Politically Informed

Privacy Policy

Last updated: 2026-05-22

Plain-English summary

Three things to know up front:

  • We collect the minimum personal data needed to run sign-in, billing, and AI features. Nothing more.
  • We never sell, share, or rent your personal data. We do not run advertising on this site.
  • Your AI prompts and responses are NOT stored by us. They travel between you and your chosen LLM provider. We log only metadata about the call (provider, model, success/failure).

Who we are

Politically Informed is operated by Infinite Futures AI Inc., an Alberta-incorporated company. We are responsible for the personal information you provide to this service.

Mailing address:
Infinite Futures AI Inc.
13435 130 Street NW
Edmonton, Alberta T5L 1M1
Canada

What we collect

We collect the following categories of personal information:

  • Sign-in identifiers: Your email address (to send magic-link sign-in emails and bill you for a subscription). Optionally a display username.
  • Session metadata: When you sign in, we record the timestamp, your user agent, and your IP address. This protects against session hijacking and helps us detect abuse.
  • Billing data: Subscribers' billing information is handled directly by Stripe Inc. We receive only a Stripe customer identifier and subscription status. We never store credit card numbers.
  • AI provider credentials: Subscribers who configure their own LLM provider have their API key encrypted at rest using Fernet/AES with a server-side encryption secret. The plaintext key is only decrypted at call time and never logged.
  • AI usage metadata: For each AI explainer call, we log: which provider was used, which model, approximate input/output token counts (for transparency), and success/failure status. We do NOT log your prompts or the responses.
  • Email delivery records: Sign-in and account-related emails are sent via Postmark (Wildbit, LLC). Postmark retains delivery logs (delivery, bounce, open) for a limited period to support diagnostics. If we send product announcements or outreach email, those messages are sent with sender identification and an unsubscribe mechanism.

What we do NOT collect

  • We do not run third-party analytics (no Google Analytics, no Meta Pixel, no behavioral trackers).
  • We do not store the contents of AI prompts, AI responses, or any conversation history.
  • We do not collect browsing history beyond the access logs required to operate the service.
  • We do not require, request, or collect any government-issued identity documents.

How we use it

  • Email address: to send sign-in links and account-related notices.
  • Session metadata + IP: to maintain your signed-in state and detect anomalies.
  • Billing data: to process and manage your subscription.
  • AI provider credentials: to make AI explainer calls when you request them.
  • AI usage metadata: to enforce optional daily caps (if configured) and to give you transparency about your own usage.

Third-party processors we use

To run the service, we rely on the following processors. Each is bound by a Data Processing Agreement or equivalent contractual privacy protections:

  • Stripe Inc. — payments processor. US-based. Stripe's privacy policy governs payment data.
  • Postmark (Wildbit, LLC) — transactional email delivery. US-based. Postmark processes the email address and delivery metadata only.
  • Cloudflare, Inc. — edge network and DNS. US-based. Cloudflare sees your request metadata (IP, user agent, URL) but not your account credentials or AI prompts.

Your account data is stored on infrastructure physically located in Edmonton, Alberta, Canada, in premises owned and operated by Infinite Futures AI Inc. We do not use third-party cloud providers (AWS, GCP, Azure, etc.) for the core data store. The hardware is on-premises and under direct operator control. Cross-border processing occurs only through the named third-party processors above for the specific subsystems they handle (Stripe for payments, Postmark for transactional email, Cloudflare for edge network and DNS).

Where your data lives

Personal data is stored as follows:

  • Accounts + sessions + AI usage logs: PostgreSQL database running on operator-controlled hardware in Edmonton, Alberta, Canada.
  • Encrypted LLM provider keys: same database, encrypted at rest with Fernet/AES; the encryption secret is stored separately in our secrets-management layer.
  • Email delivery records: Postmark (US).
  • Payment records: Stripe (US).

Self-hosting note: because we do not rely on third-party cloud storage for account or AI-credential data, your records do not leave operator-controlled physical premises except when explicitly routed to Postmark (for email delivery) or Stripe (for payment processing). This is unusual for a small SaaS — and it's a deliberate posture.

Retention

  • Account records and sessions are retained as long as your account is active. If you delete your account from the Account page, your user record, sessions, login tokens, and encrypted LLM credentials are deleted within 30 days.
  • AI usage metadata is retained for 12 months for billing and transparency purposes, then deleted.
  • Email delivery records held by Postmark follow Postmark's retention policy (typically 45 days).
  • Stripe retains billing records as required by applicable tax and financial regulations.

Your rights

Under Alberta's Personal Information Protection Act, PIPEDA where applicable, and other applicable privacy legislation, you have the right to:

  • access the personal information we hold about you;
  • correct inaccurate personal information;
  • withdraw consent and delete your account;
  • complain to the Office of the Information and Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada if you believe we have mishandled your personal data.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Cookies

This site uses a single first-party cookie ('pi_session') to maintain your signed-in state. The cookie is httponly, samesite=lax, secure (set over HTTPS only). We do not use any tracking cookies or third-party advertising cookies.

Changes to this policy

We may revise this policy. The 'Last updated' date reflects the most recent revision. Material changes will be announced to existing subscribers by email at least 14 days before they take effect.

Contact

For privacy questions or to reach the person responsible for privacy compliance: [email protected].