LEDGER — THE SOURCED PUBLIC RECORD
Effective July 2026
LEDGER is a nonpartisan civic-transparency project. It exists to show you public records about public officials — not to collect records about you. This policy says what little we collect, what we never collect, and how to make us delete it.
If you just browse: nothing personal. Our hosting provider (Vercel) and database provider (Supabase) keep standard, short-lived server logs (IP address, browser type, pages requested) to run and secure the service. LEDGER runs no advertising and no cross-site tracking. We measure aggregate site traffic (page views, referrers, countries) with Cloudflare Web Analytics, which is cookieless and does not identify or profile individual visitors.
If you vote on facts (▲/▼): your device receives an anonymous account identifier, and we store your votes and any flags you submit, linked to that identifier. No name, email, or phone number is involved.
If you connect a Google or Apple account: we store the account identifier and email address the provider shares, so your votes follow you across devices. Sign-in happens on Google's or Apple's own pages — LEDGER never sees or stores a password. We request no other profile data and no access to your contacts, files, or calendar.
If you donate: payments are processed by Stripe. LEDGER never sees your card details. Stripe shares your name and email with us as your donation receipt requires; donor names may be published on our funding-transparency page for gifts above a disclosed threshold, and we will tell you before that applies.
Your ballot choices. LEDGER never asks who you voted for or plan to vote for, and stores nothing that records it. Fact votes are about which sourced public records you find salient — not about candidates you support.
Fact votes are aggregated into public salience scores. We do not sell, rent, or share personal data with anyone, run no ads, and build no advertising profiles. Service providers that process data to run LEDGER: Supabase (database and authentication), Vercel (hosting), Stripe (donations), and Google/Apple (optional sign-in).
LEDGER displays information about public officials and candidates drawn from government sources (FEC, Congress, state records). That information is about people in their public capacity, is sourced on every line, and is governed by our corrections process — email us to dispute any fact and we will review it against its source.
Sign out at any time from the Account page. To delete your account and votes, or to exercise any privacy right under your local law (including GDPR and CCPA/CPRA rights of access and deletion), email privacy@[YOURDOMAIN] from the connected address and we will delete within 30 days. Browsing requires no account at all.
LEDGER is not directed to children under 13 and we do not knowingly collect their information; if you believe a child has created an account, contact us and we will delete it.
If this policy changes materially, we will post the new version here with a new effective date. Questions: privacy@[YOURDOMAIN].
Every line on LEDGER is sourced to the public record — no source, no post. Loading the full interactive record…