Constitution & Privacy
Last updated: March 12, 2026
Radical Transparency: What we actually collect
You might be thinking: "I'm not giving some randoms my data." We agree. That's why we don't want your personal life. We only want to verify that you are a real human voting on real laws.
Here is the exact data structure we store for your user profile in our Google Cloud Firestore database. No hidden fields. No tracking cookies.
Wait, where are my votes and tracked bills?
To protect your privacy and ensure our database scales efficiently, your interactions are sharded (separated) from your main profile:
- Tracked Bills: Stored in a private sub-collection. Only you (and your device) can request to see the list of bills you are tracking.
- Your Votes (Cryptographic Hashing): When you vote, we DO NOT attach your UID directly to the public vote record. Instead, the server generates a cryptographic Hash (e.g., a1b2c3d4...) using a secret server salt. This strongly pseudonymizes your vote. If a hacker steals the database, they cannot see who voted for what. While it is mathematically a one-way function, in the spirit of absolute transparency, you should know that the system operators (who hold the secret salt) could theoretically verify a vote to audit the system for fraud or comply with a valid court order. However, your votes are strictly separated from your daily profile and never publicly displayed with your identity.
That's it. The rest is anonymous analytics (Firebase Analytics) to fix bugs, and App Check to prevent bot-farms from rigging the votes. We do not sell data. We do not run ads.
Part 1: Privacy Policy (Data Minimization)
We do not trade your attention. We collect only what is technically necessary to operate a secure civic infrastructure.
1. Data Controller
The legal operator is temporarily FO&WO VENTURES SP. Z O.O. (LLC), based in Wrocław, Poland. Contact: jacek@lustra.dev
2. What We Collect
- Account (Email/UID): Necessary for secure login via Firebase Authentication.
- Votes & Polls (Anonymized): Your votes build the statistics. They are linked to your account purely to prevent bot farms and duplicate voting. Publicly, your votes are displayed ONLY as anonymous aggregates. The actual vote record is cryptographically hashed to separate your identity from your political choice.
- Tracked Bills & Push Notifications: If you choose to track a bill or subscribe to a Curated List, we use Google's Firebase Cloud Messaging (FCM) Topics. This allows us to send you push notifications about status changes without constantly tracking your location or device identity.
- Vote Retention: Voting data is stored for the duration of the parliamentary term plus 5 years for archival and research purposes.
- Communication: If you explicitly consent, we will send you project updates via email. You can withdraw consent at any time.
- Citizen Projects: Content of legislative drafts submitted by you is entirely public.
❌ We DO NOT sell data to data brokers.
❌ We DO NOT use ad tracking.
❌ We DO NOT profile you politically for commercial purposes.
4. Infrastructure & Security
- Location: Data is hosted securely on Google Cloud Platform, Europe-West9 (Paris).
- Anti-Bot: We use Firebase App Check to verify app authenticity and prevent automated manipulation.
- AI Privacy: We send only public government documents to AI models for summarization. Your private data NEVER goes to AI.
5. Children & Account Deletion
The service is intended for users 16+. We do not knowingly collect children's data.
To delete your data: Use the "Delete Account" button directly in the app settings to immediately remove your identifying data, email, and all your sub-collections from our servers.
6. Your Rights
Under GDPR, you have the right to access, rectify, delete, and object to the processing of your data. Contact us at the email provided above.
Part 2: Community Rules (Terms of Service)
1. Operator and Mission
Lustra is a digital public infrastructure. The company acts as an incubator: it pays no dividends, has no external investors, and reinvests any revenue directly back into maintaining the infrastructure.
2. Code and License (Source Available)
Lustra's code is a common good protected from corporate exploitation.
- Model: AGPLv3 License.
- Allowed: Educational, research, and non-profit/civic use.
- Prohibited: Corporations cannot use or profit from our work without explicit community consent.
3. Governance Roadmap
Our long-term goal is full decentralization.
- Current state: The Founder acts as Lead Architect.
- Soon: Establishment of a Civic Board elected directly by the users.
- Goal: Implementing technical and legal mechanisms for the community to take control of the platform in case of mission betrayal.
4. Citizen Drafts Program (Law Incubator)
We provide a space for citizens to write the laws.
- Procedure: Drafts are submitted via form and verified formally by the Operator.
- Public Domain: By submitting a draft, you release it under the CC0 License (Public Domain). Law belongs to everyone.
- Free Speech: We do not judge opinions or political leanings. We only reject projects violating criminal law or inciting violence.
- Verification: You must be a citizen of the country where you submit a draft.
5. AI and Source Hierarchy
AI is a tool, not an oracle. AI helps navigate complex legal language but can make mistakes. The ultimate authority is ALWAYS the original PDF/XML document linked at the bottom of every summary in the app.
6. Safety & Final Provisions
Attacks on infrastructure, DDoS, and commercial scraping are strictly prohibited. Matters not regulated herein are decided by Polish law.
7. Cookies & Local Storage (No tracking)
We do not use marketing cookies. We strictly use essential Local Storage and IndexedDB to:
- Remember your chosen Parliament (so you don't have to select it on every visit).
- Save your acceptance of the Civic Pledge Gateway.
- Keep your session secure and active (Firebase Auth).
If you block these in your browser, the application will not function.