At Hensel for Congress, privacy isn't just a policy; it’s the backbone of how we engage and respect our supporters. We aim to be fully transparent about the information we gather, how we use it, control measures for your data, and the lengths we go to safeguard it, ensuring no legal jargon stands in the way of your understanding.

Simply put, we're committed to protecting your personal information and using it responsibly. See below for deets.

At a Glance

Your trust is our foundation. Here’s a brief on our data practices:

• What we collect: Direct information (Names, emails, etc.) you share, and indirect data through tools like Google Analytics.
• Usage: Communication, service improvement, and processing donations.
• Data Sharing: Purely operational, e.g., Anedot for donations. Your data is never sold.
• Control: Total autonomy over your data, with clear opt-out choices.
• Open Book: Find updates and comprehensive details on our GitHub References Repo

The Weeds (Detailed Insight)

At Hensel for Congress, safeguarding your privacy is a core commitment. This policy elaborates on how we collect, utilize, and manage data through our interactions with you, covering both direct submissions and analytics insights via our website.

Data Collection

• Directly Provided: Anything you share while engaging with us, such as contact details, all of which is given voluntarily.
• Automated Gathering: Usage and engagement metrics to understand support dynamics and enhance our platform. (Google Analytics)

Usage

Leveraging collected information to foster communication, tailor enhancements to our initiatives, and facilitate secure, supportive donations through platforms like Anedot.

Sharing Practices

A strict operational boundary is in place; data sales are off-limits. Sharing is confined to essential operational purposes to maintain a direct, privileged supporter-campaign relationship. When it comes to data, Hensel for Congress is in a committed relationship with you. There are no data throuple relationships at Hensel for Congress.

Utilizing Your Data

We leverage this data to foster better communication, apply enhancements to our campaign initiatives, and smoothly process your supportive donations through Anedot. Opting out is hassle-free, ensuring you control the communication flow. We stand by your data rights, easily exercised through [email protected].

Data Sharing Practices

• Clear boundaries: Your data is never for sale. Shared solely for operational necessities, ensuring your engagement with our campaign remains direct and exclusive.
• Openness: We stand for transparency in political contributions as mandated by federal law, underscoring our dedication to openness.

Engaging With You

• Opting out: Made simple. Adjust settings or unsubscribe through provided links.
• Your rights: Access, rectification, or deletion requests can be easily submitted to [email protected]. Dr. Taylor Alison Swift, has a perfect song that defines our policy on data deletion requests: I Forgot That You Existed

Commitment to Security

As a DevOps and Data Engineer by profession and by passion, I integrate my expertise and enthusiasm for robust cybersecurity and data integrity into the heart of Hensel for Congress. Our security infrastructure is not just built; it's crafted, mirroring my personal disdain for unauthorized data usage and sharing. Here's how we ensure your data remains secure and respected:

End-to-End Encryption: We secure every piece of data transmitted to and from our servers with Full (strict) SSL/TLS encryption. This setup creates a secure channel, safeguarding your information against unauthorized snooping or interception.

Utilizing Cloudflare's Suite: We rely on Cloudflare's comprehensive suite of security services, including the Web Application Firewall (WAF) and advanced DDoS protection. These measures are part of our subscription with Cloudflare, providing an extensive shield against a myriad of online threats.

Open-Source Security Ecosystem:

• Wazuh: Spearheads our EDR operations, offering in-depth visibility into our systems for security and compliance. It's the backbone for real-time intrusion detection, sophisticated log data analysis, and preemptive threat response.
• Security Onion Integration: Our commitment to an ironclad network is bolstered by incorporating Security Onion into our security stack. This integration enhances our network security monitoring and log management, pooling the strengths of tools like Elastic Stack, Suricata, and Zeek for unrivaled network insight.
• Proactive Threat Intelligence: By employing threat lists and integrating safety nets like GitHub's MISP warning lists, we remain steps ahead of potential security pitfalls, distinguishing real threats from false positives with precision.

A Foundation of Zero Trust: Our security model doesn’t just rely on external tools; it’s built on a zero-trust approach, underpinned by Terraform for system consistency and scalability. Enhanced with YubiKey-powered multi-factor authentication, we verify every access request meticulously, regardless of source.

Continuous Security Evolution:

• Our landscape is dynamic, reflecting an ongoing cycle of improvement—from running automated security drills that mimic real-world challenges to staying ahead with regular software updates and employing GitHub Dependabot for our custom apps.
• As we pioneer forward, rolling out Software Bills of Materials (SBOMs) for all employed tools shines a light on our supply chain security, ensuring clarity and integrity in the tools we trust.

Security for us is more than a protocol; it's a manifestation of our values—your privacy is paramount, and selling your data without consent is off the table. As both a technologist and a candidate, I personally dive into the intricacies of our security measures because I believe in leading a campaign that not only talks the talk but walks the walk in every sense, especially when it comes to safeguarding our supporters' trust and data.

Your confidence and support empower us to maintain the highest security standards, ensuring that your engagement with Hensel for Congress is both impactful and secure. As we continue to innovate and enhance our security practices, our door remains open for your insights and inquiries. For a more detailed dialogue on our open-source tools and security strategies, feel free to reach out to us at [email protected].

Minors & Children

In line with COPPA, we’re attentive to the young ones. Collecting data from individuals under 13 is not in our practice. Should this happen unintentionally, swift action will be undertaken to rectify it.

8. Seamless Policy Updates

Changes and updates are communicated proactively to keep you informed. The GitHub repository serves as the central source for the most current version of our Privacy Policy. Changes are tracked in Git via verified commits.

9. Contact and Compliance

We operate within the legal frameworks of Arlington, Virginia, ensuring our campaign's compliance with U.S. regulations. Should you have inquiries or need clarifications, kindly reach us at [email protected].

Your participation and support for Hensel for Congress are immensely valued. Together, through mutual respect and strict privacy adherence, we aim to make a significant impact.