POLLCAPby DFX Intelligence

Last updated April 13, 2026

Privacy Policy

PollCap (“the Service”) is operated by DFX Intelligence (“we,” “us,” “our”). This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform. By using PollCap, you agree to the practices described below.

1. Information we collect

Account information

When you create an account, we collect your name, email address, and a password. Passwords are never stored in plaintext — they are hashed using scrypt before being written to the database.

Campaign and donor data

You may import or create donor records, event data, campaign profiles, call sheets, outreach drafts, and other content within the platform. This data is stored in your organization's tenant-isolated database partition and is never shared with other organizations or used for purposes outside of operating your account.

Public records data

PollCap enriches donor profiles using publicly available data from the Federal Election Commission (FEC), the U.S. Census Bureau, the Bureau of Economic Analysis (BEA), the Department of Housing and Urban Development (HUD), Zillow Research, and FollowTheMoney.org. These are public datasets and their use does not require consent from the individuals whose records appear in them.

Usage data

We collect anonymous usage analytics including page views, feature usage frequency, and session duration. This data is used to improve the product and does not include personally identifiable donor information.

2. How we use your information

  • To operate PollCap and deliver the features you use — including AI intelligence briefs, donor scoring, signal detection, call sheet generation, and outreach drafting.
  • To enrich your donor database with public contribution records, geographic intelligence, and economic indicators.
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails related to your account (password resets, billing receipts, service notifications).
  • To improve the platform based on aggregated, anonymized usage patterns.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes. We do not use your data to build competing products. We do not allow other customers to access your data.

3. AI processing

PollCap uses DFX AI to generate intelligence briefs, donor scoring explanations, outreach drafts, and strategic recommendations. When AI features are used, only the specific data fields required for the request are transmitted to DFX AI. Your full database is never sent.

DFX AI does not use data submitted via its API for model training purposes. AI-generated outputs are stored in your organization's database and treated with the same access controls as all other data.

4. Data isolation and multi-tenancy

PollCap is a multi-tenant application. Each organization's data is logically isolated at the database level. Every database query is scoped to your organization's unique identifier. There are no shared tables that could expose one organization's data to another. Administrative and cron operations are similarly scoped — the daily intelligence pipeline processes each organization independently.

5. Third-party services

We use the following third-party services to operate PollCap:

  • Supabase — Database hosting (SOC 2 Type II certified). Your data is stored in a PostgreSQL database managed by Supabase with encryption at rest and in transit.
  • Vercel — Application hosting and serverless compute. All traffic is encrypted via TLS.
  • Stripe — Payment processing. We do not store credit card numbers. All payment data is handled by Stripe in accordance with PCI DSS Level 1 standards.
  • DFX AI — AI processing for intelligence features. Data submitted via API is not used for training.
  • Anthropic — Claude API powers our AI Capital Engine, Morning Brief, and opposition research generation. Prompt context derived from your data is sent to Anthropic for inference. Anthropic does not use API submissions to train its models.
  • Resend — Transactional email delivery (sign-in links, password resets, follow-up notifications). Resend receives the recipient address and the email content we send on your behalf.
  • Mapbox — Map tiles and geocoding for the Field Intelligence territory map. Mapbox receives ZIP-aggregated geo lookups only — never individual donor coordinates.

We also access public data APIs operated by the U.S. government (FEC, Census Bureau, BEA, HUD) and public research datasets (Zillow, FollowTheMoney). These services receive lookup queries (such as ZIP codes or state codes) but do not receive your proprietary donor data.

6. Security

  • Passwords are hashed using scrypt with unique salts before storage.
  • Sessions are signed with HMAC-SHA256 using a server-side secret. Session tokens expire after 7 days.
  • All data in transit is encrypted via TLS 1.3. All data at rest is encrypted by our database provider.
  • API keys and secrets are stored in Vercel environment variables, never committed to source code.
  • Administrative and cron endpoints are protected by a bearer token secret.

7. Data retention and deletion

Your data is retained for as long as your account is active. If you cancel your subscription, your data remains accessible in read-only mode for 90 days, after which it may be permanently deleted.

You may request full data deletion at any time by emailing hello@pollcap.com. We will process deletion requests within 30 days and confirm completion via email. Deletion includes all donor records, campaign data, AI-generated content, outreach drafts, and account information. Anonymized, aggregated usage statistics may be retained.

8. Cookies

PollCap uses a single session cookie (ds_session) to authenticate your login. This is a functional cookie required for the application to operate. We do not use third-party tracking cookies, advertising pixels, or cross-site tracking technologies.

9. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data in a machine-readable format.
  • Object to or restrict certain processing activities.

To exercise any of these rights, email hello@pollcap.com. We will respond within 30 days.

10. Children's privacy

PollCap is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the account holder at least 14 days before taking effect. The “last updated” date at the top of this page reflects the most recent revision.

12. Contact

For questions about this Privacy Policy or how we handle your data, contact us at hello@pollcap.com.

PollCap is operated by DFX Intelligence.