Privacy Policy

(Updated as of December 31, 2023)

1. Introduction

This website is operated by Catalist LLC (“Catalist” or “we”). We are a mission-driven political organization that provides data, analytics, and data services (“Products and Services”) to, and on behalf of, Democratic and/or progressive political or nonprofit campaigns, organizations, and causes and other organizations engaging in political or governmental activities (collectively, “Clients”). We respect the privacy interests of individuals whose information we receive and may share, and this Privacy Policy (“Privacy Policy”) outlines how we handle such information.

We may update this Privacy Policy at any time. We may also provide you additional privacy notices regarding our collection, use, or disclosure of information. Any changes will become effective when posted to our website. Please read this Policy, the California Privacy Policy Addendum for Job Applicants and Employees (“Addendum”), and any other privacy notices carefully and check regularly to ensure that you have read the latest version to stay informed of our privacy practices. Your continued employment or access to or use of our websites or Products and Services constitutes your acceptance of the Privacy Policy, the Addendum, and any updates.

Most of the information that we handle is not collected on this website, but rather through relationships we have with other entities such as governmental agencies or other sources of public data as well as data vendors and data services providers. This Privacy Policy addresses both information collected from third parties and through this website.

Residents of California, Colorado and Connecticut are entitled to additional rights as detailed under Your Privacy Choices.

Please note that this Privacy Policy does not apply to the extent that we process information in the role of a processor or service provider. Where Catalist is acting as a processor or service provider, please reach out to the controller of your information for applicable privacy information. We are not responsible for the privacy or data security practices of our customers which may differ from those set forth in this Privacy Policy.

2. Our Collection of Personal Information

The following sets forth the categories of personal information we collect, the sources of such information, and the purposes for which we may use personal information. For purposes of the Privacy Policy, personal information is broadly defined as information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device.

Catalist does not expect that you will be subject to decisions that will have a legal or similarly significant effect on you based on the automated processing by Catalist of your personal information.

Catalist collects certain categories of personal information through our website, including through the deployment of cookies. Cookies are small, unique text files stored on the browser of your internet-connected device to identify the device. Cookies contain information that helps improve site functionality and security, but can also be used for advertising, analytics, and other commercial purposes which span multiple sites. 1st-party cookies are cookies set by the website owner; 3rd-party cookies are cookies set by parties other than the website owner. In its products and websites, Catalist places both 1st party cookies and 3rd-party cookies and leverages partners’ 1st-party cookies. In some cases multiple types of identifiers may be collected in the course of a single action. Although Catalist is a data company, information collected from visitors to our website (and their web browsers) is not utilized in connection with our Products and Services.

Finally, Catalist uses certain publicly available datasets in order to enhance and improve our products, including information obtained from public sources and government records (which may include personal information described in the tables below including, without limitation, information regarding race, ethnicity, and religion). We may combine those datasets with personal information obtained from other sources.

We provide the below tables to describe the nature and purpose of our collection of various types of personal information.

