Personal Data Protection Policy

Effective date: 9 September 2025

ElectHQ ("us", "we", or "our") is the operator of the the platform through website ElectHQ (the "Website") to provide Service (as defined below) of ElectHQ to the Customers (the "Users" or "you") through the Website.

This Personal Data Protection Policy ("Policy") applies to all Users who use the Services via the Website and informs the Users the process of Personal Data when the User uses our Service and the choices you have associated with that data.

By accessing the Website or using the Services, the Users agree to the process of information in accordance with this Policy. Please read this Policy carefully to understand our Policy and practices regarding your information and how it is treated by ElectHQ.

Definition

"Account"

means a unique account created for you to access Website to use our Service or parts of our Service.

"Platform"

refers to the Website, together with all associated online tools, applications, and Services provided by ElectHQ that enable the Users to access and use the features of the Service.

"Services"

refers to the comprehensive suite of modular, AI-driven campaign solutions provided through the covering every stage of the election cycle:

  1. Candidacy Setup: ElectHQ provides the Users onboarding guide, a campaign page builder, and an artificial intelligence system that assists in generating messaging and creating a consistent campaign brand identity.
  2. Fundraising: The Platform integrates a donor management system, donation forms optimized for mobile devices, artificial intelligence tools that suggest effective donor outreach methods, and functions that optimize recurring contributions.
  3. Volunteer Management: The application includes a volunteer onboarding portal, tools for task assignment and scheduling, mechanisms for gamified engagement, and a mobile toolkit designed specifically for volunteers.
  4. Voter Outreach: ElectHQ enables segmented voter outreach through text messaging, email, or door-to-door lists; it also provides artificial intelligence–based suggestions for voter messaging and automatically generates content for social media posts.
  5. Community Engagement: The system is equipped with an artificial intelligence chatbot for frequently asked questions, voter survey tools, townhall coordination features, and live question-and-answer dashboards to enhance community interaction.
  6. Compliance & Reporting: ElectHQ supports the creation of real-time compliance reports (at the Federal Election Commission or state level), campaign expense management, monitoring of contribution limits, and timely alerts when there is a risk of violation.
  7. Analytics & Strategy: The Platform provides real-time visual dashboards, predictive models for fundraising effectiveness, campaign heat maps, and tools for tracking sentiment across multiple communication channels.

"Affiliate"

means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control," for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

"Customer"

means any individual who registers an Account either (i) on his or her own behalf, or (ii) on behalf of a company or other legal entity, and who uses the Services provided through the Platform.

"Biometric Data"

means data generated by automatic measurements of an individual's biological characteristics. The term includes a fingerprint, voiceprint, eye retina or iris, or other unique biological pattern or characteristic that is used to identify a specific individual. The term does not include a physical or digital photograph or data generated from a physical or digital photograph, a video or audio recording or data generated from a video or audio recording, or information collected, used, or stored for health care treatment, payment, or operations under the Health Insurance Portability and Accountability Act of 1996.

"Consent"

when referring to a consumer, means a clear affirmative act signifying a consumer's freely given, specific, informed, and unambiguous agreement to process personal data relating to the consumer. The term includes a written statement, including a statement written by electronic means, or any other unambiguous affirmative action. The term does not include:

  1. Acceptance of a general or broad terms of use or similar document that contains descriptions of personal data processing along with other, unrelated information;
  2. Hovering over, muting, pausing, or closing a given piece of content; or
  3. Agreement obtained through the use of Dark Patterns.

"Dark Pattern"

means a user interface designed or manipulated with the effect of substantially subverting or impairing user autonomy, decision-making, or choice, and includes any practice the Federal Trade Commission refers to as a dark pattern.

"Personal Data"

means any information, including Sensitive Data, that is linked or reasonably linkable to an Identified or Identifiable Individual. The term includes Pseudonymous Data when the data is used by a controller or processor in conjunction with additional information that reasonably links the data to an identified or identifiable individual. The term does not include Deidentified Data or Publicly Available Information.

"Sensitive Data"

means a category of personal data. The term includes:

  1. Personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status;
  2. Genetic or biometric data that is processed for the purpose of uniquely identifying an individual;
  3. Personal data collected from a Known Child;
  4. Precise Geolocation Data.

"Known Child"

means a child under circumstances where a controller has actual knowledge of, or wilfully disregards, the child's age.

