What personal data does GovGreed collect?

GovGreed collects minimal personal data: email address and display name for account registration, usage analytics (pages visited, features used), and API request logs for subscribers. We do not collect payment card data, government IDs, or sensitive personal information.

How does GovGreed protect my data?

All data is stored in Supabase PostgreSQL databases on AWS infrastructure, encrypted at rest and in transit (TLS 1.2+). Passwords are bcrypt-hashed, API keys are hashed, and database access is restricted by row-level security policies.

Can I delete my GovGreed account and data?

Yes. You can request deletion of your account and all associated personal data by emailing team@govgreed.com with the subject 'Privacy Request.' We respond within 30 days. Note: public government data (congressional trades, bills) cannot be deleted as it is not your personal data.

GovGreed | Privacy Policy — Data Protection & Security

Q: Does GovGreed sell user data?

No. GovGreed does not sell, share, or monetize user data. Our business model is API subscriptions and premium access, not advertising or data brokering.

01 Overview

The short version: GovGreed is built on public government data. We collect minimal personal information. We do not sell your data. We do not run ads. What little we collect is used only to operate the platform.

This Privacy Policy explains how GovGreed ("we," "us," "our") collects, uses, stores, and shares information when you use govgreed.com and the GovGreed API. By using the Service, you agree to the practices described here.

GovGreed is operated as a small team. We are not a data broker and do not monetize user data. Our business model is API subscriptions and premium access — not advertising.

02 What We Collect

Category	Data Collected	When	Required?
Account Data	Email address, display name, password (hashed), account creation date	When you register	Yes (to register)
Usage Data	Pages visited, features used, search queries, session timestamps	Automatically during use	Yes (for platform operation)
API Data	API key, request logs (endpoint, timestamp, response status), usage counts	When using the API	Yes (for API subscribers)
Watchlist / Alerts	Politicians, tickers, and alert rules you configure	When you use these features	No (optional features)
Paper Trading	Simulated trade positions, portfolio history (not real trades)	When you use paper trading	No (optional feature)
Chat History	Queries sent to the AI chat interface, conversation history	When you use AI chat	No (optional feature)
Waitlist	Email address, access type requested, submission timestamp	When you join the waitlist	No (voluntary)
Technical Data	IP address (hashed for rate limiting), browser type, referrer URL	Automatically	Yes (security/abuse prevention)

We do not collect: payment card data (handled by payment processors), government ID, social security numbers, or any sensitive personal data.

03 How We Use Data

We use collected data only for the following purposes:

Operate the platform — authenticate accounts, serve your watchlists, deliver API responses, and persist your preferences
Enforce rate limits — track API usage against your tier limits and prevent abuse
Send notifications — trade alerts, signal triggers, and account notifications you configure
Security & fraud prevention — detect and block unauthorized access, scraping, and abuse
Improve the platform — aggregate, anonymized usage analytics to understand which features are useful
Communications — transactional emails (account confirmations, API key delivery). We do not send marketing emails without explicit opt-in.

We do not: sell data to advertisers, build behavioral profiles for ad targeting, share data with data brokers, or use your data to train AI models without consent.

04 Third-Party Services

GovGreed uses the following third-party infrastructure providers:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Database, authentication, edge functions	All user account and platform data	supabase.com/privacy
Vercel	Static hosting, CDN	IP addresses, request logs	vercel.com/legal/privacy-policy
OpenRouter / Anthropic	AI chat and brief generation	Chat queries you submit	openrouter.ai/privacy
TradingView	Embedded price charts	IP address, ticker viewed	tradingview.com/privacy-policy

We do not embed advertising networks, social media tracking pixels, or analytics platforms that profile users across the web.

05 X (Twitter) API Data Usage

Required disclosure under X Developer Agreement: This section describes how GovGreed uses data obtained through the X API.

GovGreed uses the X API v2 to:

Publish posts from the official @GovGreed account about congressional trading data and signals
Read mentions and replies directed at the @GovGreed account for human review and engagement decisions
Monitor search results for @GovGreed account mentions (for engagement monitoring only)

What we do NOT do with X API data:

We do not store X user data beyond what is temporarily needed to display our own mentions dashboard
We do not build profiles of X users or track individuals across tweets
We do not sell, transfer, or share X API data with third parties
We do not use X API data to infer sensitive personal characteristics (race, health, political views, etc.) of individual users
We do not use X API data to train machine learning models
We do not use X API data for advertising targeting
We do not aggregate X user data for purposes beyond managing our own account
We do not auto-reply to users — all responses to mentions are reviewed by a human before posting

All content posted via the X API by GovGreed is based on publicly available U.S. government data. Automated posts are clearly associated with the @GovGreed account.

X API data obtained by GovGreed is retained only as long as necessary to display account engagement. We do not maintain archives of third-party X user data.

For questions about X data usage, contact: team@govgreed.com

06 Data Storage & Security

All user data is stored in Supabase PostgreSQL databases hosted on AWS infrastructure. Data is encrypted at rest and in transit (TLS 1.2+).

Passwords are hashed using bcrypt — we cannot recover your password
API keys are hashed — we display only the key prefix (e.g., gg_live_xxxx...****)
Database access is restricted by row-level security policies — users can only access their own data
IP addresses used for rate limiting are hashed and not stored in plaintext

No system is 100% secure. While we take security seriously, we cannot guarantee absolute security. In the event of a data breach affecting user accounts, we will notify affected users within 72 hours of discovery.

07 Cookies & Local Storage

GovGreed uses the following browser storage:

Type	Name / Key	Purpose	Expires
localStorage	`gg-sidebar-collapsed`	Remember sidebar state	Persistent (until cleared)
localStorage	`gg-info-panel-collapsed`	Remember info panel state	Persistent (until cleared)
Cookie (Supabase)	`sb-*-auth-token`	Authentication session	Session / 7 days

We do not use third-party advertising cookies. We do not use tracking pixels. The TradingView widget embedded on some pages may set its own cookies — refer to TradingView's privacy policy for details.

You can clear localStorage and cookies through your browser settings at any time. Clearing auth cookies will log you out of GovGreed.

08 Your Rights

You have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate personal data
Deletion — Request deletion of your account and associated personal data. Note: data derived from public government records (congressional trades, bills, etc.) cannot be deleted as it is not your personal data.
Portability — Request an export of your watchlists, alert rules, and paper trading history in JSON format
Opt-out — Unsubscribe from any marketing communications at any time using the unsubscribe link in emails

To exercise any of these rights, email team@govgreed.com with the subject "Privacy Request." We will respond within 30 days.

For California residents (CCPA): We do not sell personal information. You have the right to know what personal information we collect and to request deletion. Contact us at the email above.

For EU/EEA residents (GDPR): Our legal basis for processing is legitimate interest (platform operation) and contract performance (API subscriptions). You have the right to lodge a complaint with your local supervisory authority.

09 Data Retention

Account data: Retained for the lifetime of your account plus 30 days after deletion request
API logs: Request logs retained for 90 days for billing and abuse detection
Chat history: Retained until you delete it or delete your account
Waitlist entries: Retained until access is granted or the waitlist is closed
Anonymized usage analytics: Retained indefinitely (no personal identifiers)

10 Children's Privacy

GovGreed is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at team@govgreed.com and we will delete it.

11 Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date above. Material changes that reduce your privacy protections will be communicated via email (to registered users) or a prominent site notice at least 30 days before taking effect.

12 Contact

Privacy questions, data requests, and concerns:

Email: team@govgreed.com
Subject line: "Privacy Request" for all data rights requests
We respond within 30 days