Congress Trade Alerts Privacy Policy
TL;DR
We collect three things:
- Your email if you join the waitlist or sign up for alerts
- Anonymous, daily-rotating usage signals so we understand how the site is used
- Your push notification token if you opt into mobile alerts
We don't use third-party analytics. We don't sell your data. We don't share it with advertisers. We have no advertising partners.
Who we are
This privacy policy is published by Freshcod3s LLC, a West Virginia limited liability company (the “Company”, “we”, or “us”). Congress Trade Alerts (CTA) is our product. It spans:
- A website at https://congresstradealerts.com
- A mobile app for iOS and Android
- An outbound Telegram channel
- A public read-only API (MCP server) for developers and AI agents
This policy covers all of them.
- Privacy questions / data requests: [email protected]
- Developer page: https://freshcod3s.com
What we collect
On the website (congresstradealerts.com)
First-party server-side counting only, no third-party trackers, no fingerprinting. When you visit the site, our Cloudflare Worker records a handful of funnel events from our own server — signup, trade view, push enable, paid conversion, pricing view. We do not use Google Analytics, Plausible, Fathom, or any third-party analytics service. There is no client-side analytics SDK on the website or in the mobile app.
Before storing anything we anonymize the request:
- We truncate the originating IP address to /24 (IPv4) or /48 (IPv6). The raw IP is discarded before any further processing.
- We hash that truncated IP together with your browser's user-agent string into one of 100 anonymous cohort buckets (a number between 0 and 99). The full user-agent string is never stored.
- We store only the bucket number alongside the event name, a timestamp, and a coarse referer category (search / x / reddit / direct / newsletter / other).
Because many users share each of the 100 buckets, the bucket number is not a personal identifier. We cannot identify you individually from the events we record, and we do not attempt to.
Waitlist and alert signups. When you sign up for the waitlist or for any alert channel on the website, we collect:
- Your email address
- Your selected tier or alert preferences
- A SHA-256 hash of the IP address you signed up from (for spam prevention; the raw IP is not stored)
Telegram channel signups. If you sign up to receive alerts via Telegram, we collect your Telegram chat ID so we know where to send messages. Our Telegram bot is outbound-only — we do not read your Telegram messages or your activity on Telegram.
Server-side error reports. We use Sentry to capture server-side errors so we can fix bugs. Sentry receives technical metadata (stack traces, request paths, timestamps). It does not receive your email address, your session hash, or any data tied to you personally.
In the mobile app
The mobile app is the cleanest data surface in the product:
- Push notification token (Expo Push token): stored on your device in secure storage and sent to our server only if you opt in to push notifications. The token tells Apple or Google how to deliver our alerts to your device; it does not identify you to us as a person.
- Your selected alert preferences: which politicians you want to be notified about. Stored on our server alongside your push token so we know which alerts to send you.
- Platform string:
"ios"or"android", so we can format notifications correctly.
The mobile app contains no analytics, no error-reporting SDKs, and no third-party trackers. The only OS permission we request is notifications, and we only request it when you actively toggle push alerts on.
Through the public API (MCP server)
We operate a public, unauthenticated developer API at
/mcp providing 12 read-only tools over our
congressional-trades dataset. When a developer or AI agent calls this
API, we log the tool name and arguments for monitoring and abuse
prevention. We do not log caller identity beyond
standard Cloudflare edge metadata.
What we do not collect
- Your name, mailing address, or phone number (we never ask)
- Payment information (see Payments below)
- Your browsing history outside Congress Trade Alerts
- Your contacts, photos, calendar, location, or microphone
- Any biometric data
- Any data from connected accounts on other services
Payments
Congress Trade Alerts has historically offered a paid "Pro" subscription tier. As of the effective date of this policy, paid subscriptions are not active — the relevant endpoint returns a service-unavailable response, and no payments are being processed.
If we re-enable paid subscriptions in the future:
- We will update this policy and the "Last Updated" date.
- Payments will be processed by Stripe under Stripe's privacy policy.
- We will only receive confirmation that a payment occurred and your billing email. We will never see your card number or full billing address.
Third parties
We use these infrastructure providers. None of them are advertising partners.
- Cloudflare — hosting, Workers compute, edge caching, request handling at the network edge. Privacy policy.
- Upstash (Redis) — caching of trade data and rate-limit counters
- Sentry — server-side error reporting (no personal data sent). Privacy policy.
- Apple Push Notification Service and Firebase Cloud Messaging — deliver push notifications to your device when you have opted in. We send only the notification payload (a short message about a trade) and your push token.
- Telegram — delivers messages to your Telegram chat ID if you signed up for the Telegram channel.
We do not sell, rent, or trade your personal data with any third party for marketing or monetization purposes.
Retention
- Email addresses and signup data: retained until you unsubscribe. Unsubscribing permanently deletes your row from our database — it is not soft-deleted or archived.
- Session-hash analytics records: retained for up to 90 days for usage analysis, then deleted.
- Push notification tokens: retained until you uninstall the app, revoke notification permission, or toggle push alerts off in the app. We are notified by Apple or Google when a token becomes invalid and remove it.
- Server-side error logs (Sentry): retained according to Sentry's defaults (90 days) and contain no personal data.
Your rights
You can:
- Unsubscribe at any time. Use the unsubscribe link in any email we send, or email [email protected]. Unsubscribing deletes your email address and all related signup data from our database.
- Disable push notifications by toggling them off in the mobile app or in your operating system's notification settings. Your push token will be removed from our server.
- Request access or deletion of any other data we hold about you. Email [email protected].
If you are an EU/UK resident covered by GDPR, you have rights to access, correct, port, restrict, and delete personal data we hold about you, and to object to or withdraw consent for processing.
If you are a California resident covered by CCPA/CPRA, you have rights to know, access, correct, delete, and limit use of personal information we hold about you. We do not sell or share personal information for cross-context behavioral advertising.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
Children's privacy
CTA is not directed at children under 13 and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, email us and we will delete it.
International data transfers
We are based in the United States. Data we collect is processed in the US and at Cloudflare's global edge network. If you access CTA from outside the US, your data may be transferred to and processed in the US.
Changes to this policy
If we change what data CTA collects or how we use it, we will update this page and the "Last Updated" date at the top. Material changes will be announced via email to active subscribers, with a clear summary of what changed.
Contact
Privacy and data requests: [email protected]
freshcod3s (developer page): https://freshcod3s.com