"Precise Geolocation Data"

means information derived from technology, including global positioning system level latitude and longitude coordinates or other mechanisms, that directly identifies the specific location of an individual with precision and accuracy within a radius of 1,750 feet. The term does not include the content of communications or any data generated by or connected to an advanced utility metering infrastructure system or to equipment for use by a utility.

"Identified or Identifiable Individual"

means a Customer who can be readily identified, directly or indirectly.

"Pseudonymous Data"

means any information that cannot be attributed to a specific individual without the use of additional information, provided that the additional information is kept separately and is subject to appropriate technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable individual.

"Deidentified data"

means data that cannot reasonably be linked to an identified or identifiable individual, or a device linked to that individual.

"Publicly Available Information"

means information that is lawfully made available through government records, or information that a business has a reasonable basis to believe is lawfully made available to the general public through widely distributed media, by a consumer, or by a person to whom a Customer has disclosed the information, unless the consumer has restricted the information to a specific audience.

"Third Party"

means a person, other than the consumer, the controller, the processor, or an affiliate of the controller or processor.

"Processor"

means a person that processes personal data on behalf of a Controller.

"Controller"

means an individual or other person that, alone or jointly with others, determines the purpose and means of processing personal data.

"Process" or "Processing"

means an operation or set of operations performed, whether by manual or automated means, on personal data or on sets of personal data, such as the collection, use, storage, disclosure, analysis, deletion, or modification of personal data.

"Sale of Personal Data"

means the sharing, disclosing, or transferring of personal data for monetary or other valuable consideration by the controller to a third party. The term does not include:

  1. The disclosure of Personal Data to a processor that processes the Personal Data on the Controller's behalf;
  2. The disclosure of Personal Data to a Third Party for purposes of providing a product or service requested by the Customer;
  3. The disclosure or transfer of Personal Data to an Affiliate of the controller;
  4. The disclosure of information that the Customer:
    1. Intentionally made available to the general public through a mass media channel; and
    2. Did not restrict to a specific audience; or
  5. The disclosure or transfer of Personal Data to a Third Party as an asset that is part of a merger or acquisition.

"Targeted advertising"

means displaying to a consumer an advertisement that is selected based on Personal Data obtained from that Customer's activities over time and across non-affiliated websites or online applications to predict the Customer's preferences or interests. The term does not include:

  1. An advertisement that:
    1. Is based on activities within a Controller's own websites or online applications;
    2. Is based on the context of a Customer's current search query, visit to a website, or online application; or
    3. Is directed to a Customer in response to the consumer's request for information or feedback; or
  2. The processing of Personal Data solely for measuring or reporting advertising performance, reach, or frequency

Purpose

We may use your Personal Data you provide to us through the Platform or in connection with your use of our Services for the following purposes:

  1. Provision of the Services: This enables us to deliver, operate, and enhance the Services offered on the Platform. In some cases, we may share such data with the Third Party providers or Affiliates to ensure that the Services are delivered effectively.
  2. Management of your Account: To manage your registration as a user of the Service. The Personal Data you provide can give you access to different functionalities of the Services that are available to you as a registered user.
  3. Administration of the Users and partner relationships: To process payments, manage subscriptions, maintain user records, and administer our relationships with campaign teams, donors, volunteers, and vendors.
  4. Addressing inquiries/feedback: To respond to your questions, support requests, or feedback. This helps us maintain and strengthen our relationship with you and ensures you receive timely support.
  5. Communications and marketing: To send you tailored communications, such as newsletters, feature updates, product announcements, and invitations to webinars, demos, or other events that may interest you.
  6. Improving the Platform and Services: To analyse usage patterns and improve the functionality, performance, and user-friendliness of our Platform.
  7. Maintaining security: To protect the security of our Platform, IT systems, and users. This includes preventing fraud, unauthorized access, and other unlawful activities.
  8. Legal and regulatory compliance: We may process your Personal Data to fulfil our legal, regulatory, and ethical obligations, including responding to lawful requests from authorities and ensuring adherence to applicable Texas Data Privacy And Security Act.
  9. Other purposes: We may also use your Personal Data for other purposes directly related to the provision, improvement, and support of the Services, provided that such use is consistent with this Policy, serves the legitimate interests of ElectHQ or our Users, and does not contravene applicable laws and regulations.

Collecting Personal Data

In the course of providing and operating the Platform, we may collect certain types of Personal Data that you provide directly or that are generated during your use of the Services.

