Privacy Policy

1. Overview

Just A Bill is operated by Polished Products ("we," "us," "our," or "the Company"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website justabill.me and use the Just A Bill service (collectively, "the Service"). By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: If you create an account, we collect your email address and a hashed password. We never store passwords in plain text.
• Votes: Your votes on bill sections are stored to provide personalized features and aggregate statistics.
• Email Subscriptions: If you subscribe to our newsletter, we store your email address solely for that purpose.

2.2 Automatically Collected Information

• Session Data: Anonymous session identifiers to maintain your voting history during a browsing session.
• Usage Data: Basic analytics about page views and feature usage to improve the Service.
• Technical Data: Browser type, device type, IP address, and general location (country/region level only).

2.3 Information We Do NOT Collect

• Social Security numbers or government IDs
• Financial or payment information (donations, if any, are processed entirely by third-party payment providers such as Stripe; we never see your card number)
• Precise geolocation data
• Personal political affiliation beyond your expressed votes on bill sections

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Consent: When you create an account, subscribe to updates, or vote on bill sections.
• Legitimate Interest: When we process usage data to improve the Service, detect abuse, and maintain security.
• Legal Obligation: When we are required to retain or disclose data under applicable law.

You may withdraw your consent at any time by deleting your account or contacting us. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.

4. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service
• Display your voting history and personalized content
• Calculate and display aggregate, anonymized voting statistics
• Send updates if you have subscribed (you can unsubscribe at any time via the link in each email)
• Improve the Service based on usage patterns
• Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity

AI and Your Data: We use AI to generate bill summaries from official government text. Your personal data (account info, votes, email) is never sent to any AI model or used for AI training purposes. Votes are only used in aggregate, anonymized form for display purposes.

5. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

• Aggregate Statistics: We display anonymized, aggregate voting statistics publicly. These cannot be used to identify individual users.
• Service Providers: We use the following categories of third-party services, each contractually bound to protect your data:
  • Hosting and infrastructure providers
  • Email delivery services (for newsletter and transactional emails)
  • Payment processors (for donations, if applicable — e.g., Stripe)
• Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental request, or to protect the rights, property, or safety of our users or others.
• Business Transfers: If Polished Products is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email or prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

6. Data Security

We implement industry-standard security measures to protect your information:

• All data transmission is encrypted using HTTPS/TLS
• Passwords are hashed using bcrypt (never stored in plain text)
• Database access is restricted and monitored
• Regular security reviews and updates

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach
• Post a prominent notice on the Service
• Notify relevant regulatory authorities as required by applicable law (e.g., GDPR supervisory authorities, state attorneys general)
• Describe the nature of the breach, the data involved, and the steps we are taking to address it

8. Cookies, Local Storage, and Do Not Track

We use cookies and local storage to:

• Maintain your session and authentication status
• Remember your preferences (e.g., theme selection)
• Store your anonymous session ID for voting (if not logged in)

We do not use third-party tracking cookies or advertising cookies. You can configure your browser to refuse cookies, but this may limit some features of the Service.

Do Not Track: The Service does not currently respond to "Do Not Track" (DNT) browser signals because there is no industry-standard technology for honoring DNT. We do not track users across third-party websites. If a universal DNT standard is adopted, we will update this policy accordingly.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a structured, commonly used, machine-readable format
• Opt-out: Unsubscribe from email communications at any time
• Restriction: Request that we limit the processing of your data
• Objection: Object to our processing of your data based on legitimate interests

To exercise any of these rights, email us at support@polishedproducts.org. We will respond to verifiable requests within 30 days (or 45 days with notice, as permitted by law).

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA):

• Right to Know: You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of PI Collected in the Past 12 Months: Identifiers (email address, session ID), Internet or network activity (pages viewed, features used), inferences (aggregate vote patterns — anonymized only).

Categories Disclosed for a Business Purpose: Identifiers (to email delivery service for newsletters); Internet or network activity (to hosting provider for Service operation). We do not disclose personal information for any purpose unrelated to operating the Service.

To submit a CCPA/CPRA request, email support@polishedproducts.org with the subject line "CCPA Request." We will verify your identity before fulfilling any request.

11. Data Retention

We retain your data only as long as necessary:

• Account Data: Retained until you delete your account, after which it is purged within 30 days
• Anonymous Votes: Retained indefinitely as aggregate statistics (not tied to your identity once anonymized)
• Session Data: Automatically expires after 30 days of inactivity
• Email Subscriptions: Retained until you unsubscribe, after which your email is deleted within 7 days

12. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to such transfer.

13. Children's Privacy

The Service is not directed to children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you believe we have collected such information, please contact us immediately and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a prominent notice on the Service and, where we have your email address, by sending you a notification. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Texas, United States, without regard to its conflict of law provisions. Any disputes arising from this policy shall be resolved in accordance with the dispute resolution procedures set forth in our Terms of Use.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to file a complaint, please contact:

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.