Privacy Policy

Last updated: March 2026

Information We Collect

When you subscribe to the FOIA Gras newsletter, we collect your email address and optionally your name. This information is used solely to send you our newsletter and related communications.

How We Use Your Information

We use your information to:

  • Send you our newsletter and updates about local government accountability
  • Notify you of replies to your comments (if you have enabled this feature)
  • Respond to your inquiries or feedback

Comments

If you leave comments on our posts, the content of your comment and your display name (or "Subscriber" if you haven't set a name) will be publicly visible. Your email address is never displayed publicly. You can delete your own comments at any time, and you can configure automatic comment deletion in your account settings.

Cookies and Authentication

We use a session cookie to keep you logged in when you sign in to comment or access your account. This cookie is essential for the functioning of your account and expires after one year. We do not use tracking cookies for advertising purposes.

If you sign in with Google OAuth, we receive your Google account email address and name to identify your account. We do not receive or store your Google password.

MCP API Access

Subscribers may generate API keys to access our public records data via the MCP (Model Context Protocol) API. When you use the API, we log:

  • The API tool calls made (e.g., search queries, document lookups)
  • Timestamps of requests
  • The subscriber account associated with each API key
  • IP addresses (for rate limiting and security)

API keys are tied to your subscriber account. Keep your API key confidential — you can revoke and regenerate keys at any time from your account settings. We do not sell or share API usage data with third parties.

Data We Don't Collect

We do not:

  • Use tracking cookies for advertising
  • Sell your personal data to third parties
  • Build advertising profiles based on your behavior
  • Store payment card details (Stripe handles all payment processing)

Third-Party Services

We use the following third-party services:

  • Amazon Web Services (AWS) — for email delivery and file hosting
  • Stripe — for payment processing (paid subscriptions)
  • Google OAuth — for optional sign-in with Google
  • Sentry — for error tracking and performance monitoring

Data Retention

We retain your subscriber information as long as you remain subscribed. If you unsubscribe, your email is added to our suppression list to ensure we don't contact you again. You can request complete deletion of your data by contacting us.

Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Unsubscribe from our newsletter at any time
  • Manage your notification preferences in your account settings
  • Revoke API keys at any time

Contact Us

If you have questions about this privacy policy or your personal data, please contact us or email tom@foiagras.com.

Changes to This Policy

We may update this privacy policy from time to time. We will notify subscribers of any material changes via email.