Privacy Policy

Last updated: March 30, 2026

This is the privacy policy for The Future Party PAC. It is written in plain English because hiding data practices behind legal jargon is the kind of thing we exist to replace.

We will tell you exactly what we collect, where it goes, who can see it, and what we do not do. If any of this changes, this page changes, and we will note the date at the top.

Who We Are

The Future Party is an independent political action committee (PAC) registered in Idaho. We are not a corporation. We are not a 501(c)(4). We are a PAC, which means our donor information is reported to the Idaho Secretary of State as required by law and becomes part of the public record.

Paid for by The Future Party PAC. Not authorized by any candidate or candidate's committee.

What We Do Not Do

We want to be clear about this before listing what we collect.

We do not use cookies. Zero. None. No tracking cookies, no session cookies, no analytics cookies, no advertising cookies. You can verify this yourself in your browser's developer tools.

We do not use tracking pixels, web beacons, or invisible images.

We do not run any third-party advertising networks, retargeting scripts, or behavioral tracking. No Google Analytics. No Facebook Pixel. No Meta tracking. No Google Tag Manager.

We do not sell, rent, lease, or trade your personal data to anyone. Not to other political organizations. Not to data brokers. Not to advertisers. Not to anyone.

We do not build behavioral profiles. We do not track you across websites. We do not fingerprint your browser for advertising purposes.

We do not send unsolicited email. If you receive email from us, it is because you submitted the contact form or subscribed to the newsletter. Both require your explicit action.

Analytics: Plausible

We use Plausible Analytics for aggregate website traffic statistics. Plausible is a privacy-focused analytics tool built in the EU. It is the opposite of Google Analytics.

Plausible sets no cookies. It collects no personal information. It does not track you across sites. It does not store your IP address. It generates a daily rotating hash from your IP and user agent string to count unique visitors, but this hash is discarded every 24 hours and cannot identify you.

What Plausible shows us: total page views, which pages are visited, which country visitors are in (derived from IP, then the IP is discarded), what browser and device type they use, and where they came from (Google, Twitter, direct link, etc.). All of this is aggregate. We cannot identify any individual visitor.

Plausible's data policy: plausible.io/data-policy

Contact Form

When you submit the contact form on the Get Involved page, we collect:

Your name, email address, area of involvement, and message. We also collect metadata for anti-bot protection: your IP address, user agent, approximate geographic location (from Vercel's edge network headers), time spent on page, browser fingerprint hashes (canvas and WebGL, used only to distinguish bots from humans), and interaction patterns (mouse movements, keystrokes, field focuses).

All of this data is sent via Resend (our email delivery service) to the founder's email address. It is not stored in a database. It lives in an email inbox. The anti-bot metadata is included in the email so we can identify and discard spam submissions.

Resend's privacy policy: resend.com/legal/privacy-policy

Donations

When you make a donation, three things happen with your data.

1. Stripe processes your payment. Your credit card number, expiration date, CVC, and billing address are collected directly by Stripe's hosted checkout page. This data never touches our servers. We do not see your full card number. Stripe is PCI DSS Level 1 certified. Stripe's privacy policy: stripe.com/privacy

2. We store a private compliance record. Idaho campaign finance law (Idaho Code §67-6606) requires us to collect and retain: your full name, mailing address, email, occupation, employer, donation amount, and date. This is stored in a private database table hosted on Supabase (PostgreSQL on AWS). Only the PAC treasurer and authorized administrators can access this data. This data is used exclusively for required filings with the Idaho Secretary of State.

3. We publish a public ledger entry. Every donation appears on our public donation ledger. The public entry contains: the donation amount, the date, a display name (either "Anonymous" or your name if you opted in or if your cumulative donations reach $50, per Idaho's disclosure threshold), and a cryptographic chain hash. The public ledger does not contain your address, email, occupation, or employer.

Legal disclosure requirement: Idaho Code §67-6606 requires us to report the name, address, occupation, and employer of any donor whose aggregate contributions exceed $50 in a calendar year. This information is filed with the Idaho Secretary of State and becomes part of the public record, searchable through the Sunshine Campaign Finance Portal. This is required by law. We cannot opt you out of this. Federal law (52 USC §30101 et seq.) imposes similar requirements for contributions aggregating over $200. This is how campaign finance transparency works in the United States. If you donate, your information will be reported to the government and will be publicly accessible.

When you subscribe to the newsletter, we store your email address in a database table hosted on Supabase. We also record which page you subscribed from (the Signal page or the donation success page) and the date.

We use Resend to send newsletter emails. Your email address is shared with Resend for the sole purpose of delivering emails you asked for.

You can unsubscribe at any time by replying to any newsletter email or by emailing contact@thefutureparty.org. We will remove your email within 48 hours. We comply with CAN-SPAM even though political emails are technically exempt, because compliance should not be optional.

Rate Limiting

To prevent abuse, we log IP addresses and timestamps when you submit forms or create donation sessions. This data is stored in a database table on Supabase and is automatically deleted after the rate limit window expires (15 minutes to 1 hour depending on the endpoint). We do not use this data for any purpose other than preventing abuse.

Hosting and Infrastructure

The site is hosted on Vercel. Vercel processes your requests and may log IP addresses, request paths, and timestamps in their infrastructure logs. Vercel's privacy policy: vercel.com/legal/privacy-policy

Our database is hosted on Supabase, which runs on Amazon Web Services (AWS) infrastructure. Supabase's privacy policy: supabase.com/privacy

Payment processing is handled by Stripe. Stripe's privacy policy: stripe.com/privacy

Email delivery is handled by Resend. Resend's privacy policy: resend.com/legal/privacy-policy

Data Retention

Donation compliance records are retained indefinitely as required by Idaho campaign finance law.

The public donation ledger is permanent and append-only by design. Entries cannot be edited or deleted because the cryptographic chain would break. This is intentional.

Contact form submissions exist as emails. They are retained at the founder's discretion.

Newsletter email addresses are retained until you unsubscribe.

Rate limiting logs are automatically deleted after 1 hour.

Children

This site is not directed at anyone under 13 years of age. We do not knowingly collect personal information from children. If you are under 13, do not submit any forms on this site. If we learn that we have collected data from a child under 13, we will delete it.

Data Breaches

If we discover that our systems have been breached and your personal data has been exposed, we will notify affected individuals by email within 72 hours of confirming the breach. Idaho Code §28-51-105 requires notification of breaches involving personal information. We commit to exceeding the statutory minimum in both speed and transparency of notification.

Your Rights

Idaho does not have a comprehensive consumer privacy law. There is no state-level right to access, delete, or port your data in Idaho. We offer these anyway because we believe you should have them.

You can request a copy of any personal data we hold about you. You can request deletion of your newsletter subscription, contact form data (to the extent it exists in email), and rate limiting logs. You cannot request deletion of donation compliance records because we are legally required to retain them, and you cannot request removal of public ledger entries because the chain is append-only by design.

To make any request, email contact@thefutureparty.org. We will respond within 14 days.

Law Enforcement

We will comply with valid legal process (subpoenas, court orders, warrants) as required by law. If we receive a request for your data from law enforcement, we will notify you before disclosing unless we are legally prohibited from doing so (e.g., by a gag order).

Changes

If we change this policy, we update this page and change the date at the top. We do not send notification emails for policy changes because we do not track who has read this page. Bookmark it if you want to check back.

Contact

Questions about this policy: contact@thefutureparty.org

The Future Party PAC
Boise, Idaho