Legal
Privacy Policy
Last updated: March 2026 · Effective date: March 2026 · civic-nexus.net
This Privacy Policy explains what data Civic Nexus collects, why it is collected, how it is stored and used, and what rights you have over your data. Civic Nexus is committed to collecting as little data as possible and never selling or sharing it with third parties for commercial purposes.
1. Who We Are
Civic Nexus is an independent educational platform operated by a solo founder based in the United States. The site is accessible at civic-nexus.net. References to "Civic Nexus," "we," "us," or "our" in this Policy refer to the individual operating this platform.
Civic Nexus is not a registered legal entity. This Policy represents our genuine commitment to your privacy and applies to all data collected through the site and its services.
2. What Data We Collect
We collect only what is necessary to operate the service. The table below describes each category of data, when it is collected, and why.
| Data |
When collected |
Why |
Required? |
| Username |
Account registration |
Identifies your account. Not your real name — you choose it. |
Yes, if registering |
| Email address |
Account registration |
Optional contact method for account recovery. |
No — optional |
| Password hash |
Account registration & login |
We store only a SHA-256 hash of your password. Your plaintext password never leaves your device. |
Yes, if registering |
| Civic Cube results |
Test completion |
Axis scores and ideology label. Stored to your account if logged in; stored anonymously if not. |
Only if you submit |
| Policy Cube results |
Survey completion |
Category scores and location. Stored to your account if logged in; stored anonymously if not. |
Only if you submit |
| Pre-gauge answers |
Before Policy Cube Political Compass |
Yes/no answers about local political engagement. Stored alongside survey results for research context. |
Only if you submit |
| Optional demographics |
Research submission form |
Age range, sex, education, income bracket, country, party affiliation. Used only in anonymised aggregate research. |
No — optional |
| Donation log |
Donation page interaction |
Platform used (GoFundMe / PayPal), optional reference. Linked to account if logged in. |
Only if you interact |
| Session token (JWT) |
Login |
A temporary authentication token stored in your browser's sessionStorage. Expires when you close the tab. Never written to a database. |
Yes, while logged in |
3. What We Do Not Collect
Civic Nexus does not collect:
- Your IP address (beyond what third-party infrastructure providers may log — see Section 7)
- Cookies of any kind — we use
localStorage and sessionStorage only for functional preferences (dark mode, session state)
- Tracking pixels, advertising identifiers, or analytics scripts
- Your browsing history or behaviour on other websites
- Device fingerprints or location data
- Plaintext passwords — ever
4. How We Use Your Data
Data collected by Civic Nexus is used exclusively for the following purposes:
- Operating the service — authenticating your account, saving and displaying your results, enabling dashboard features.
- Research — anonymised, aggregate analysis of survey results to produce the research papers and datasets published on the Research portal. Individual responses are never published.
- Improving the site — understanding which tools are used and identifying technical issues. This is done without any tracking scripts — only through server logs maintained by our infrastructure provider.
We do not use your data for advertising, profiling, automated decision-making, or any commercial purpose beyond operating the site.
5. How Your Data Is Protected
Civic Nexus takes a privacy-by-design approach to data security:
- Zero-knowledge authentication — your password is hashed with SHA-256 on your device before transmission. We store only the hash, and use a nonce-based challenge/response system for login so the hash itself is never sent over the network in a reusable form.
- Encrypted in transit — all data between your browser and our servers is encrypted via HTTPS/TLS. The backend database connection requires SSL.
- No unnecessary retention — session tokens are stored in
sessionStorage only, meaning they are automatically deleted when you close the browser tab. They are never written to our database.
- Minimal collection — we only collect what is functionally necessary. Optional fields (email, demographics) are never required.
- Rate limiting — all API endpoints are rate-limited to prevent brute-force attacks and data scraping.
6. Data Sharing
Civic Nexus does not sell, rent, or share your personal data with third parties for any commercial purpose.
The only circumstances under which data may be disclosed are:
- Infrastructure providers — data is stored on Railway's servers and served via Cloudflare Pages. These providers have access to data as part of their hosting services. See Section 7 for details.
- Legal requirements — if required by a valid legal process, such as a court order or subpoena under US law.
- Aggregate research — anonymised, non-identifiable data may be published in research papers or made available as open datasets. No individual can be identified from this data.
7. Third-Party Infrastructure
Civic Nexus operates using the following third-party infrastructure providers. Each has its own privacy policy which governs their handling of data they process on our behalf.
- Railway (railway.app) — backend API hosting and PostgreSQL database. Account data, results, and research submissions are stored on Railway's infrastructure in the United States.
- Cloudflare Pages (cloudflare.com) — frontend hosting and CDN. Cloudflare processes request metadata (including IP addresses) as part of its standard operation and DDoS protection. Civic Nexus does not have access to this data.
- PayPal — donation processing. If you choose to donate via PayPal, PayPal processes that transaction. Civic Nexus receives only a basic confirmation log.
- GoFundMe — fiat donation processing. Governed entirely by GoFundMe's own privacy policy.
- Google Fonts — the site loads fonts from Google's CDN. Google may log font requests per their standard privacy policy.
- Plotly CDN — the 3D graph on the Civic Cube results page loads Plotly.js from a CDN. CDN providers may log requests.
8. Your Rights
You have the following rights regarding your data:
- Access — you can view all results and account data saved to your account through the dashboard at any time.
- Deletion of results — you can delete individual test or survey results from your account dashboard at any time.
- Account deletion — you can delete your account and all associated data. This permanently removes your username, email (if provided), password hash, and all linked results from our systems.
- Correction — if you believe data stored against your account is incorrect, you can update your username and email through account settings.
- Portability — your results are viewable in your dashboard. If you need a structured export, contact us and we will provide one in a reasonable format.
Anonymous submissions (made without an account) cannot be identified or deleted after submission, as there is no identifier linking them to you. This is by design — it is also what makes them genuinely anonymous.
9. Children's Privacy
Civic Nexus is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.
Users between 13 and 17 should use the site with parental awareness. The research submission form asks for demographic data including age range — users under 18 are encouraged to use the broadest available age bracket to avoid providing identifying information.
10. Data Retention
We retain data for as long as it is needed to operate the service or as required by law:
- Account data — retained until you delete your account.
- Results linked to an account — retained until you delete them or delete your account.
- Anonymous results — retained indefinitely for research purposes, as they cannot be linked to any individual.
- Session tokens — stored in browser
sessionStorage only; automatically deleted when the tab is closed. Never persisted to our database.
- Donation logs — retained as basic operational records. They contain only platform type and optional reference — no payment details.
11. Cookies and Local Storage
Civic Nexus does not use cookies. We use browser localStorage for the following functional purposes only:
- Remembering your dark mode preference
- Saving in-progress test responses so you can resume if the page refreshes
- Recording whether you have previously submitted an anonymous research result (to prevent duplicate submissions)
We use sessionStorage to hold your JWT authentication token while you are logged in. This is cleared automatically when you close the tab.
None of this data is transmitted to our servers or shared with third parties. It exists only in your own browser.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, the "Last updated" date at the top of this page will be revised. We encourage you to review this page periodically.
For material changes that affect how we handle existing data, we will make reasonable efforts to notify registered users through the site.
13. Contact
For privacy-related questions, data requests, or to exercise your rights under this Policy:
Civic Nexus
civic-nexus.net
Operated independently from the United States.
Use the feedback form on the site or reach out through our social media channels. We aim to respond to data-related requests within 30 days.
