Delilah Technology Group LLC

Privacy Policy

Effective January 1, 2026 · Last Updated: April 13, 2026

Privacy Policy Overview

Delilah Technology Group LLC ("Delilah," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Delilah Community mobile application, the Delilah Pro web platform, and all related services (collectively, the "Platform").

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not use your data to train third-party artificial intelligence models.

By using the Platform, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Platform. See also our Terms of Service.

1. Information We Collect

We collect several categories of information to provide, maintain, and improve the Delilah platform. This includes information you provide directly, information generated through your use of our services, and information obtained from third-party sources. The categories below describe the data we may collect from or about you.

Account Information

  • Full name
  • Email address
  • Password (stored only in hashed form — we never store plaintext passwords)
  • Username
  • Profile photo
  • Account preferences and settings
  • Home state selection
  • Topic interests and policy area preferences
  • Onboarding selections and configuration choices

Payment & Billing Data

  • Subscription type and plan tier
  • Credit balance and billing period
  • Payment processor customer ID
  • Subscription status (active, canceled, past due)
  • We do NOT store your credit card number, expiration date, or CVC
  • Our payment processor independently collects: card number, expiration, CVC, billing address, and payment history

User-Generated Content

  • Posts, comments, stories, photos, and videos
  • Support, Protest, and Solution actions on bills
  • Messages sent through the platform
  • Saved searches and tracked bills
  • Report queries and configurations
  • AI conversation history (Hey Delilah)

AI Query Data

  • Questions and prompts submitted to Hey Delilah
  • Conversation context and follow-up messages
  • Tool usage patterns within AI conversations
  • Queries are sent to third-party AI providers for processing
  • AI providers may use aggregated or anonymized data per their own policies

Legislative Interaction Data

  • Bills you view, search for, or track
  • Reports generated and report queries
  • Bill comparison activity
  • Voting record views and legislator profiles viewed
  • Search queries and filters applied
  • Causeway map interactions

Device & Technical Information

  • IP address
  • Browser type and version
  • Device model and operating system
  • App version
  • Screen resolution
  • Crash logs, diagnostics, and performance metrics
  • Referral URLs and page navigation paths

Cookies & Similar Technologies

  • Session cookies for authentication
  • Authentication tokens
  • Analytics cookies for usage patterns
  • Performance cookies for service optimization

Location Information

  • Approximate location derived from IP address
  • Precise location only with your explicit permission (used for Causeway map features)
  • We never collect precise location data without your active consent

Information from Third Parties

  • Legislative data from official government sources and third-party data providers (public records)
  • Analytics providers (aggregated usage and performance data)
  • Social media platforms (if you choose to connect your account)

Payment Security: Delilah Pro subscriptions are processed by a PCI-DSS Level 1 certified third-party payment processor. We never receive, store, or have access to your full credit card number, expiration date, or CVC.

2. How We Use Your Information

We use the information we collect for the following purposes. We process your data only when we have a lawful basis to do so, including to fulfill our contractual obligations to you, for our legitimate business interests, to comply with legal requirements, or with your consent.

Provide, operate, maintain, and improve the Delilah platform and its features
Process payments, manage subscriptions, and administer billing through our payment processor
Deliver AI-powered legislative analysis, search results, and bill insights
Send notifications about bill updates, subscription events, and platform changes
Send marketing communications (with clear opt-out in every message)
Personalize your content feed, recommendations, and policy area suggestions
Enable social features, community engagement, and civic action tools
Generate semantic reports, bill comparisons, and legislative analytics
Enforce our Terms of Service, prevent fraud, and ensure platform security
Comply with applicable law, legal processes, and regulatory obligations
Communicate with you about your account, service changes, and support inquiries
Aggregate and anonymize data for internal analytics and product improvement
Train and improve our proprietary systems and platform algorithms

Your data is NOT used to train AI models. We do not provide your personal data to any third-party AI provider for the purpose of training their machine learning models. Your queries are processed to generate responses only.

Important: We do not provide legal advice. Information displayed on Delilah may be inaccurate, incomplete, or out of date. Always verify legislative information with official government sources.

3. How We Share Your Information

We share your information only in the limited circumstances described below. We do not sell your personal information, and we do not share personal information for cross-context behavioral advertising.

Service Providers

We share information with trusted third-party service providers that help us operate the platform, including providers of payment processing, cloud infrastructure, authentication, database services, AI model processing, web hosting, and legislative data. Each provider is contractually obligated to protect your data and may only use it to perform services on our behalf.

AI Providers

When you use Hey Delilah, your query text and conversation context are sent to third-party AI model providers to generate responses. These providers process your query under enterprise data processing agreements. We do NOT send your name, email address, payment information, or other personal identifiers to AI providers — queries are transmitted without personally identifying information.

