us via our contact page.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Last updated: January 2025

1. Introduction

Civic Core Institute ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard information when you use our platform.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

Account registration details (email, name) for API access
Payment information for API subscriptions (processed by Stripe)
Contact form submissions
Feedback and correspondence

2.2 Information Collected Automatically

IP address and approximate location
Browser type and device information
Pages visited and interaction patterns
API usage logs (for subscribed users)

2.3 Public Data We Process

3. How We Use Your Information

To provide and maintain the Service
To process API subscriptions and payments
To respond to inquiries and support requests
To monitor and prevent abuse of the Service
To improve our platform and develop new features
To comply with legal obligations

4. Legal Basis for Processing

Contract: Processing necessary for API subscriptions
Legitimate Interest: Analytics, security, service improvement
Consent: Marketing communications (where applicable)
Legal Obligation: Tax records, fraud prevention

5. Cookies

We use cookies and similar technologies for:

Essential cookies: Authentication, security, preferences
Analytics cookies: Understanding usage patterns (anonymized)

We do not use advertising or tracking cookies. You can control cookies through your browser settings.

6. Data Sharing

We do not sell your personal data. We may share data with:

Service providers: Hosting (Vercel), payments (Stripe), database (Supabase)
Legal authorities: When required by law or to protect rights
Business transfers: In connection with merger or acquisition

7. Data Retention

Account data: Retained until account deletion
API logs: 90 days
Analytics data: 26 months (anonymized)
Financial records: 7 years (legal requirement)

8. Your Rights

Under UK GDPR, you have the right to:

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Request deletion ("right to be forgotten")
Portability: Receive data in machine-readable format
Objection: Object to processing based on legitimate interest
Restriction: Limit how we use your data

To exercise these rights, contact us at our contact page.

9. Data About Public Figures

Our platform processes publicly available information about Members of Parliament. This processing is conducted under legitimate interest for democratic accountability and transparency.

MPs or their representatives with concerns about data accuracy should contact us. We will correct verified inaccuracies promptly.

10. International Transfers

Data may be processed by service providers in countries outside the UK. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

11. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments.

12. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via the platform or email for registered users.

13. Contact & Complaints

For privacy inquiries, contact us via our contact page.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Privacy Policy

1. Introduction

2. Information We Collect

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Public Data We Process

3. How We Use Your Information

4. Legal Basis for Processing

5. Cookies

6. Data Sharing

7. Data Retention

8. Your Rights

9. Data About Public Figures

10. International Transfers

11. Security

12. Changes to This Policy

13. Contact & Complaints

Privacy Policy

1. Introduction

2. Information We Collect

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Public Data We Process

3. How We Use Your Information

4. Legal Basis for Processing

5. Cookies

6. Data Sharing

7. Data Retention

8. Your Rights

9. Data About Public Figures

10. International Transfers

11. Security

12. Changes to This Policy

13. Contact & Complaints