How your data works

Your address stays on your device

When you enter an address, it is sent to the Census Bureau's free geocoding API to convert it to a latitude and longitude. That lat/long is then sent to our server to find your representatives. We never store your address, lat/long, or any identifying information. The only thing our server keeps is the public rep contact data itself.

The encrypted pack file

If you choose to save your session, it is encrypted entirely in your browser using AES-256-GCM (the Web Crypto API) before anything touches your disk. The encrypted file — called a pack — lives only on your device. We never see it.

To load a saved session, you upload the file and enter your passphrase. Decryption happens in-browser. The passphrase is never sent anywhere.

The public rep database

Representative contact information (phone numbers, emails, office addresses) is civic commons data — information about public officials, not about users. This data lives in our database and is returned when your district is resolved. It contains nothing about you.

Community contributions

If you submit a missing phone number or email for a representative, that record is attached to the representative's ID — not to you, your address, or your district. There is no contributor log.

No analytics, no tracking

There are no cookies, no analytics scripts, no third-party trackers. The only external call from your browser is to the Census Bureau geocoding API.

Intellectual lineage

This privacy architecture is directly inspired by Alex Pentland's New Deal on Data and the personal data store tradition (openPDS, Solid/Pods). The principle: individuals should own their data the way they own physical property. The encrypted pack is an implementation of that principle that works today, without waiting for infrastructure that doesn't exist yet.