Legal & Safety

We may disclose information if required by law, regulation, legal process, subpoena, court order, or governmental request. We may also disclose information when we believe disclosure is necessary to protect the rights, property, or safety of Delilah, our users, or the public, or to enforce our Terms of Service.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our platform before your information becomes subject to a different privacy policy.

With Your Consent

We may share your information in other circumstances with your explicit, informed consent.

Aggregated & De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may share aggregate statistics about platform usage, legislative trends, or engagement metrics.

We Do Not Sell Your Personal Information. Period.

We Do Not Share Personal Information for Cross-Context Behavioral Advertising.

4. Your Privacy Rights

Regardless of your state of residence, we provide the following privacy rights to all Delilah users. We are committed to treating every user with the same standard of privacy protection.

Rights Available to All Users

Access

Request a copy of the personal information we hold about you

Correct

Request correction of inaccurate or incomplete personal information

Delete

Request deletion of your personal information and account data

Opt-Out

Opt out of marketing communications and certain data processing

Data Portability

Receive your data in a structured, commonly used, machine-readable format

Limit Use

Restrict how we use your sensitive personal information

California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights:

  • Right to know the categories and specific pieces of personal information collected about you
  • Right to know the categories of sources, business purposes, and third parties with whom information is shared
  • Right to delete your personal information, subject to certain exceptions
  • Right to opt out of the sale or sharing of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights
  • Right to correct inaccurate personal information
  • Right to limit the use and disclosure of sensitive personal information
  • Right to designate an authorized agent to make requests on your behalf

Categories of PI collected: Identifiers, commercial information (subscription data), internet/electronic network activity, geolocation data, and inferences drawn from the above. Business purposes: providing our services, processing payments, security, analytics, and customer support.

Virginia, Colorado, Connecticut, Utah & Other States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon, Texas, Montana, and other states with comprehensive privacy laws are entitled to similar rights including access, correction, deletion, data portability, and the right to opt out of targeted advertising, sale of personal data, and certain profiling. We extend equivalent protections to residents of all U.S. states, even where not legally required.

How to Exercise Your Rights

  • Email us at privacy@delilah.tech with your request
  • Use in-app account settings to manage preferences and data
  • We will acknowledge your request within 15 days
  • We will respond to and fulfill verified requests within 45 days (extendable by 45 days for complex requests with notice)
  • We may need to verify your identity before processing your request

Appeals

If we deny your privacy request, you may appeal by emailing privacy@delilah.tech within 45 days of receiving our decision. Include "Privacy Appeal" in the subject line and describe the basis for your appeal. We will respond to appeals within 60 days. If you are unsatisfied with the outcome of your appeal, you may contact your state attorney general.

5. Children's Privacy

Delilah is not intended for children under the age of 13. We comply fully with the Children's Online Privacy Protection Act (COPPA) and similar laws.

Under 13

We do not knowingly collect, use, or disclose personal information from children under 13 years of age. If we discover that we have inadvertently collected information from a child under 13, we will take immediate steps to delete that information from our systems.

Ages 13-17

Minors between the ages of 13 and 17 may use Delilah with the consent and supervision of a parent or legal guardian, where required by applicable law. Parents or guardians who allow minors to use the platform are responsible for monitoring their activity.

Parent/Guardian Rights

If you are a parent or guardian and believe that your child under 13 has provided personal information to Delilah, please contact us immediately at privacy@delilah.tech. We will promptly investigate and delete any such information.

6. Data Security

We implement comprehensive, industry-standard security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

HTTPS/TLS Encryption

All data in transit

AES-256 at Rest

All stored data encrypted

Role-Based Access

Strict access controls

Network Security

Firewalls and IDS

Authentication Security

Industry-standard authentication with secure password hashing. We never store plaintext passwords. Multi-factor authentication support is available.

Payment Security

All payment processing is handled by a PCI-DSS Level 1 certified third-party payment processor — the highest level of payment security compliance. We never receive, store, or process your full credit card number.

Infrastructure Security

Regular security assessments and vulnerability scanning. Network firewalls, intrusion detection systems, and continuous monitoring. Our cloud infrastructure providers maintain SOC 2 Type II compliance.

Incident Response

We maintain documented incident response procedures. In the event of a data breach that poses a risk to your rights, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of confirmation.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the platform at your own risk.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are as follows:

Account Data

While active + 30 days

Retained while your account is active, then deleted within 30 days of a verified deletion request

Payment Records

7 years

Retained as required by tax and financial regulations (our payment processor retains their own records per their policy)

AI Conversations

While active

Retained while your account is active and deleted upon account deletion

Server Logs

90 days

Technical server logs are automatically purged after 90 days

Analytics Data

26 months

Aggregated analytics and usage data is retained for up to 26 months

Legislative Data

Indefinite

Public legislative records are retained indefinitely as they are public information

Backup Data

90 days after deletion

Backup copies are purged within 90 days of deletion from primary systems

Legal Hold

As required

Data may be retained longer if subject to legal proceedings, investigations, or regulatory obligations

You may request deletion of your account and associated data at any time by contacting privacy@delilah.tech. We will process verified deletion requests within 45 days.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to operate, secure, and improve our platform. Below are the categories of cookies we use and their purposes.

