Privacy Policy

Headwater is a legislative intelligence platform for policy teams tracking Washington State legislation. This policy describes what information we collect, how we use it, and your rights regarding that information. We keep data collection minimal and use it only to provide the service.

• Account information — your email address and password (managed through Supabase Auth). We do not store passwords ourselves.
• Usage data — which bills you star or follow, your filter preferences, and provisos you save. This is necessary to personalize the platform to your priorities.
• Session data — standard authentication tokens stored in cookies to keep you signed in.
• Log data — server-side request logs (IP address, timestamp, route accessed) retained briefly for security and debugging purposes.

We do not collect payment information directly. We do not run advertising or sell data to third parties.

• To authenticate your account and maintain your session
• To personalize your dashboard — showing starred bills, saved provisos, and your client-specific configuration
• To improve the platform — understanding which features are used helps us prioritize development
• To send you digest emails or alerts you have opted into (via SendGrid)

Headwater is built on and integrates with the following third-party services, each with their own privacy practices:

• Supabase — authentication and database hosting. User credentials and application data are stored on Supabase-managed PostgreSQL infrastructure.
• OpenAI — bill text is sent to OpenAI APIs to generate AI summaries and extract budget information. Content submitted via API is subject to OpenAI's API data usage policy; by default, API data is not used to train OpenAI models.
• Vercel — frontend hosting and edge delivery.
• SendGrid — transactional email delivery for digest emails and alerts.

We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal information within 30 days. Legislative data (bill text, committee records, etc.) is sourced from public government records and is not personal information.

• Access — you may request a copy of the personal data we hold about you.
• Correction — you may request that inaccurate data be corrected.
• Deletion — you may request that your account and associated data be deleted.

To exercise any of these rights, contact us using the information below.

We use cookies solely for authentication (session tokens). We do not use advertising cookies or third-party tracking cookies. You can clear cookies at any time through your browser settings, which will sign you out of the platform.

Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to authorized personnel. We follow industry-standard practices for credential management and infrastructure security.

We may update this policy as the platform evolves. Material changes will be communicated to active users. Continued use of the platform after a policy update constitutes acceptance of the revised terms.

Questions about this policy or requests regarding your data can be directed to:

Headwater / Rivermark LLC
Contact details coming soon.