Last updated: April 2, 2026
When you create an account, we collect your name, email address, phone number (if provided), and payment information (processed securely by Stripe). We do not store credit card numbers on our servers.
We automatically collect information about how you interact with the Service, including pages visited, features used, search queries (e.g., politician lookups, ticker searches, trade filters), and device/browser information. We use Google Analytics to help understand usage patterns.
If you use our API, we log request metadata including endpoints called, request timestamps, API key usage, and credit consumption. This data is used for rate limiting, billing, and abuse prevention.
When you use Chad AI, we store your conversation history to provide context for follow-up questions and to improve the service. Conversations are associated with your user account. Chad conversations are processed by our AI provider (xAI) and are subject to their data handling practices.
When you submit our contact form, we collect your name, email, phone number, company (if provided), and message content. This information is used solely to respond to your inquiry.
We use essential cookies and browser localStorage for authentication, session management, and storing user preferences (e.g., theme settings, watchlist state). Analytics cookies (Google Analytics) help us understand how the Service is used. You can disable cookies in your browser settings, though some features may not function properly.
We do not sell your personal information. We share data only with:
We implement industry-standard security measures including HTTPS/TLS encryption in transit, hashed passwords (bcrypt), and secure API key management (SHA-256 hashed storage). API keys are never stored in plaintext. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
We retain account data for as long as your account is active or as needed to provide the Service. Usage and analytics data is retained for up to 26 months. API usage logs are retained for billing and abuse-prevention purposes for up to 12 months. You may request deletion of your account and associated data at any time by contacting us.
Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records for tax/audit purposes).
Depending on your jurisdiction, you may have the right to:
To exercise any of these rights, contact us at disclosedcapitol@gmail.com. We will respond within 30 days.
California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
To exercise these rights, email disclosedcapitol@gmail.com with the subject line "CCPA Request."
Disclosed Capitol is operated from the United States. If you are accessing the Service from outside the US, please be aware that your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
The Service is not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe we have collected such data, contact us immediately and we will promptly delete it.
Some browsers send a "Do Not Track" signal. We currently do not respond to DNT signals, as there is no industry consensus on how to interpret them. You can manage tracking preferences through your browser's cookie settings.
We may update this Privacy Policy periodically. We will notify registered users of material changes via email and update the "Last updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.
For privacy-related inquiries, contact us at disclosedcapitol@gmail.com.
You may also visit our Contact page for additional ways to reach us.