Privacy Policy

Last updated: April 2026

In plain English

  • We collect: your email, a password hash, your votes, and (if you tell us) your electoral area and zone.
  • We use that data only to: confirm you're a real, unique person who can vote once; show how votes break down by area; and contact you about this service if needed.
  • We do not: sell your data, share it for marketing, run analytics or trackers, use third-party cookies, or analyze your individual vote for any commercial purpose.
  • You can delete your account and everything we've stored about you at any time via the contact form.

Ask Cowichan is an independent project built by Francis Hall. The site has two parts: a voting tool for the Comprehensive Zoning Bylaw, and a research / Q&A tool for CVRD documents. This policy covers both.

What we collect — voting

  • Email address. Used to confirm you control the address (one verification per account) and to contact you about the service.
  • Password (stored as a one-way bcrypt hash, never as plain text).
  • Your name. Shown back to you in the UI; not displayed publicly.
  • Your votes on individual zoning bylaw sections and clauses.
  • Optional: electoral area and zone designation if you set them in your profile. Used to show how voting breaks down by area, and to filter the rules you see to those that affect your property.
  • Email verification status and timestamp.

Aggregate vote totals are public (e.g. “72% support”). Individual votes are not displayed alongside names or emails anywhere in the public UI.

What we collect — Q&A research tool

If you use the document research / chat side of the site, the questions you ask are stored in your account so you can see your conversation history. Your conversations are private to your account and aren't visible to other users. You can delete them at any time.

What we don't collect

  • No analytics scripts (no Google Analytics, Plausible, Mixpanel, or anything similar).
  • No third-party advertising or marketing pixels.
  • No cookies beyond your authenticated session cookie.
  • No cross-site tracking.
  • No demographic, financial, or behavioural data.
  • No data sold or shared with third parties for any purpose.

Third-party services we depend on

To run the site at all, the following services see some of your data:

  • SMTP2GO — sends your verification email. Sees your email address.
  • OpenAI — used by the research / Q&A tool only, for text embeddings. Does not see your account info; sees the text of any question you ask the research tool.
  • OpenRouter (Google Gemini) — used to generate plain-language summaries of bylaw sections (already done, not per-user) and to answer research questions. Does not see your account info.

Where the data lives

All data is stored in a self-hosted PostgreSQL database on a server located in Canada. The site is served over HTTPS only. Database access is restricted to the application itself.

Your rights

You can ask for your account and all associated data to be deleted, or for a copy of your data, via the contact form. Francis will action it personally.

Changes to this policy

If this policy changes in a way that affects how your data is used, you'll see a notice on the site and the “Last updated” date at the top will change. We won't change the policy retroactively to allow uses that weren't allowed when you signed up.

Contact

Questions about privacy, data, or anything else — use the contact form.