Skip to main content
Back to home

Privacy Policy

Last updated: March 2026

1. What We Collect

When you use FOIA Friend to generate a request letter, you provide the following information:

  • First and last name
  • Street address, city, state, and ZIP code
  • Email address
  • Date of birth
  • Last 4 digits of your Social Security Number (optional)
  • Federal agencies you selected
  • Any additional concerns you typed in the optional text field

2. Why We Collect It

We collect this information solely to generate your Privacy Act and FOIA request letter. Your name, address, and date of birth appear in the letter body to help agencies locate your records — exactly as required by the Privacy Act (5 U.S.C. § 552a) and FOIA (5 U.S.C. § 552). We do not sell your data, share it with third parties for marketing purposes, or use it for any purpose other than generating and (optionally) mailing your letter.

3. How It's Stored

Your data is stored in a PostgreSQL database hosted by Supabase on servers located in the United States. Supabase encrypts data at rest and in transit. We use row-level security and private API keys — your data is not publicly accessible.

4. Who Can Access It

Only site administrators can access stored request data through a private admin dashboard protected by a secret key. Your information is never shared, sold, or disclosed to third parties except as follows:

  • Mailing partners: If you pay for us to mail your letter, we transmit your name and address to our mailing provider (currently Lob) solely for the purpose of printing and mailing the letter on your behalf.
  • Legal compliance: We may disclose your information if required to do so by law or valid legal process, such as a court order or subpoena.

5. Email & Opt-In

We send a one-time confirmation email after you generate a letter using Resend. If you check the opt-in box during the request flow, we may also send you occasional emails about new FOIA opportunities — such as agency expansions, policy changes, or significant government transparency news. We will never send spam. You can unsubscribe at any time by emailing privacy@foiafriend.com.

6. Analytics

We use Plausible Analytics, a privacy-first analytics platform that is cookieless, GDPR compliant, and CCPA compliant. Plausible does not collect personal data, does not use cookies, and does not track you across sites. We see only aggregate metrics like page views and button click events — never individual user data. Because Plausible requires no cookies, no cookie banner is needed.

7. Payments

If you choose to pay for mailing service, payment is processed by Stripe. FOIA Friend never stores your credit card number, CVV, or billing details. Stripe's privacy practices are governed by Stripe's Privacy Policy.

Optional support payments are voluntary and are not tax-deductible charitable contributions. Support payments are also processed by Stripe under the same terms.

8. Data Retention

We retain your request data indefinitely so that you can reference your submitted letter in the future. If you would like your data deleted, email us at privacy@foiafriend.com with the subject line “Delete my data” and we will remove your record within 30 days.

9. Children

FOIA Friend is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe a child has submitted information through our site, please contact us at privacy@foiafriend.com and we will delete it promptly.

10. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will update the “Last updated” date at the top of this page. Continued use of FOIA Friend after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this privacy policy or how your data is handled, please contact us at:

FOIA Friend
privacy@foiafriend.com