Skip to main content
iPetition
Se connecterS'inscrire

Politique de confidentialité

Date d'entrée en vigueur : April 9, 2026

Comment nous collectons, utilisons et protégeons vos informations personnelles.

iPetition s'engage à protéger votre vie privée. Cette Politique de confidentialité explique comment nous collectons, utilisons, divulguons et protégeons vos informations personnelles lorsque vous utilisez notre plateforme.

Ce document est fourni en anglais. Les traductions des titres et introductions sont fournies à titre indicatif uniquement ; la version anglaise prévaut en cas de divergence.

1. Information We Collect

We collect the following categories of personal information:

Account Information

  • Name, email address, and password (or OAuth provider identity).
  • Profile display name and optional avatar image.
  • Preferred language and country settings.

Verification Data

  • Tier 1: Email address verification status.
  • Tier 2: Phone number (verified via SMS through Twilio).
  • Tier 3: Government-issued ID document images (processed securely and not shared).

Usage Data

  • Petitions you create, sign, or follow.
  • Comments, "Why I Signed" stories, and other user-generated content.
  • Group memberships and organizational affiliations.
  • Credit purchase and usage history.

Device & Technical Data

  • IP address, browser type, operating system, and device identifiers.
  • Approximate geographic location (derived from IP address for regional features).
  • Pages visited, time spent, and interaction patterns.

2. How We Use Your Information

We use your personal information to:

  • Provide the Service: Create and manage your account, process signatures, display petitions, and facilitate campaign management.
  • Verify identity: Confirm your email, phone number, or government ID for trust tier assignment.
  • Process payments: Handle credit purchases, fundraising donations, and payouts via Stripe or in-app purchase providers.
  • Personalize experience: Show relevant petitions, suggest causes based on your activity, and deliver location-aware content.
  • Communicate: Send notifications about petitions you follow, milestone updates, amendment reconfirmation requests, and important account information.
  • Improve the Service: Analyze usage patterns, detect fraud, and enhance platform features.
  • AI features: Power campaign strength scoring, duplicate detection, tag generation, and content moderation using aggregated and individual data.
  • Comply with law: Respond to legal obligations, enforce our Terms of Service, and protect rights and safety.

3. Information Sharing

We share your personal information only in the following circumstances:

Public Information

When you sign a petition publicly, your display name and "Why I Signed" story are visible on the petition page. Anonymous signatures are counted but your identity is not displayed. Petition content you create is publicly visible.

Service Providers

We share data with trusted third-party providers who assist in operating the Service:

  • Supabase: Database hosting and authentication.
  • Stripe: Payment processing for credit purchases and fundraising payouts.
  • Apple/Google: In-app purchase verification on mobile platforms.
  • Twilio: Phone number verification via SMS.
  • Resend: Transactional email delivery.
  • OpenAI / Google Gemini: AI-powered features (petition analysis, content moderation). Only petition content is shared — not personal identifiers.

Decision Makers

When a petition is delivered to a decision maker, we share the petition content and aggregate signature count. Individual signer identities are not shared unless signers have opted in to public visibility.

Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect rights, safety, or property.

We do not sell your personal information.

4. Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Essential cookies: Authentication session management, CSRF protection, and locale preferences. These are required for the Service to function.
  • Preference cookies: Theme preference (light/dark mode), language selection, and default country settings.
  • Analytics cookies: Understanding usage patterns to improve the Service. These are anonymized and aggregated.

We do not use third-party advertising cookies or tracking pixels. For more details, see our Cookie Policy.

5. Data Security

We implement industry-standard security measures to protect your personal information:

  • All data is transmitted over HTTPS/TLS encryption.
  • Passwords are hashed using bcrypt — we never store plaintext passwords.
  • Database access is protected by Row-Level Security (RLS) policies ensuring users can only access their own data.
  • ID verification documents are stored in encrypted, access-controlled storage buckets.
  • API keys and secrets are managed through environment variables, never committed to source code.
  • Fraud detection systems monitor for suspicious activity (duplicate IPs, bot signatures, velocity spikes).

