Start tracking congressional trades today

Free account gives you analytics tools, watchlist, and monthly digests.

Get started free
PolitAlpha

Track congressional stock trades with transparency. Updated daily from public government disclosures.

Data

  • Trades
  • Politicians
  • Stocks
  • Sectors
  • Committees

Insights

  • Performance Rankings
  • Watchdog
  • STOCK Act Compliance
  • Compare Politicians

Resources

  • Blog
  • Pricing
  • Watchlist
  • Settings

Legal

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Security
  • Accessibility

© 2026 Bertatech LLC. Congressional and financial data sourced from public government records.

Not investment advice. Data may be delayed or incomplete.

PolitAlpha
HomeTradesPoliticiansStocksSectorsCommittees
BlogPricingWatchlist

Privacy Policy

Last Updated: March 28, 2026

This Privacy Policy describes how Bertatech LLC ("Company," "we," "us," or "our") collects, uses, and shares information when you use the PolitAlpha website at politalpha.com ("Site") and the services offered through it (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1. Information You Provide to Us

DataWhen CollectedPurpose
Email addressAccount registrationAccount creation, authentication, service communications
PasswordAccount registrationAuthentication (stored only as a cryptographic hash; we never store or have access to your plaintext password)
Watchlist selectionsWhen you add items to your watchlistPersonalized tracking of politicians, stocks, and committees
Email preferencesWhen you configure notification settingsControlling which emails you receive
Payment informationPro subscription checkoutSubscription billing (processed entirely by Stripe; we do not receive or store your credit card number — see Section 4)

1.2. Information We Collect Automatically

DataHow CollectedPurpose
IP addressServer logsRate limiting, security, abuse prevention
User agentHTTP headersCompatibility, debugging
Session tokenAuthentication cookieMaintaining your login session
Page views and interactionsPostHog analytics (consent required)Understanding how users navigate the site to improve features and usability

1.3. Analytics (PostHog)

We use PostHog, a product analytics platform, to understand how users interact with the Service. PostHog collects page views, button clicks, and navigation patterns. PostHog analytics are only activated after you explicitly consent via our cookie consent banner. If you decline analytics cookies, no analytics data is collected.

PostHog data is used solely for improving the Service. We do not use it for advertising, profiling, or selling to third parties. For more information, see PostHog's Privacy Policy.

1.4. Information We Do NOT Collect

  • We do not use advertising or retargeting cookies (no Google Ads, no Facebook Pixel)
  • We do not collect location data beyond IP address
  • We do not collect demographic information
  • We do not collect information from social media profiles
  • We do not purchase data from third-party data brokers

2. How We Use Your Information

We use the information we collect for the following purposes:

PurposeLegal Basis (GDPR)Data Used
Providing the Service (account management, watchlist, data display)Contract performanceEmail, password hash, watchlist, preferences
Processing paymentsContract performanceEmail, subscription plan (via Stripe)
Sending transactional emails (signup confirmation, password reset)Contract performanceEmail
Sending Pro subscription emails (Watchdog alerts, weekly digests)Contract performanceEmail, watchlist, preferences
Security and abuse prevention (rate limiting, fraud detection)Legitimate interestIP address, user agent
Email delivery monitoring (tracking delivery status for reliability)Legitimate interestEmail address, send status, timestamps
Administrative operations (account management, support)Legitimate interestAccount data, audit logs
Service improvement (bug fixes, performance optimization)Legitimate interestAggregated, anonymized usage patterns

We do not use your information for:

  • Advertising or ad targeting
  • Selling to third parties
  • Profiling for purposes unrelated to the Service
  • Automated decision-making that produces legal effects

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only with the following categories of service providers, strictly for the purposes described:

3.1. Service Providers

ProviderPurposeData SharedPrivacy Policy
Supabase (Supabase Inc.)Authentication, database hostingEmail, password hash, all account datasupabase.com/privacy
Stripe (Stripe, Inc.)Payment processingEmail, subscription plan, payment methodstripe.com/privacy
Resend (Resend, Inc.)Email deliveryEmail address, email contentresend.com/legal/privacy-policy
Cloud hosting providerApplication hosting and content deliveryStandard HTTP logs (IP, user agent)Infrastructure hosted on U.S.-based cloud services with industry-standard security practices

These providers process your data as "data processors" (GDPR) or "service providers" (CCPA) on our behalf, under contractual obligations to protect your data.

