A Note About Data Privacy
Privacy is extremely important to us here at Reach and to all of our campaigns using the Reach app to help with their organizing and movement-building. In addition to our Privacy Policy that describes which data we as Reach collect and what we will and will not do with that data, we also wanted to speak here about the privacy issues surrounding the voter data, membership lists, and other data sets that campaigns access using Reach.
Where does the data in Reach come from?
The majority of campaigns load voter files into Reach that contain fully public data from Public Records requests.
It is important to note that voter registration information is public record in the United States. This has been true since at least the passage of the Help America Vote Act (HAVA) of 2002. Anyone who has worked on a political campaign in the past 20 years will know that this voter data is a core part of how modern campaigns do their work and is omni-present in campaign land. That said, part of the power of Reach is that we are making it easier than ever for volunteers and organizers to access and use that voter data to win. So even though most of the base voter data in Reach is technically already “public” data, there is a big difference between “public and obscure” versus “public and easily accessible”. Therefore, we recognize that as we make the data easier to access, we have a responsibility to go above and beyond to protect the privacy of the people who appear in the public records.
To learn more about where the data in Reach comes from, check out this article.
Privacy Protections in Reach
Through consultation with privacy advocates from organizations such as the New York Civic Engagement Table (who frequently works with marginalized communities and vulnerable populations) we have baked into Reach a number of industry-leading privacy protections and safeguards:
Access to Reach
The first factor in understanding privacy protections in Reach is understanding that Reach is not just open to the whole internet. There are places online where anyone can directly search the voter file (like voterrecords.com) but Reach is not one of those places. To access Reach, you need to be working or volunteering with a campaign who is actively using the tool. Each user is invited to join a campaign or provided an invite code by folks already working on that campaign. Every Reach user also must have a valid US-based cell phone number and is asked for their name and email address. Campaigns can, at any time, remove users from their campaign is a user is causing trouble or exhibiting any concerning behavior or usage of the app.
In addition to these controls by campaign, we will remove anyone from the platform who violates our Terms of Use, including anyone who uses Reach to harass, intimidate, or otherwise bother anyone else. If you know of someone who has used Reach in any way that was offensive or harassing please contact us immediately at [email protected] with any details you have and we will launch an investigation and remedy the situation in whatever ways are appropriate.
Privacy Masking
All users in Reach begin with a limit permission set that includes significant privacy masking. This means that we withhold certain data points or components of data points on the back end so that data never even hits the user’s device. The data that is subject to privacy masking is:
- Building/House/Street Numbers and Unit/Apartment numbers of addresses
- Exact Dates of Birth or ages (wide age ranges are provided)
- Full phone numbers
- Full email addresses
The only way a basic user can see an un-masked phone number or email address of a voter is if that user entered the information themselves. In other words, if you give a Reach user your phone number or email address, they will see it in full. If you trusted them with the information, so do we.
Some users may be upgraded by a campaign to “Verified Users” or “Admins” which will then allow them to see un-masked data, but this is the same as if a trusted volunteer or staffer was added to any of the other tools campaigns are already using to manage voter data.
Other data fields which may appear in Reach such as political party affiliation, voter registration status, or voting history are determined by the campaign using Reach.
Additional User-Role Control Options
Beyond our standard privacy masking, campaigns can opt to enable additional privacy and security features that go even further to keep data private. These features allow for each user to only see contact information and survey responses that they themselves collected.
What if I want to be removed from Reach voter data?
If you want to make sure you don’t appear in Reach at all, the best way to do that is to have your information masked directly at the source by contacting the state in which you are registered to vote. You can find a lot of information and resources about this process available here. Once you have been removed from state data, your information will also be removed from Reach the next time an organization updates their voter file.
If you are unable to get yourself removed from the public voter file, or would like to be removed from Reach more rapidly than that process would allow, please contact us at [email protected] with the details of your situation and request so we can work with the campaigns or organizations who provided us your data to remove the necessary elements of that record from the tool.
What about Data Security? Can my data be leaked if Reach is hacked?
As you’d expect of a company handling sensitive political data, security is just as important to us as privacy. We have a detailed write-up of our security policies and protocols here.