Category of InformationSource(s) of Information and CollectionPurposes of Collection (see below for more information)
Identifiers
real name, alias, postal address, unique personal identifiers, online identifiers including cookies and mobile IDs, IP address, email address, or other similar identifiers.
Data compilers and consumer data resellers, public records and government entities, offline and online database providers, data analytics providers, operating systems and platforms, and social networks. Visitors to our website (and their web browsers).For any business purpose, including to administer your account and provide you services, to send communications and administrative emails, to respond to your inquiries, and to send marketing and product update messages. Business purposes also include internal business purposes such as identity verification, internal operations, auditing, debugging, short-term and transient use, improving our Products and Services, and analyzing how our website or services are being used. To develop, maintain, improve and provide Products and Services to our Clients who use such information for permitted governmental, democratic, and/or progressive political or nonprofit purposes.
Internet or electronic network activity information
information regarding a consumer’s interaction with a website, application, or ad. Information may include type of browser and operating system used to access the website, a time-stamp, and other browser or device information; IP address; clickstream data and any URL referral information (such as any website or social media platform that referred you to our website); what part(s) of our website you visit, click and view, and how long you view it; and unique identifiers which we may associate with a cookie, device identifier or similar technology.
Catalist systems and websites. Visitors to our website (and their web browsers).For any business purpose, including to administer your account and provide you services, to send communications and administrative emails, to respond to your inquiries, and to send marketing and product update messages. Business purposes also include internal business purposes such as identity verification, internal operations, auditing, debugging, short-term and transient use, improving our Products and Services, and analyzing how our website or services are being used.
Geolocation dataNot applicableNot applicable
Commercial or transactions information
E.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Data compilers and consumer data resellers. Public records and government sources.For any business purpose, including to administer your account and provide you services, to send communications and administrative emails, to respond to your inquiries, and to send marketing and product update messages. Business purposes also include internal business purposes such as identity verification, internal operations, auditing, debugging, short-term and transient use, improving our Products and Services, and analyzing how our website or services are being used.To develop, maintain, improve and provide Products and Services to our Clients who use such information for permitted governmental, democratic, and/or progressive political or nonprofit purposes.
Professional or employment-related information
E.g., current or past employment, occupation.
Data compilers and consumer data resellers, public records and government entities. Visitors to our website.For any business purpose, including to administer your account and provide you services, to send communications and administrative emails, to respond to your inquiries, and to send marketing and product update messages. Business purposes also include internal business purposes such as identity verification, internal operations, auditing, debugging, short-term and transient use, improving our Products and Services, and analyzing how our website or services are being used.To develop, maintain, improve and provide Products and Services to our Clients who use such information for permitted governmental, democratic, and/or progressive political or nonprofit purposes.
Categories of personal information described in Cal. Civ. Code § 1798.80(e)
E.g., physical characteristics or description; telephone number. Information included in this category may be duplicative of information identified in other categories in this table.
Data compilers and consumer data resellers. Visitors to our website.For any business purpose, including to administer your account and provide you services, to send communications and administrative emails, to respond to your inquiries, and to send marketing and product update messages. Business purposes also include internal business purposes such as identity verification, internal operations, auditing, debugging, short-term and transient use, improving our Products and Services, and analyzing how our website or services are being used. To develop, maintain, improve and provide Products and Services to our Clients who use such information for permitted governmental, democratic, and/or progressive political or nonprofit purposes.
Characteristics of protected classifications under California or US law
E.g., race; color; religion; sex/gender, gender identity; marital status; military or veteran status; national origin; and ancestry; age.
Data compilers and consumer data resellers, public records and government entities.For any business purpose, including to administer your account and provide you services, to send communications and administrative emails, to respond to your inquiries, and to send marketing and product update messages. Business purposes also include internal business purposes such as identity verification, internal operations, auditing, debugging, short-term and transient use, improving our Products and Services, and analyzing how our website or services are being used. To develop, maintain, improve and provide Products and Services to our Clients who use such information for permitted governmental, democratic, and/or progressive political or nonprofit purposes.
Data collected on our website
personal and non-personal information submitted through our website (such as to request information or log in to a service or application we provide).
Visitors to our website (and their web browsers).For any business purpose, including to administer your account and provide you services, to send communications and administrative emails, to respond to your inquiries, and to send marketing and product update messages. Business purposes also include internal business purposes such as identity verification, internal operations, auditing, debugging, short-term and transient use, improving our Products and Services, and analyzing how our website or services are being used.
Data collected from current and prospective Clients
personal and non-personal information to facilitate contact and engagement (e.g., email address and cell phone).
Current and prospective Clients.For any business purpose, including to administer your account and provide you services, to send communications and administrative emails, to respond to your inquiries, and to send marketing and product update messages. Business purposes also include internal business purposes such as identity verification, internal operations, auditing, debugging, short-term and transient use, improving our Products and Services, and analyzing how our website or services are being used.

3. Our Disclosure and Sale of Personal Information

As described above, we will share the information collected about you for various business purposes, with service providers, and with third parties, including our customers. The chart below describes how and with whom we share or disclose personal information, and whether we believe we have “sold” or “shared” a particular category of information in the prior 12 months. Under the CPRA (as defined below), “sharing” generally includes the use of information for targeted advertising.