3.2. Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

  • Comply with a legal obligation, court order, or legal process
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public

3.3. Business Transfers

If the Company is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Site before your information becomes subject to a different privacy policy.

3.4. Congressional and Financial Data

The congressional trade data, stock data, and legislative data displayed on the Service is aggregated from public government sources, including filings with the U.S. Senate Office of Public Records and the Office of the Clerk of the U.S. House of Representatives. This data is in the public domain and does not contain personal information of our users.

In compliance with 5 U.S.C. app. § 105(c), all raw congressional financial disclosure data is made freely available to the general public through the Service without restriction. No account or subscription is required to access this data. Our proprietary analytics and derived insights are separate products that do not restrict access to the underlying public disclosure data.

Our aggregation and display of this public data is not governed by this Privacy Policy, as it does not constitute personal information.

4. Payment Processing

All payment processing is handled by Stripe. When you subscribe to a Pro plan:

  • Your payment card details are entered directly into Stripe's secure payment form
  • We never receive, see, or store your credit card number
  • We receive and store only: your Stripe customer ID, subscription status, plan type, and subscription event history (checkout, renewal, cancellation, payment failure)
  • Stripe is PCI-DSS Level 1 certified — the highest level of payment security certification

For information about how Stripe processes your data, please see Stripe's Privacy Policy.

5. Cookies and Tracking Technologies

5.1. Cookies We Use

Cookie NamePurposeTypeDuration
sb-*-auth-tokenSupabase authentication session (JWT)Strictly necessary / FunctionalSession (expires with JWT, typically 1 hour; refreshed automatically)

5.2. Analytics Cookies (Consent Required)

If you consent to analytics cookies via our cookie consent banner, PostHog sets cookies and uses localStorage to track page views and interactions. These cookies are only set after you explicitly opt in. You can withdraw consent at any time via the "Manage Cookies" link in the website footer.

5.3. Cookies We Do NOT Use

We do not use:

  • Advertising or retargeting cookies
  • Third-party tracking pixels (no Google Ads, no Facebook Pixel)
  • Social media tracking widgets
  • Fingerprinting technologies

5.4. Cookie Consent

We display a cookie consent banner on your first visit. Strictly necessary cookies (authentication) are always active. Analytics cookies (PostHog) are only activated if you explicitly consent. You can manage your preferences at any time via the "Manage Cookies" link in our website footer.

For more information, see our Cookie Policy.

6. Data Retention

Data CategoryRetention PeriodReason
Account data (email, profile)Until account deletion + 30 daysService provision; 30-day grace period for accidental deletion
Watchlist dataUntil account deletionService provision
Email preferencesUntil account deletionService provision
Email send logs12 monthsDeliverability monitoring and debugging
Subscription events7 years after last eventFinancial record-keeping (tax/audit requirements)
Admin audit logs3 yearsSecurity and accountability
Server logs (IP, user agent)90 daysSecurity, rate limiting, abuse prevention
Authentication sessionsUntil logout or JWT expirySecurity
Email suppression records (bounced/complained addresses)IndefinitePreventing delivery to invalid or complaining addresses; required for email deliverability and CAN-SPAM compliance

After the retention period, data is permanently deleted or anonymized. Email suppression records are retained indefinitely to prevent re-sending to addresses that have bounced or filed complaints, as required for email deliverability compliance.

7. Data Deletion and Your Rights

7.1. Account Deletion

You may request deletion of your account and associated data by contacting us at support@politalpha.com. Upon receiving a verified deletion request:

  • We will delete your account data within 30 days
  • Subscription event records may be retained in anonymized form for financial reporting (as required by law)
  • Data already shared with service providers (Stripe, Supabase) will be subject to their respective retention policies
  • We will confirm deletion to you via email

7.2. Data Access and Export

You may request a copy of your personal data in a structured, machine-readable format (JSON or CSV) by contacting us at support@politalpha.com. We will fulfill such requests within 30 days.

7.3. Data Correction

You may update your email address and preferences through your account settings at any time. For other corrections, contact us at support@politalpha.com.