1. Basic Personal Data

When you register an Account, use the Services, request information, provide feedback on the Services, or use the features on the Platform, we may collect:

  1. Full name;
  2. Email address;
  3. Contact address or business address;
  4. Phone number;
  5. Other identifying information that you voluntarily provide to us.

2. Sensitive Data

We do not regularly collect Sensitive Data, unless such collection is necessary for the provision of the Services (for example: processing payments or supporting special requests when using the Services).

3. Technical and Operational Data

When you access the Platform, we may automatically collect certain information to improve user experience and ensure system security, including:

  1. The Internet Protocol (IP) address from which you are accessing the site(s), which may be considered protected information depending on your location or relationship to us.
  2. The name of the Internet Service Provider or wireless carrier you are using to access the Platform.
  3. The date and time you visited the Platform.
  4. The web pages or services you accessed at the Platform.
  5. The type, manufacturer, model, and operating system of the device you are using to access the Platform.
  6. The Media Access Control (MAC) address of the device you are using to access the site(s), which may be considered protected information depending on your location or relationship to us.
  7. The Internet browser type and version used to access the site(s).

4. Biometric Data or Multifactor Authentication to Access the Platform

To better serve you and protect access to your information, the Platform may use Biometric Data or multifactor authentication to enhance the security of your Account and information. To register for and use these authentication services, you may be required to provide Biometric Data or give consent for us to verify your identity and send you security verification codes, one-time passcodes, or security notifications.

The Way of Collection of Personal Data

We collect Personal Data through various methods in the course of providing and operating the Platform. These methods include:

  1. Directly from you – when you register an Account, subscribe to our Services, request information, provide feedback, communicate with us, or otherwise interact with the Platform.
  2. Automatically through technology – when you access or use the Platform, we may automatically collect technical and operational data.
  3. Through cookies and tracking technologies – when you visit or interact with our Platform, we may use cookies, pixels, and similar technologies to collect information about your browsing behaviour, preferences, and interactions with our content.
  4. From Third Party sources – where permitted by law, we may receive Personal Data from trusted partners, service providers, social media platforms, or publicly available sources to supplement the information we already hold.

Protection of Personal Data

We are committed to protecting the confidentiality, integrity, and security of your Personal Data. We implement a combination of technical, organizational, and administrative safeguards designed to prevent unauthorized access, disclosure, alteration, or destruction of the information we process.

While we strive to apply the highest standards of protection, please note that no system or method of data transmission over the Internet can be guaranteed to be completely secure. Nevertheless, we remain dedicated to continuously enhancing our security practices to protect your Personal Data.

Sharing Personal Data

We recognize the importance of safeguarding your Personal Data while ensuring that our Services function effectively, so we do not sell your Personal Data. However, in certain situations, we may share or disclose it with trusted Third Parties and/or Affiliates. Such disclosures are carefully limited, carried out for following legitimate purposes, and protected under strict contractual and legal safeguards:

1. Service delivery and operations

To provide and improve the Platform, we may share Personal Data with campaign teams, partners. We also work with carefully selected service providers who assist us with hosting, storage, analytics, customer support, communications, payment processing, and other operational functions. These providers may only use Personal Data as instructed by us, and they are contractually bound to protect it against unauthorized use or disclosure.

2. Business support within our group

We may also share Personal Data with our Affiliates, but only for purposes directly related to platform operations, development, customer support, internal administration, or compliance.

3. Legal and regulatory requirements

In some circumstances, we may be required to disclose your Personal Data in response to a lawful request by government authorities, including request from national security agencies or law enforcement. Some of these requests may be by regulatory oversight agencies investigating a complaint, fraud, or some other type of legal inquiry, while others may be by law enforcement seeking information pursuant to another form of investigative inquiry. We may also disclose your Personal Data as required by law such as to comply with a subpoena or similar legal process; when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others; or another legal basis.

4. Business transactions

If ElectHQ undergoes a merger, acquisition, restructuring, or sale of assets, your Personal Data may be transferred as part of that transaction. In such cases, we will notify you of any changes in ownership or use of your Personal Data and outline the choices available to you.

The Platform offers publicly accessible blogs or community forums. You should be aware that any Personal Data and information you provide via a blog or community forum, including posting comments, may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us via our email.

We may include links to other website whose privacy practices may differ from those of us. If you submit Personal Data to any of those sites, your information is governed by their privacy policy. We encourage you to carefully read the privacy policy of any site you visit.