Category of InformationCategories of Third Parties With Whom We Share InformationWhether We “Sold” or “Shared” This Category of Personal Information in the Last 12 Months
Identifiers
real name, alias, postal address, unique personal identifiers, online identifiers including cookies and mobile IDs, IP address, email address, or other similar identifiers.
Clients (and their respective consultants and vendors). As required to (1) comply in good faith with applicable laws, rules, regulations, governmental requests, court orders, or subpoenas; (2) enforce our agreements; and (3) protect the rights, property, or safety of our users or any other person or entity. As part of a business sale, merger, consolidation, investment, change in control, transfer of substantial assets, reorganization or liquidation, or in connection with steps taken in anticipation of such an event (e.g., due diligence).Yes
Internet or electronic network activity information
information regarding a consumer’s interaction with a website, application, or ad. Information may include type of browser and operating system used to access the website, a time-stamp, and other browser or device information; IP address; clickstream data and any URL referral information (such as any website or social media platform that referred you to our website); what part(s) of our website you visit, click and view, and how long you view it; and unique identifiers which we may associate with a cookie, device identifier or similar technology.
As required to (1) comply in good faith with applicable laws, rules, regulations, governmental requests, court orders, or subpoenas; (2) enforce our agreements; and (3) protect the rights, property, or safety of our users or any other person or entity. As part of a business sale, merger, consolidation, investment, change in control, transfer of substantial assets, reorganization or liquidation, or in connection with steps taken in anticipation of such an event (e.g., due diligence).No
Geolocation dataNot applicableNo
Commercial or transactions information
E.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Clients (and their respective consultants and vendors). As required to (1) comply in good faith with applicable laws, rules, regulations, governmental requests, court orders, or subpoenas; (2) enforce our agreements; and (3) protect the rights, property, or safety of our users or any other person or entity. As part of a business sale, merger, consolidation, investment, change in control, transfer of substantial assets, reorganization or liquidation, or in connection with steps taken in anticipation of such an event (e.g., due diligence).Yes
Professional or employment-related information
E.g., current or past employment, occupation.
Clients (and their respective consultants and vendors). As required to (1) comply in good faith with applicable laws, rules, regulations, governmental requests, court orders, or subpoenas; (2) enforce our agreements; and (3) protect the rights, property, or safety of our users or any other person or entity. As part of a business sale, merger, consolidation, investment, change in control, transfer of substantial assets, reorganization or liquidation, or in connection with steps taken in anticipation of such an event (e.g., due diligence).Yes
Categories of personal information described in Cal. Civ. Code § 1798.80(e)
E.g., physical characteristics or description; telephone number. Information included in this category may be duplicative of information identified in other categories in this table.
Clients (and their respective consultants and vendors). As required to (1) comply in good faith with applicable laws, rules, regulations, governmental requests, court orders, or subpoenas; (2) enforce our agreements; and (3) protect the rights, property, or safety of our users or any other person or entity. As part of a business sale, merger, consolidation, investment, change in control, transfer of substantial assets, reorganization or liquidation, or in connection with steps taken in anticipation of such an event (e.g., due diligence).Yes
Characteristics of protected classifications under California or US law
E.g., race; color; religion; sex/ gender, gender identity; marital status; military or veteran status; national origin; and ancestry; age.
Clients (and their respective consultants and vendors). As required to (1) comply in good faith with applicable laws, rules, regulations, governmental requests, court orders, or subpoenas; (2) enforce our agreements; and (3) protect the rights, property, or safety of our users or any other person or entity. As part of a business sale, merger, consolidation, investment, change in control, transfer of substantial assets, reorganization or liquidation, or in connection with steps taken in anticipation of such an event (e.g., due diligence).Yes
Data collected on our website
personal and non-personal information submitted through our website (such as to request information or log in to a service or application we provide).
As required to (1) comply in good faith with applicable laws, rules, regulations, governmental requests, court orders, or subpoenas; (2) enforce our agreements; and (3) protect the rights, property, or safety of our users or any other person or entity. As part of a business sale, merger, consolidation, investment, change in control, transfer of substantial assets, reorganization or liquidation, or in connection with steps taken in anticipation of such an event (e.g., due diligence).No
Data collected from current and prospective Clients
personal and non-personal information to facilitate contact and engagement (e.g., email address and cell phone)
As required to (1) comply in good faith with applicable laws, rules, regulations, governmental requests, court orders, or subpoenas; (2) enforce our agreements; and (3) protect the rights, property, or safety of our users or any other person or entity. As part of a business sale, merger, consolidation, investment, change in control, transfer of substantial assets, reorganization or liquidation, or in connection with steps taken in anticipation of such an event (e.g., due diligence).No

