Privacy Policy

1. Who This Covers

This Privacy Policy applies to all visitors and users of the BlueList.ai website, subscribers to BlueList products (including District Intelligence Reports), and clients who engage BlueList for data, analytics, or media buying services.

It does not cover the privacy practices of third-party services we link to, platforms where we place advertising on behalf of clients, or data obtained from public government sources (such as voter files and FEC filings), which are governed by their own applicable laws.

2. Information We Collect

Information you provide

Contact information — name, email address, phone number, organization, and role when you reach out, subscribe, or create an account.
Account and billing information — payment details (processed by our third-party payment processor; we do not store full card numbers), billing address, and subscription preferences.
Client engagement information — campaign details, race information, targeting parameters, and strategic inputs you share with us as part of a client engagement.
Communications — emails, messages, and other correspondence you send us.

Information collected automatically

Usage data — pages visited, time spent, features used, links clicked.
Device and browser data — IP address, browser type, operating system, screen resolution, and referring URL.
Cookies and similar technologies — see Section 11 below.

Information from public sources

In the course of providing our services, we access and process data from public government sources including voter registration files, FEC campaign finance filings, state election records, census data, and public ad transparency libraries (Google, Meta). This data is collected and used in accordance with applicable federal and state laws governing its access and use.

3. How We Use It

We use the information we collect to:

Deliver our products — generate and deliver District Intelligence Reports, perform data analytics, execute media buying, and provide the services you've engaged us for.
Process payments — manage subscriptions, process charges, issue invoices, and handle billing inquiries.
Communicate with you — respond to inquiries, send product updates, deliver scheduled reports, and share service-related notices.
Improve our services — analyze usage patterns, troubleshoot issues, and develop new features.
Maintain security — detect and prevent fraud, abuse, and unauthorized access.
Comply with legal obligations — meet recordkeeping, reporting, and disclosure requirements under applicable law, including FEC regulations.

We do not sell your personal information. We do not use your personal information for purposes unrelated to the services you've engaged us for.

4. When We Share It

We share your information only in the following circumstances:

Service providers — third parties that help us deliver our services, including cloud infrastructure providers, payment processors, email delivery services, and analytics tools. These providers are contractually required to use your information only to perform services on our behalf.
At your direction — when you instruct us to share data with specific parties (for example, when we deliver targeting data to an ad platform on your behalf as part of a media buying engagement).
Legal requirements — when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect rights, safety, or property.
Business transfers — in connection with a merger, acquisition, or sale of assets, in which case your information would be among the transferred assets. We would notify you before your information becomes subject to a different privacy policy.

Firewall protections

Client engagement information is subject to our FEC Coordination and Firewall Policy. Information from one client engagement is never shared with, accessible to, or used to benefit another client where a coordination risk exists. See our Firewall Policy for full details.

5. Political & Voter Data

BlueList processes political data as a core part of its services. This section addresses how we handle that data specifically.

Voter file data

We access voter registration records from state and county government sources in accordance with applicable state laws. In Arizona, voter data use is governed by A.R.S. § 16-168, which limits use to purposes relating to political or political party activity, political campaigns, or elections. We comply with these restrictions and with the equivalent laws of every state where we access voter data.

Campaign finance data

We aggregate and analyze data from FEC filings and state campaign finance disclosures. This data is public by law. Our use of it complies with FEC rules governing the sale and use of contributor information.

Political opinions and affiliations

Some state privacy laws classify political opinions or affiliations as sensitive personal information. Where applicable, we process such data only as permitted by law and in connection with the political campaign services our clients have engaged us to provide.

6. AI & Automated Processing

BlueList uses artificial intelligence and machine learning in its analytics, targeting, and reporting services. This includes:

Predictive models for voter behavior and donor propensity scoring
AI-generated narrative analysis in District Intelligence Reports
Automated audience segmentation and targeting optimization
Anomaly detection for campaign finance monitoring

Our AI systems process aggregated and individual-level data from public sources and client-provided inputs. We do not use AI to make decisions that produce legal effects on individuals or similarly significant outcomes without human review.

AI models trained for one client are isolated from other client engagements, consistent with our Firewall Policy.

7. Security

We implement technical and organizational measures to protect your information, including:

Encryption of data in transit (TLS) and at rest
Role-based access controls with least-privilege principles
Audit logging of access to client data systems
Isolated storage environments for client engagement data
Regular security reviews and updates

No system is perfectly secure. While we work to protect your information, we cannot guarantee absolute security and encourage you to use strong, unique passwords for any BlueList account.

8. Data Retention

We retain your information for as long as reasonably necessary to provide our services, comply with legal obligations, and resolve disputes.

Data Type	Retention Period
Account and contact information	Duration of relationship + 2 years
Billing and payment records	7 years (tax and accounting requirements)
Client engagement data	Duration of engagement + 5 years (FEC compliance)
Firewall compliance records	5 years from creation
Website usage data	24 months
Communications	3 years

When data is no longer needed, we delete or anonymize it. Client engagement data may be retained longer if required for legal or regulatory compliance.

9. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

Access — request a copy of the personal information we hold about you.
Correction — request correction of inaccurate or incomplete information.
Deletion — request deletion of your personal information, subject to legal retention requirements.
Portability — request a machine-readable copy of your data.
Opt-out of sale — we do not sell personal information, but you may exercise this right to the extent applicable law provides it.
Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@bluelist.ai. We will respond within 30 days (or sooner if required by applicable law). We will not discriminate against you for exercising your rights.

State-specific rights

California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale (though we do not sell personal information). You may designate an authorized agent to make requests on your behalf.

Other states: If you are a resident of a state with a comprehensive privacy law (including Colorado, Connecticut, Virginia, Utah, Oregon, Texas, or others), you may have additional rights. Contact us and we will address your request under applicable law.

10. Children’s Privacy

BlueList.ai is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@bluelist.ai and we will promptly delete it.

11. Cookies & Tracking

We use cookies and similar technologies on our website to:

Essential cookies — maintain session state, authenticate users, and process subscriptions. These are necessary for the site to function.
Analytics cookies — understand how visitors use our site so we can improve it. We use privacy-respecting analytics tools.

We do not use advertising or tracking cookies on the BlueList.ai website. We do not participate in cross-site behavioral advertising networks.

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, for significant changes, notify active subscribers and clients by email.

We encourage you to review this page periodically. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or want to exercise your privacy rights:

BlueList.ai LLC
Privacy Inquiries
privacy@bluelist.ai