Privacy Policy

Declaration 2.0 is operated by Hoelscher Creative, LLC. We take your privacy seriously and believe in transparency about what data we collect and how we use it.

What We Collect

When you create an account:

• Email address (for verification and login)
• Display name (shown on the public signer roll if you choose "public")
• Password (stored as a salted hash — we never see or store your actual password)
• Newsletter preference (whether you opted in to monthly updates)

When you sign a declaration:

• Which declaration you signed
• Whether you signed publicly or privately
• The date you signed

When you subscribe to the newsletter (without an account):

• Email address only

Automatically:

• Standard server logs (IP address, browser, pages visited) — retained for 30 days for security purposes

What We Don't Collect

• We do not use tracking cookies or analytics pixels
• We do not sell, rent, or share your personal data with third parties
• We do not build advertising profiles
• We do not track you across other websites

How We Use Your Data

• Email: To verify your account, send password resets, and (if opted in) notify you of new monthly declarations
• Display name: To show on the public signer roll — only if you choose "public" when signing
• Signature data: To count verified signers and display the total publicly

Third-Party Services

We use the following services to operate Declaration 2.0:

• Supabase (auth and database) — your account data is stored in Supabase's infrastructure, hosted in the United States. Supabase Privacy Policy
• Vercel (hosting) — serves the website. Vercel Privacy Policy
• Mailchimp (newsletter) — if you opt in to email updates, your email and display name are shared with Mailchimp. Mailchimp Privacy Policy
• Sanity (content management) — editorial content only, no user data. Sanity Privacy Policy

Your Rights

You have the right to:

• Access your data — view your profile and signature history at /account
• Withdraw a signature — remove your signature from any declaration at any time via the sign page
• Unsubscribe from emails — toggle the newsletter off at /account, or click "unsubscribe" in any email
• Delete your account — permanently delete all your data, including all signatures and your Mailchimp subscription, at /account

Account deletion is immediate and irreversible. When you delete your account, we remove your email, display name, all signatures, your profile, and your newsletter subscription. The aggregate signer counts on declarations decrease accordingly.

Public vs. Private Signatures

When you sign a declaration, you choose whether your display name is shown publicly. If you sign publicly, your display name and sign date appear on the declaration's public signer roll. If you sign privately, you are counted in the total but your name is not displayed. You can withdraw your signature at any time regardless of visibility setting.

Data Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, row-level security policies on our database, and email verification for all accounts. No system is perfectly secure, but we take reasonable steps to protect your information.

Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date at the top. For significant changes, we will notify newsletter subscribers via email.

Contact

Questions about this privacy policy or your data? Email privacy@declaration2.org.