Below are additional details as to certain of the above sharing practices:

Sharing With Service Providers

As noted above,we may share the information with service providers who help us deliver the services you request or we provide. For instance, we share the information with tech and customer support providers, marketing providers, other data providers (such as to enhance or verify our information), security and data hygiene vendors, payment vendors (as to our business to business information), and other companies that may help us deliver or develop Products and Services.

Use of our Corporate Data for Marketing

We also may share information we obtain for our own corporate purposes to communicate with you and market to you, including through email, direct mail, or display media (which in turn may rely on cookies and similar technologies, described elsewhere in this Privacy Policy). We may obtain this information, for instance, from your visit to our website. Likewise, our website(s) may use cookies and similar technologies both for internal and operational purposes and to market to you (such as to retarget ads to you when you visit other sites across the Internet).

4. The Specific Purposes for Which We Use and Share the Personal Information We Collect

As noted above, we use and share the personal information we collect to provide, maintain, operate, and improve our Products and Services. Below is additional information as to such uses.

Provide Products and Services, for example:
Data and analytics services, for example:
Creating political datasets for Clients. This may include, at any given time, our provision of datasets (such as lists of registered voters), data “appends” (connecting data across datasets), data “scoring” (providing inferences about potential voter behavior), or data hygiene services (helping Clients to evaluate, validate and correct personal information they hold).
Helping Clients identify and understand their voters and members better by providing insights about them.
Online targeting, for example:
Creating or helping to create defined audience segments based on common demographics and/or shared (actual or inferred) interests or preferences (e.g., media consumption models, vote propensity, ideology, etc.) A data partner then “matches” our or other personal information through de-identification techniques (such as through coded data “hashing”) with online cookies and other identifiers in order to help organizations target and measure ad campaigns online across various display, mobile and other media channels.
Additional client services, for example (which may overlap with “data services” above):
Assisting in targeting and optimizing direct mail and email campaigns and display, mobile, and social media marketing.
Providing “verification” or data “hygiene” services, which is how companies update and/or “clean” their databases by either verifying or removing or correcting old, incorrect or outdated information.
Operation of our Products and Services, for example:
Improving, testing, updating, and verifying our own databases.
Developing new products and services.
Operating, analyzing, improving, and securing our Products and Services.
Send marketing communications, for example:
Sending you customized newsletters, surveys, and information about products and services (with your consent where required) based on your activities and interests, including products and services offered by our partners and other organizations with which we work.
Build and manage business-to-business relationships using information collected in our corporate capacity, for example:
Pursuing potential business opportunities, including identifying and contacting the correct person within your company.
Sending communications for business purposes.
Managing Client, vendor, and other business relationships.
Sending event invitations and marketing emails, and tracking the effectiveness of such communications.
Issuing or paying invoices and fulfilling contractual commitments.
Providing business contacts with access to our systems and managing such access.
Perform compliance and risk management activities, for example:
Compliance with laws and regulations.Managing third-party and other risks to our business.Protecting the reputation of our businesses.
Protect our users, Products and Services, and properties, for example:
Protecting the safety and security of users and visitors to the Products and Services.
Protecting our digital and physical properties.
Detecting and preventing other activities that may be illegal or in violation of our terms of service.

We may combine all the information we collect from or receive about you for the purposes outlined in this Privacy Policy. We may aggregate or de-identify your information and may use, share, rent, license, or sell aggregated or de-identified information for any purpose, and such information is not subject to this Privacy Policy.

