Privacy Policy
Emily Politics
Last updated: 24 March 2026
1. Introduction
Emily Politics is operated by Sinatra AI Ltd, registered in England and Wales.
We take your privacy seriously. This policy explains what personal data we collect, why we collect it, and your rights under UK data protection law.
Contact us:
- Email: [email protected]
- Data Protection Officer: Stephen Canning, [email protected]
2. What Data We Collect
2.1 Data You Provide
When you create an account, we collect:
- Email address (required for login and service delivery)
- Name (optional, used for personalisation)
- Password (hashed and encrypted, never stored in plain text)
When you subscribe, Stripe (our payment processor) collects:
- Payment details (card information, billing address)
- Transaction history
We do not see or store your full card details. Stripe handles all payment data in compliance with PCI-DSS standards.
2.2 Data We Generate
During your use of Emily Politics, we automatically collect:
- Usage data: searches performed, features used, session duration
- Technical data: IP address, browser type, device type
- Log data: error reports, performance metrics
All analytics are pseudonymised and stored in aggregate.
2.3 Parliamentary Data
Emily Politics analyses publicly available UK parliamentary data, including:
- Hansard debates, committee transcripts, written questions, voting records
- MPs' names, constituencies, and public statements
This data is already in the public domain. We do not collect or process private information about MPs or other parliamentarians.
3. Legal Basis for Processing
We process your data under the following legal bases:
| Data Type | Legal Basis | Why |
|---|---|---|
| Email, name, subscription status | Contract | Necessary to deliver the service you've paid for |
| Payment data | Contract | Required to process your subscription |
| Usage analytics | Legitimate Interest | To improve the service and fix bugs |
| Marketing emails | Consent | Only if you opt in |
You can object to legitimate interest processing at any time by contacting us.
4. How We Use Your Data
We use your personal data to:
- Provide access to Emily Politics and deliver search results
- Process your subscription payments and send receipts
- Send transactional emails (password resets, service updates, billing notifications)
- Improve the service through aggregated analytics
- Respond to support requests
- Comply with legal obligations (e.g., tax reporting, fraud prevention)
We do not:
- Sell your data to third parties
- Use your data for behavioural advertising
- Profile you for automated decision-making
- Share your data with anyone except our trusted processors (see Section 5)
5. Who We Share Your Data With
5.1 Service Providers (Data Processors)
We share your data only with vetted providers who help us run Emily Politics:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Supabase | Database, authentication | EU | GDPR-compliant, EU hosting |
| Stripe | Payment processing | EU/US | PCI-DSS, UK adequacy decision |
| Resend | Transactional emails | EU | GDPR-compliant, DPA in place |
| PostHog | Analytics | EU | GDPR-compliant, EU hosting |
| AWS | Vector database hosting | EU (Stockholm) | ISO 27001, data residency controls |
| Vercel | Web hosting | EU | GDPR-compliant, EU deployment |
| Google (Gemini API) | AI language model, text embeddings | EU/US | Data not used for training (API ToS), EU-US DPF |
| Qdrant | Vector search (public parliamentary data only) | EU | GDPR-compliant, EU hosting |
| Sentry | Error tracking and monitoring | EU | GDPR-compliant, IP anonymisation |
| Tawk.to | Live chat support | US/EU | SCCs in place |
All processors are bound by data processing agreements (DPAs) and cannot use your data for their own purposes. See our full sub-processor list for details.
5.2 Legal Disclosures
We may disclose your data if required by law (e.g., court order, tax authority request) or to protect our legal rights.
6. Data Retention
We keep your data only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data (active subscription) | Duration of subscription + 30 days | Service delivery |
| Account data (cancelled subscription) | 30 days after cancellation | Allow for reactivation |
| Conversation history | Duration of subscription + 30 days | Core service feature |
| Engagement records & documents | Duration of subscription + 30 days | Core service feature |
| AI agent memory | Duration of subscription + 30 days | Personalisation |
| Payment records | 7 years | UK tax law (HMRC requirement) |
| Usage logs | 90 days | Debugging and security |
| Support correspondence | 2 years | Legal compliance, dispute resolution |
After these periods, data is permanently deleted from our systems.
7. Data Security
We protect your data with:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Secure authentication (bcrypt password hashing, optional MFA)
- EU-only hosting (no data stored outside UK/EU)
- Access controls (role-based permissions, audit logging)
- Regular security reviews including penetration testing
No system is 100% secure. If a breach occurs, we will notify you and the ICO within 72 hours as required by law.
8. Your Rights
Under UK GDPR, you have the right to:
- Access your data – Request a copy of everything we hold about you
- Rectify your data – Correct inaccurate information via your account settings
- Erase your data – Delete your account and all associated data (except where we have a legal obligation to retain it)
- Restrict processing – Pause processing in certain circumstances
- Data portability – Receive your data in a machine-readable format
- Object to processing – Stop processing based on legitimate interest
- Withdraw consent – For any consent-based processing (e.g., marketing emails)
To exercise these rights, email [email protected]. We will respond within 30 days.
9. Cookies
Emily Politics uses essential cookies only:
- Authentication cookies (to keep you logged in)
- Session cookies (to maintain your search context)
We do not use tracking cookies, advertising cookies, or third-party analytics cookies beyond PostHog (which is privacy-respecting and EU-hosted).
You can disable cookies in your browser, but this will prevent you from using Emily Politics.
10. International Transfers
All your data stays in the UK and EU. We do not transfer data to countries without UK adequacy decisions, except:
- Stripe (US parent company, but covered by UK adequacy decision for US companies under EU-US Data Privacy Framework)
11. Children's Privacy
Emily Politics is a professional service for political professionals, journalists, and researchers. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, contact us immediately.
12. Changes to This Policy
We may update this policy from time to time. If we make significant changes, we will:
- Update the "Last Updated" date at the top
- Email you at your registered address
- Post a notice on the website
Continued use of Emily Politics after changes means you accept the updated policy.
13. Complaints
If you're unhappy with how we handle your data, you can:
- Contact us: [email protected]
- Complain to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
14. ICO Registration
Sinatra AI Ltd is registered with the ICO. Our registration covers:
- Processing staff and customer data
- Providing subscription-based intelligence services
This policy is written in plain English and complies with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations.
Questions? Email [email protected] or visit Terms of Service.