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Verification Data

Our three-tier verification system collects sensitive information. Here is how we handle it:

  • Phone numbers are stored securely and used only for verification. They are not displayed publicly or shared with other users.
  • ID documents are processed for identity confirmation and stored in encrypted storage. They are not accessed by other users, petition creators, or decision makers.
  • Only your verification tier status (Tier 1, 2, or 3) and corresponding trust badge are publicly visible — never the underlying verification data.

You may request deletion of your verification data at any time through account settings. This will reset your verification tier.

7. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at support@ipetition.com.

8. International Data Transfers

iPetition operates globally and your data may be transferred to and processed in countries other than your own. Our servers are hosted in the United States (US East region).

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses and other legally recognized transfer mechanisms to ensure your data receives adequate protection when transferred internationally.

9. Data Retention

We retain your personal data for the following periods:

  • Account data: Retained while your account is active, plus 30 days after deletion request (grace period).
  • Petition content: Retained for the lifetime of the petition. Archived petitions (18+ months inactive) may be retained indefinitely in anonymized form.
  • Signatures: Retained while the petition is active. When you withdraw a signature, it is removed from counts but a record may be retained for fraud prevention.
  • Payment records: Retained for 7 years as required by tax and financial regulations.
  • Fraud detection logs: Retained for 2 years.
  • ID documents: Deleted within 90 days after successful verification.

When you request account deletion, your personal data is anonymized — your email is replaced with a redacted address, your display name becomes "Deleted User," and PII is cleared from signature records.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under GDPR (EU/EEA/UK)

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Withdraw consent at any time where processing is based on consent.

Under CCPA (California)

  • Know: Request what personal information we collect and how it is used.
  • Delete: Request deletion of your personal information.
  • Non-discrimination: We will not discriminate against you for exercising your rights.
  • Opt out: We do not sell personal information, so there is no sale to opt out of.

To exercise any of these rights, visit the Privacy & Data section in your account settings, or contact us at support@ipetition.com. We will respond within 30 days.

11. Petition & Signature Data

Petition data carries special privacy considerations as it involves civic expression:

  • Public signatures: Your display name appears on the petition's public signature list. You may change to anonymous at any time.
  • Anonymous signatures: Your signature is counted toward the total but your identity is not publicly visible. However, we retain your identity internally for fraud prevention and deduplication.
  • Signature withdrawal: You may withdraw your signature at any time. This removes your name from the public list and decrements the count.
  • Amendment reconfirmation: If a petition you signed is amended, you will be notified and asked to reconfirm or withdraw your signature.
  • IP addresses: We record your approximate IP address when you sign for fraud detection purposes only. This data is anonymized upon account deletion.

12. Payment Information

We do not store credit card numbers, bank account details, or other sensitive payment credentials on our servers. All payment processing is handled by:

  • Stripe: For web credit purchases and fundraising payouts. See Stripe's Privacy Policy.
  • Apple / Google: For mobile in-app purchases. See their respective privacy policies.

We store only transaction metadata (amount, date, pack purchased, country) for your credit history and our accounting records.

13. Communications

We may send you the following types of communications:

  • Transactional: Account verification, password reset, payment receipts, and amendment reconfirmation requests. These cannot be opted out of.
  • Notifications: Petition milestones, new signatures, decision maker responses, and campaign updates. Configurable in notification settings.
  • Push notifications: Mobile app notifications for real-time updates. Can be disabled in device settings.

We send emails via Resend and push notifications via Expo. You can manage your notification preferences in account settings.

14. Third-Party Services

The Service integrates with the following third-party services. Each processes data under their own privacy policies:

ServicePurposeData Shared
SupabaseDatabase, auth, storageAll user data (encrypted at rest)
StripePayments & payoutsEmail, payment details
TwilioSMS verificationPhone number
ResendEmail deliveryEmail address, message content
OpenAI / GeminiAI featuresPetition text only (no PII)
Google MapsLocation featuresGeographic coordinates
Apple / GoogleMobile IAPPurchase receipts

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on the Service at least 30 days before the changes take effect.

The "Effective date" at the top of this page indicates when the current version was last updated. Your continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:

For GDPR-related inquiries, you may also lodge a complaint with your local data protection authority.

© 2026 iPetition. Tous droits réservés.

Dernière mise à jour : April 9, 2026