5. Your Privacy Choices

Catalist respects the privacy interests of individuals whose information we receive and is happy to honor requests to delete and opt out of the sale of your personal information. Such requests may be made by contacting us as described in Privacy Options. For security and safety purposes, you may need to confirm your possession of an identifier, identifying information, or to provide a piece of identification that confirms you are the person you claim to be. If we are unable to confirm your possession of any such information, we may not be able to fulfill your request.

We may retain personal information for certain important purposes, such as (a) to ensure your deleted information is not reintroduced to our systems, (b) to protect our business, systems, and users from fraudulent activity, (c) to address technical issues that impair existing functionality (such as de-bugging purposes), (d) as necessary for us, or others, to exercise their free speech or other rights, (e) to comply with law enforcement requests pursuant to lawful process, (f) for scientific or historical research, (g) for our own internal purposes reasonably related to your relationship with us, or (h) to comply with legal obligations.

6. Residents of California, Colorado, Connecticut, and Utah

The California Privacy Rights Act (inclusive of the California Consumer Privacy Act, “CPRA”), the Colorado Privacy Act (“CPA”), the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CPDPA”), and the Utah Consumer Privacy Act (“UCPA”, together with the CPRA, CPA, and CPDPA collectively, “Applicable Privacy Laws”) provide residents of the applicable states with specific rights regarding your personal information, subject to certain restrictions and without discrimination for exercising such rights. This section describes how to exercise your privacy rights and our process for handling such requests.

For a description of the personal information we collect, how we collect such personal information, and the purpose of such collection, please see Our Collection of Personal Information and Our Disclosure and Sale of Personal Information. If you are a resident of California and a job applicant or employee of Catalist, you may refer to our Addendum.

If we are acting as a service provider to a Client, then any consumer requests for opt-out, deletion, or access to data must be made through such Client. To the extent feasible, we will forward any such requests to the relevant/related/applicable Client.

You may also have the right to designate an agent to exercise privacy rights on your behalf. For security and safety purposes, and as required under Applicable Privacy Laws, you and the agent will have to verify your respective identities and provide proof of your residency. We will also verify that the agent has permission to submit requests on your behalf. Such proof includes written authorization identifying your first name, last name, email address, and telephone number, along with which rights you have authorized the agent to exercise on your behalf. The written authorization authorizing the agent to act on your behalf must be signed and dated by you. This document should also include, if applicable, the business name of the authorized agent. Your valid email address is required so that we may directly contact you for identity verification purposes. We cannot provide you or your agent with personal information if we cannot verify your identity as the consumer, your agent’s identity, or your agent’s authority to make the request.

Right to Know or Access your Personal Information

You may request specific pieces of personal information that we have collected about you and whether we are processing your personal information. Such requests may be made by contacting us as described in Privacy Options. California residents also have the right to request that we disclose the categories of your personal information that we collect, use, or sell.

For security and safety purposes, and as required under Applicable Privacy Laws, you will have to provide proof of your residency in California, Colorado, or Connecticut, as applicable, and verify your identity. For instance, you may need to confirm your possession of an identifier, identifying information, or to provide a piece of identification that confirms you are the person you claim to be. We will respond to verifiable consumer requests for access not more than twice within a 12-month period or as required by law.

Once we have verified your identity, we will respond to your request as follows:

  • Where you have requested specific pieces of personal information, we will provide the information you have requested to the extent required by law (unless we believe that there is an overriding privacy or security concern).
  • If you are a California resident, where you have requested the categories of personal information that we have collected about you, we will provide a list of such categories.

If we are unable to verify your identity, we will inform you that we cannot verify your identity and will not disclose any specific pieces of personal information to you; however, we may return category information upon your request.

We may withhold some personal information where the risk to you or our business is too great to disclose the information or as permitted by applicable law.

Right to Request Deletion of your Personal Information

You have the right to request that we delete personal information we have collected directly from you. Such requests may be made by contacting us as described in Privacy Options.

Deletion is different from opting out of the sale of your personal information as it pertains only to information collected directly from you and not to data included in our Products and Services. Thus, if you do not want your personal information to be included in our Products and Services, then you should exercise your opt-out rights as described in Right to Opt-Out of the Sale of Personal Information.