Essential Cookies

Required

Required for authentication, security, and core platform functionality. These cannot be disabled as the platform cannot operate without them.

Analytics Cookies

Help us understand usage patterns, feature popularity, and how users navigate the platform. Used to improve our services.

Performance Cookies

Measure platform performance, load times, and error rates to ensure a fast and reliable experience.

Preference Cookies

Remember your settings, language preferences, and display choices across sessions.

We Do NOT Use Advertising or Tracking Cookies.

Do Not Track: We honor Do Not Track (DNT) signals sent by your browser. When we detect a DNT signal, we disable non-essential analytics and performance cookies. You can also manage cookie preferences through your browser settings.

9. AI-Specific Privacy Disclosures

Delilah uses proprietary and third-party artificial intelligence models to provide legislative analysis, answer questions, generate reports, and deliver insights. This section explains exactly how your data interacts with AI systems.

What AI Sees

When you submit a query to Hey Delilah, the AI receives: your query text, the conversation context (prior messages in the same session), and any legislative data retrieved by our tools (bill text, sponsor information, voting records, etc.). This data is necessary to generate accurate, contextual responses.

What AI Does NOT See

AI providers never receive your name, email address, password, payment information, IP address, device information, or any other personal identifiers. Queries are transmitted to AI providers without any information that could identify you personally.

AI Provider Data Practices

Our third-party AI providers process your queries under enterprise data processing agreements. Under these agreements, they do NOT use your queries to train their machine learning models. Queries are processed solely to generate responses and are subject to their respective data retention and security policies.

AI Outputs

AI-generated responses are created in real-time based on your query and available legislative data. Responses may be cached temporarily for performance optimization. All AI conversation history is deleted when you delete your account.

No Third-Party AI Training

We do NOT use your personal data, queries, conversation history, or any user-generated content to train third-party AI models. Your data remains yours. Our AI providers are contractually prohibited from using your queries for model training purposes.

For professional users: Delilah Pro provides enhanced AI-powered analysis including full-text bill insights, semantic search, and AI-generated reports. The same privacy protections apply to all AI features across both Delilah Community and Delilah Pro.

10. International Users

Delilah is operated by Delilah Technology Group LLC, a company based in the State of Florida, United States. Our services are primarily intended for users located in the United States.

Data Location

All data collected by Delilah is stored and processed in the United States using third-party cloud infrastructure providers. By using our platform, you acknowledge and consent to the transfer, processing, and storage of your data in the United States.

Access from Outside the US

If you access Delilah from outside the United States, you do so at your own initiative and are solely responsible for compliance with applicable local laws and regulations. Data protection laws in the United States may differ from those in your jurisdiction.

No International Compliance

We do not currently comply with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, or other international data protection frameworks. If you are located in the EU, UK, or other regions with comprehensive data protection laws, please be aware that your use of our platform involves the transfer of your data to a jurisdiction that may not provide equivalent protections.

11. Third-Party Links & Services

Our platform may contain links to third-party websites, services, or applications that are not operated or controlled by Delilah. This includes links to official government legislative websites, news sources, and other external resources. We are not responsible for the privacy practices, content, or security of any third-party sites. We strongly recommend that you review the privacy policy of every website you visit. The inclusion of a link on our platform does not imply endorsement of the linked site or its practices.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

Material Changes

For material changes that significantly affect how we collect, use, or share your personal information, we will provide at least 30 days advance notice via email to your registered email address or through a prominent in-app notification before the changes take effect.

Minor Changes

For minor changes (such as clarifications, formatting, or corrections that do not materially affect your rights), we will update the "Last Updated" date at the top of this page.

Continued Use

Your continued use of Delilah after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you should stop using the platform and may request deletion of your account.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We take every privacy inquiry seriously and will respond promptly.

Privacy Inquiries

privacy@delilah.tech

Data access, correction, deletion requests, and privacy rights

Legal Inquiries

legal@delilah.tech

Legal process, subpoenas, and regulatory matters

General Support

support@delilah.tech

Account help, billing questions, and technical support

Delilah Technology Group LLC
State of Florida, United States

For California residents: You may also contact the California Attorney General at oag.ca.gov/contact if you believe your privacy rights have been violated.

Questions?

If you have questions about this Privacy Policy or our data practices, contact us at privacy@delilah.tech or legal@delilah.tech.

Delilah Technology Group LLC · State of Florida