πŸ›‘οΈ

Canvassr

Privacy Policy

Last Updated: May 22, 2026

Canvassr ("the Application") is a political and mission-driven campaign management application built to operate within the Google Apps Script environment, utilizing Google Sheets as its primary data storage layer.

We are committed to protecting the privacy and security of all campaign coordinators, volunteers, and canvassers. This Privacy Policy describes how we collect, use, store, and share information processed by the Application.

1. Scope of the Application

Canvassr is designed for internal campaign organization. It is deployed as a Google Workspace Web App. By utilizing the Application, you consent to the collection and processing of data in accordance with this Privacy Policy.

2. Information We Collect and Process

To organize weekly canvassing shifts and optimal routes, the Application processes the following categories of information:

πŸ‘€ Canvasser & Volunteer Details

  • Roster Details: First name, last name, email address, and telephone number.
  • Scheduling Data: Logged unavailable dates, vacation ranges, and shift assignments.
  • Roster Notes: Optional notes recorded by coordinators regarding canvasser preferences or Spanish fluency.

πŸ—ΊοΈ Geographic & Campaign Data

  • Canvassing Lists (Turfs): Turf titles, door counts, and decimal coordinate centroids (latitude and longitude).
  • Meeting Places: Location names, dynamic decimal coordinates, and generated navigation links.
  • Shifts & Rosters: Shift dates, times, durations, assigned lead canvassers, and attending canvasser rosters.

πŸ” Google Session Data

When accessing the Application, the Google Apps Script environment reads your active Google account email address (Session.getActiveUser().getEmail()). This is used solely to verify coordinate access scopes, display your name in the sidebar footer, and pre-fill coordinator email signatures.

πŸ€– AI Data Protection & PII Exclusions

When utilizing Generative AI (such as Google Gemini) to draft shift announcements, the Application strictly enforces a zero-PII transmission policy:

  • Strict Exclusions: Canvasser email addresses, telephone numbers, availability ranges, and roster notes are never sent to AI services.
  • Minimal Context: Prompt payloads contain only shift times, location names, and scheduled canvasser names purely to compile shift attendance tables.
  • No AI Training: Data processed via secure API keys is processed in private sandboxes and is never used by AI providers to train public models.

3. How We Use Your Information

We process information exclusively to facilitate campaign canvassing operations, specifically to:

  • Coordinate Weekly Shifts: Group canvassers and list assignments into structured shifts.
  • Optimize Proximity Sorters: Calculate Haversine distances between turf lists and meeting locations to assign the most optimal meeting place for each shift.
  • Generate Calendar Invites: Construct Google Calendar templates containing shift details and coordinate location links.
  • Draft Announcements & Reminders: Compile weekly schedule summaries and isolate inactive volunteers (Nags) to draft reminder emails.
  • Compose AI Drafts: Process coordinator prompt templates through configured Generative AI engines (such as Google Gemini) using your campaign's private API keys.

4. Data Storage and Security

We prioritize data sovereignty and security. The Application does not use external databases or third-party servers for data storage:

  • Google Workspace Ecosystem: All canvasser, turf, and shift data is stored **exclusively** inside your campaign's private Google Spreadsheet.
  • Access Permissions: Access to the spreadsheet and web app portal is controlled strictly through Google Drive's native sharing permissions.
  • API Keys Security: Your generative AI API keys (Gemini, OpenAI, Anthropic) are stored securely inside your private Google Apps Script **Script Properties**. They are never exposed in client-side code, committed to public version control, or shared. In the UI settings console, these keys are masked (e.g., GEMI...43a2) to prevent shoulder-surfing.

5. Third-Party Services

The Application integrates with the following third-party services to enable essential geographic and visual features:

  • Google Maps & OpenStreetMap (Leaflet): Displays interactive maps of canvassing lists and meeting places.
  • Google Geocoding API: Translates addresses entered in forms into raw decimal coordinates.
  • Generative AI Providers (Gemini, OpenAI, Anthropic): securely relays coordinator prompt templates via HTTPS requests using your campaign's private API keys.
  • Google Mail Service: Uses Google's native MailApp/GmailApp to send announcements directly from the coordinator's Google account.

6. Data Retention and Rights

Because all data is stored inside your campaign's spreadsheet, coordinators retain complete control over data retention and volunteer rights. Volunteers can contact their campaign coordinator to request contact updates, unavailability log changes, or complete canvasser roster removal. Campaign administrators can revoke script web app deployments at any time to cease all data processing.

7. Contact Information

If you have any questions about this Privacy Policy or your campaign's data processing practices, please contact your campaign coordinator or script administrator directly.