8. Your Privacy Rights

8.1. Rights for All Users

Regardless of your location, you have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Delete your account and personal data
  • Object to processing of your personal data
  • Withdraw consent for email communications at any time

8.2. Additional Rights for EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have the following additional rights under the General Data Protection Regulation (GDPR):

Legal basis for processing: We process your data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Account creation, service delivery, payment processing
  • Legitimate interest (Art. 6(1)(f)): Security, abuse prevention, email delivery monitoring, service improvement
  • Consent (Art. 6(1)(a)): Marketing emails (Watchdog alerts, weekly digests)

Your additional rights:

  • Right to restriction: You may request that we restrict processing of your personal data in certain circumstances
  • Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
  • Right to object: You may object to processing based on legitimate interest, and we will cease processing unless we have compelling legitimate grounds
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your EU/EEA member state

International data transfers: Your data is processed on servers located in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data from the EU/EEA to the United States. Our service providers (Supabase, Stripe, Resend) maintain appropriate data transfer mechanisms.

EU Representative: Given the current scope of our EU data processing, we have not appointed an EU representative under Article 27 of the GDPR. If you have questions about our data practices, please contact us at support@politalpha.com.

8.3. Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of personal information collected (in the preceding 12 months):

CCPA CategoryExamplesCollected?
IdentifiersEmail addressYes
Internet activityIP address, user agentYes
Commercial informationSubscription history, payment recordsYes (via Stripe)
GeolocationIP-derived approximate locationIncidentally
Sensitive personal information—No

We do NOT:

  • Sell your personal information (as defined by CCPA)
  • Share your personal information for cross-context behavioral advertising
  • Use or disclose sensitive personal information for purposes other than those permitted by CCPA

Your rights:

  • Right to know: You may request the categories and specific pieces of personal information we have collected
  • Right to delete: You may request deletion of your personal information
  • Right to correct: You may request correction of inaccurate personal information
  • Right to opt-out of sale/sharing: We do not sell or share your data, so there is nothing to opt out of
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at support@politalpha.com. We will verify your identity using the email address associated with your account. We will respond to verified requests within 45 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@politalpha.com, and we will take steps to delete such information.

10. Security

We implement reasonable administrative, technical, and physical security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encrypted database connections
  • Hashed password storage (via Supabase Auth using bcrypt)
  • Row-level security (RLS) on database tables containing user data
  • Rate limiting to prevent brute-force attacks
  • Regular security updates to dependencies
  • Access controls limiting employee/admin access to user data

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach involving your personal information, we will notify you and relevant authorities as required by applicable law.

11. International Data Transfers

PolitAlpha is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) for lawful international data transfers. Our key service providers maintain the following transfer mechanisms:

  • Supabase: Data Processing Agreement with SCCs
  • Stripe: Data Processing Agreement with SCCs; certified under the EU-U.S. Data Privacy Framework
  • Resend: Data Processing Agreement with SCCs

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate.

12. Email Communications

12.1. Types of Emails

Email TypeRecipientsCan Opt Out?
Account confirmationAll new usersNo (required for account setup)
Password resetUsers who request itNo (user-initiated)
Service notificationsAll users (e.g., subscription changes, terms updates)No (service-critical)
Monthly digestFree users with watchlist items (opt-in)Yes
Watchdog alertsPro subscribers (opt-in)Yes
Weekly digestPro subscribers (opt-in)Yes

12.2. Opting Out

You can opt out of non-essential emails at any time by:

  • Clicking the "Unsubscribe" link in any marketing email
  • Adjusting your email preferences in Settings
  • Contacting us at support@politalpha.com

We will honor your opt-out request within 10 business days (CAN-SPAM) or without undue delay (GDPR). Opting out of marketing emails does not affect transactional or service-critical communications.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

  • Posting the updated policy on the Site with a new "Last Updated" date
  • Sending an email notification to registered users (for material changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Bertatech LLC 211 E. Ohio St #1422 Chicago, IL 60611 Email: support@politalpha.com

For GDPR-related inquiries, you may also contact our data protection point of contact at support@politalpha.com.

*This Privacy Policy was last updated on March 28, 2026.*