Right of the Users and Request to Exercise Rights

We respect and protect the lawful rights of Users with regard to their Personal Data. To ensure transparency, fairness, and ease in the exercise of these rights, ElectHQ sets out clear procedures for Users to submit requests and for handling appeals as follows:

1. The Users Rights

The Customers are entitled to request ElectHQ to exercise their PERSONAL DATA rights at any time. These rights include:

  1. Confirmation and Access – to confirm whether the Controller is processing the Customers' Personal Data and to access that data.
  2. Correction – to correct inaccuracies in the Customers' Personal Data, taking into account the nature of the data and the purposes of its processing.
  3. Deletion – to delete Personal Data provided by or obtained about the consumer.
  4. Data Portability – if the data is available in a digital format, to obtain a copy of the Customers' Personal Data previously provided to the Controller, in a portable and, to the extent technically feasible, readily usable format that allows the Customers to transmit the data to another Controller without hindrance.
  5. Opt-Out Rights – to opt out of the processing of Personal Data for the following purposes:
    1. Targeted Advertising;
    2. Sale of Personal Data; or
    3. Profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

2. Method to Submit a Request to Exercise Rights

To exercise their rights regarding Personal Data, Customers must submit a request to ElectHQ by following regulations:

2.1. Submission Methods

Requests may be submitted via ElectHQ's official email address or through an online form provided on the ElectHQ Platform (if available).

2.2. Content of the Request

The request must be clear and include at least the following information:

  1. Full name of the Customers;
  2. Relevant identifying information (e.g., email address, phone number, registered account details);
  3. The specific right(s) the Customers wishes to exercise;
  4. Any documents, evidence, or additional information that can assist ElectHQ in verifying and processing the request.

2.3. Identity Verification

After receiving the request, ElectHQ may require the Customers to provide additional verification documents (e.g., valid identification or verification through registered email/phone number) to ensure the request is made by the correct data subject or an authorized representative.

2.4. Response Timeline:

  1. ElectHQ will acknowledge receipt of the request within 10 business days.
  2. A valid request will be processed and responded to within 45 days. If additional time is required, ElectHQ will notify the consumer of the reason and the extended timeframe.

If a request is denied without justifiable reason, the User has the right to file an appeal.

3. Appeal Process

If a Users's request is wholly or partially denied without legitimate grounds, the Users has the right to submit an appeal, as follows:

3.1. Filing an Appeal

The Users must file a written appeal within 30 days of receiving ElectHQ's denial, via the official email address or the online form on the Platform. The appeal should include: identifying details of the appellant, a copy or excerpt of the denial decision, and reasons or evidence supporting why the decision was inappropriate.

3.2. Acknowledgment

Upon receipt, ElectHQ will issue an acknowledgment confirming the appeal has been received. The appeal will then be forwarded to an independent unit or personnel not involved in the initial decision, ensuring objectivity in the review process.

3.3. Review and Evaluation

ElectHQ will re-examine the original request, applicable legal grounds, related data, and the reasons stated in the appeal. During this process, ElectHQ may request the Users to provide further information or supporting documents.

3.4. Response to the Appeal

ElectHQ will issue a formal written response within 60 days of receiving a valid appeal. If additional time is needed, ElectHQ will notify the consumer in writing, stating the reason and the extended timeline.

3.5. Resolution:

  1. If the appeal is upheld, ElectHQ will promptly take corrective actions to satisfy the Users' original request.
  2. If the appeal is denied, ElectHQ will provide a detailed written explanation and inform the consumer of other remedies available under applicable law, including the right to contact the competent regulatory authority.

Data Retention

ElectHQ will retain your Personal Data only for as long as necessary to achieve the purposes described in this Policy, or for as long as your account remains active and you continue to use our Services. We may also retain Personal Data for a longer period if required or permitted by law, including for compliance purposes, dispute resolution, or the establishment, exercise, or defence of legal claims. If you submit a valid request to delete your Personal Data, ElectHQ will honour that request unless we are legally obligated to retain the information.

Privacy Policy Changes

We may periodically update this Policy. When we do, we will also revise the "effective date" of the Policy. If we make any material changes, additional notification will be provided, such as a statement on the Platform, or providing email notification.

Your continued use of our Service is deemed to be acceptance of any changes, we encourage you to review this Policy periodically to stay informed of our privacy practices.

Contact Us

If you have any questions regarding our Policy or the use of your Personal Data, please feel free to contact our Team:

Email: legal@vanguardai.net

ElectHQ Assistant