Skip to main content

Privacy Policy

Last updated: March 24, 2026

Gavelin.ai ("Gavelin," "we," "us," or "our") is operated by Gavelin.ai. This Privacy Policy describes how we collect, use, and protect your information when you use our website at gavelin.ai, our API, our MCP server, and related services (collectively, the "Service").

1. Information We Collect

Account Information: When you create an account, we collect your email address, name, and organization (if provided). If you subscribe to a paid plan, payment is processed by Stripe — we do not store credit card numbers.

Usage Data: We collect information about how you use the Service, including search queries, features accessed, and pages visited. For API and MCP server access, we log the API key used, tools called, and timestamps for rate limiting and abuse prevention.

Technical Data: We automatically collect IP address, browser type, device information, and referring URLs when you visit our website.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process payments and manage subscriptions
  • To send keyword alert notifications you have configured
  • To enforce rate limits and prevent abuse
  • To communicate with you about your account or the Service
  • To comply with legal obligations

3. Information We Do Not Collect

We do not collect or store conversation histories from AI clients (Claude, ChatGPT, or other tools) that connect to our MCP server. MCP tool calls are stateless — we process the request, return results, and do not retain the surrounding conversation context.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

  • Stripe — for payment processing
  • Supabase — for database hosting and authentication
  • Vercel — for website hosting
  • Resend — for transactional email delivery (alerts, password resets)

Each provider processes data under their own privacy policy and is contractually obligated to protect your information.

5. Legislative Data

The legislative data in our Service — bills, hearing transcripts, vote records, and legislator information — is sourced from public government records and APIs. This data is publicly available and is not subject to privacy restrictions.

6. Data Security

We use industry-standard security measures to protect your information, including encrypted connections (TLS/HTTPS), hashed API keys, and row-level security on database tables. However, no method of transmission over the internet is 100% secure.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law. Usage logs for rate limiting and abuse prevention are retained for 90 days.

8. Your Rights

You may:

  • Access, update, or delete your account information at any time
  • Request a copy of the personal data we hold about you
  • Opt out of non-essential communications
  • Delete your account by contacting us

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at: hello@gavelin.ai

Gavelin.ai
Denver, Colorado