Report Now

Privacy Policy for Report Political Violence

Effective Date: 09/15/2025  |  Last Updated: 09/15/2025

Report Political Violence (“we,” “our,” “us”) is a civilian-operated reporting platform designed to collect, review, and forward reports related to glorification or incitement of political violence. Because submissions may involve highly sensitive data, we have designed this Privacy Policy to be comprehensive, transparent, and compliant with global data protection standards.

By submitting information through Report Political Violence, you agree to the practices described in this Privacy Policy.

1. Applicability & Scope

This Privacy Policy governs all data collected via:

  • The Report Political Violence website and forms.
  • Any supporting documents or evidence uploaded.
  • Payment verification systems tied to submissions.
  • Direct communications with Report Political Violence staff or automated systems.

This Policy does not govern:

  • The actions of recipients to whom reports are forwarded (government agencies, employers, political figures, or organizations).
  • External services you use independently (e.g., your browser, ISP, or third-party storage).

2. Types of Information Collected

a) User-Submitted Report Data

  • Written descriptions, names, organizations, or entities.
  • Links, social media handles, and related accounts.
  • Uploaded evidence (images, videos, documents, audio).
  • Optional categorization selected by you.

b) Verification & Financial Data

  • Limited billing information processed by PCI-compliant providers.
  • Transaction IDs, payment method type, amount, and timestamps.
  • Fraud-detection checks performed by third parties.

Note: We never store full payment card numbers, CVVs, or bank account details.

c) Technical Data

  • IP addresses, approximate geolocation, and device identifiers.
  • Browser type, OS, session length, and access times.
  • Log data for system stability, fraud prevention, and abuse detection.

d) Metadata Awareness

  • Uploaded files may contain embedded metadata (EXIF data, author fields, timestamps).
  • Report Political Violence does not scrub metadata; responsibility lies with the submitter.

e) Cookies & Tracking

  • Session cookies required for form functionality.
  • Security cookies for bot/spam prevention.
  • Analytics cookies only if consented.

3. Lawful Basis for Processing

For GDPR/UK GDPR (EU/UK Users)

  • Legitimate Interests – Processing reports to fulfill platform purpose.
  • Legal Obligation – Compliance with lawful demands.
  • Consent – When providing optional data or agreeing to analytics.
  • Contractual Necessity – Payment verification transactions.

For CPRA/CCPA (California Users)

  • You have rights to know, delete, correct, and opt-out of certain data uses.
  • Report Political Violence does not “sell” personal data as defined by CPRA.

4. Use of Information

We use data to:

  1. Log, verify, and forward reports to appropriate recipients.
  2. Prevent spam, fraud, and abuse of the platform.
  3. Fulfill financial and tax obligations.
  4. Improve system performance and user security.
  5. Respond to lawful government or court requests.

We do not:

  • Monetize reports.
  • Sell personal data.
  • Build user profiles or conduct behavioral advertising.

5. Disclosures & Sharing

a) Authorized Recipients

  • Government agencies, law enforcement, regulators.
  • Political figures or policymakers named in reports.
  • Employers, companies, or organizations referenced.

b) Service Providers

  • Payment processors (e.g., Stripe, PayPal).
  • Cloud hosting and database vendors.
  • Security and anti-fraud providers.

c) Legal Obligations

  • Subpoenas, warrants, or statutory compliance.
  • Investigations into unlawful use of our platform.

6. Data Retention

  • Reports & Submissions: Retained as long as necessary for forwarding, legal compliance, or auditing, then purged or anonymized.
  • Payment Metadata: Retained 3–7 years to comply with financial regulations.
  • Technical Logs: Retained 30–90 days unless extended for investigations.
  • Anonymized Data: May be retained indefinitely for research or auditing.

7. Security Safeguards

  • Encryption: TLS/SSL for transit; AES-level encryption for stored data.
  • Access Controls: Role-based, least-privilege staff permissions.
  • Network Security: Firewalls, intrusion detection, DDoS protection.
  • File Isolation: Uploaded files stored separately from identifying logs.
  • Monitoring: Automated threat detection and anomaly alerts.
  • Backups: Encrypted and time-limited.

8. Data Governance & Accountability

  • Privacy Officer: A designated Data Protection Officer (DPO) oversees compliance.
  • Training: Staff undergo mandatory privacy/security training.
  • Vendor Contracts: All vendors are bound by Data Processing Agreements (DPAs).
  • Audits: Regular internal reviews of compliance and retention practices.
  • Documentation: Detailed record-keeping of processing activities.

9. User Rights

Depending on jurisdiction, you may:

  • Request access to your data.
  • Request corrections.
  • Request deletion (subject to legal requirements).
  • Object to certain processing.
  • Restrict processing in specific contexts.
  • Request data portability (GDPR).
  • File a complaint with your local authority.

10. International Transfers

Data may be stored in the U.S. or other jurisdictions. Safeguards include:

  • EU Standard Contractual Clauses (SCCs).
  • Vendor compliance certifications (e.g., SOC 2, ISO 27001).

11. Children’s Privacy

We do not knowingly accept submissions from individuals under 18. Any identified data will be deleted.

12. Incident Response & Breach Notification

  1. Incident is logged and investigated immediately.
  2. Containment and mitigation steps are taken.
  3. Affected parties are notified as required by law.
  4. Regulators are notified within GDPR/CPRA timelines (72 hours under GDPR).
  5. Post-incident reviews and improvements are conducted.

13. Anonymity & User Responsibility

  • While we do not request personal details, complete anonymity cannot be guaranteed.
  • Technical identifiers (IP addresses, logs) may be disclosed under lawful compulsion.
  • Users are responsible for removing metadata from uploaded evidence.
  • Malicious or fraudulent reports may void anonymity protections.

14. Third-Party Links

Our platform may contain outbound links. We are not responsible for external content or policies.

15. Governing Law

This Privacy Policy is governed by the laws of the State of Texas, United States. Disputes will be resolved in courts located in Texas.

16. Updates & Amendments

We may amend this Privacy Policy at any time. Updated versions will be posted with a revised “Last Updated” date. Continued use constitutes acceptance.