Your data is yours. Causal does not sell it, does not share it with advertisers, and collects only what is needed to make the platform work. You can request deletion of your account and all associated data at any time.
Causal is a civic-financial platform currently in early development. We are based in Berlin, Germany. Questions about this policy can be directed to [email protected].
Your email address is used to send you a magic link to sign in. We do not store passwords.
A street address you provide is used to identify your elected representatives via the Google Civic Information API. A primary region you set is used to surface relevant organisations and actions. Neither is shared with third parties for any other purpose.
When you mark an action as done or dismiss it, that engagement is stored to personalise your experience and maintain your contribution record. This data is associated with your account and is not shared.
When you check a bank, Causal receives only the bank name you type in. We do not receive your account number, balance, transaction history, or login credentials.
If you choose to forward advocacy organisation emails to your Causal address, the content of those emails is processed by our AI pipeline to extract action information and is then discarded. Raw email content is not stored beyond what is needed for extraction.
Standard server logs (IP address, browser type, pages visited) are retained for up to 30 days for security and diagnostic purposes only.
Google Civic Information API — your street address is sent to Google to retrieve representative information. Google's privacy policy applies: policies.google.com/privacy
Bank check data — Causal uses a lookup based on the bank name you provide to show a fossil-fuel flag (if any). No bank account connection is performed.
Postmark / ActiveCampaign — transactional emails (magic links, forwarded confirmations) are sent via Postmark. Email addresses are processed by Postmark for delivery only.
Hetzner — your data is stored on servers operated by Hetzner Online GmbH in Helsinki, Finland (EU). Hetzner's data processing terms apply.
Gemini (Google) — email content submitted for action extraction is processed by Google's Gemini API. Content is not stored by Causal beyond extraction. Google's API terms apply.
Under GDPR you have the right to:
To exercise any of these rights: [email protected]. Deletion requests are fulfilled within 30 days.
Account data is retained until you request deletion. Action engagement records are retained to maintain your contribution history. Server logs are retained for 30 days. Bank connection tokens are deleted when you disconnect your bank or delete your account.
Data is transmitted over HTTPS. Data at rest is stored on encrypted servers in the EU. Access to production data is restricted to authorised personnel only.
Causal's long-term position is that your civic and financial data belongs to you — not to the platforms that process it. We are building toward a model where users hold their own data and grant Causal read access rather than Causal holding your data on your behalf. This aligns with emerging open standards for user-controlled data storage, including the W3C Solid protocol and the principles of the EU's Data Governance Act.
We are not there yet. This policy describes how we handle your data today. As our architecture evolves toward user data sovereignty, we will update this policy to reflect those changes. We will not make your data harder to move or delete as the platform develops — only easier.
We will notify users of material changes by email and by posting an updated version of this policy here.