For security and safety purposes, and as required under Applicable Privacy Laws, you will have to provide proof of your state residency and verify your identity. For instance, you may need to confirm your possession of an identifier, identifying information, or to provide a piece of identification that confirms you are the person you claim to be.

We may retain personal information for certain important purposes, such as (a) to ensure your deleted information is not reintroduced to our systems, (b) to protect our business, systems, and users from fraudulent activity, (c) to address technical issues that impair existing functionality (such as de-bugging purposes), (d) as necessary for us, or others, to exercise their free speech or other rights, (e) to comply with law enforcement requests pursuant to lawful process, (f) for scientific or historical research, (g) for our own internal purposes reasonably related to your relationship with us, or (h) to comply with legal obligations.

Right to Request Correction of your Personal Information

Residents of California, Colorado, and Connecticut have the right to request that we correct your inaccurate personal information. Such requests may be made by contacting us as described in Privacy Options.

Right to Request Correction of your Personal Information

You have the right to opt-out of the sale of your personal information. We may have sold certain categories of information about you in the last 12 months as described in Our Disclosure and Sale of Personal Information. The opt-out action effectively removes your information from our files and places your information on a suppression list. We will only retain enough to ensure your information is not reintroduced.

To opt-out of the sale of your personal information, you may contact us as described in Privacy Options.

Right to Limit Use or Disclosure of Sensitive Personal Information

To the extent that your sensitive personal information is directly collected by Catalist, California residents have the right to request that we limit the use and disclosure of your sensitive personal information. Such requests may be made by contacting us as described in Privacy Options.

Right to Appeal

Residents of Colorado and Connecticut have the right to appeal the denial by Catalist of your prior privacy request. Such requests may be made by contacting us as described in Privacy Options.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment by Catalist for the exercise of your privacy rights under Applicable Privacy Laws. We do not discriminate in this manner.

Persons under the Age of 16

We do not knowingly collect personal information from persons under 16 years of age in California, Colorado, Connecticut, or Utah. If we learn that personal information from residents under the age of 16 in such states has been collected, we will take reasonable steps to remove their information from our database. If you believe a child under the age of 16 has disclosed personal information to us, please contact us as described in Privacy Options and specify the relevant customer and information.

CPRA Metrics Reporting for the Previous Calendar Year (2022)

The information provided reflects requests from CA consumers only. Requests may have been denied if we were unable to verify your identity, the request called for information exempt from disclosure, or other grounds.

Request to Know0 requests received
0 requests complied with in whole or in part
0 requests denied
Request to Delete1 requests received
1 requests complied with in whole or in part
0 requests denied
Request to Correct0 requests received
0 requests complied with in whole or in part
0 requests denied
Request to Limit0 requests received
0 requests complied with in whole or in part
0 requests denied
Request to Opt-Out0 requests received
0 requests complied with in whole or in part
0 requests denied
Mean or median response timeRequests to Know (Access) are fulfilled within a mean of 0 days following completion of identity verification
Requests to Delete are fulfilled within a mean of 1 days following completion of identity verification
Requests to Correct are fulfilled within a mean of 0 days following completion of identity verification
Requests to Limit are fulfilled within a mean of 0 days
Requests to Opt-Out are fulfilled within a mean of 0 days

7. Data Retention and Security

We may retain information for as long as needed to develop, maintain, improve and provide Products and Services, comply with laws and legal obligations, resolve disputes, enforce agreements, and achieve other objectives as described in this Privacy Policy (including, without limitation, internal business purposes) and in the Addendum.

Catalist maintains security measures that are designed to ensure that the information we possess is housed and transmitted securely. These measures may include physical and electronic security, firewall protections, encryption and hashing of data, and access controls. However, neither we nor any platform can guarantee 100 percent safety from unauthorized attempts to gain access, so this Privacy Policy does not guarantee the safety of your information.

8. Privacy Options

Please contact Catalist by completing this form or by mail, telephone, or email as follows:

Mail

Catalist LLC

1310 L Street NW #500

Washington, DC 20005

Attn: Data Privacy

Telephone

(800) 938-9516

Email

Email: [email protected]

If you have questions about this Privacy Policy, the practices of this website, or your dealings with this website, you may contact us as described in this section.