FOIA Machine Privacy Policy

MuckRock Foundation, the operators of FOIA Machine, respects your privacy. This Privacy Policy applies to our web site, (referred to herein as the FOIA Machine Site or Site). This Privacy Policy explains what information we collect through the Site, how we use that information, and what choices you have.

This Privacy Policy does not apply to the practices of any companies or individuals that FOIA Machine does not control, or any web sites that you link to or from the FOIA Machine Site. You should use caution and review the privacy policies of any external websites that you visit from the FOIA Machine Site.

By accessing the FOIA Machine Site, you agree to accept its terms and conditions and are aware that our policies may evolve in the future.

What We Collect and How We Use the Information We Collect

As part of the services provided by FOIA Machine, we must collect some "Personally Identifiable Information," such as your first name, last name, and e-mail address. You may optionally supply other information that can be used to contact you or identify you as an individual, including your postal address and phone number (collectively, “Optional Personally Identifiable Information”). We use Personally Identifiable Information and Optional Personally Identifiable Information to communicate with you and to assist in processing and managing your requests. When you register on the Site, we also require you to set up an account and, at that time, FOIA Machine will collect your username, user ID number, and a hashed password.

Integral in managing and processing your public records requests, FOIA Machine additionally collects the following information: your account type, your Stripe ID associated with your credit card information, your user profile URL, the number of non-expiring and number of expiring requests you have, the date that subscriptions renew, what requests you follow, the kind of status your account has (e.g. “active,” “blocked,” “staff,” or “superuser”), your last login and the date you joined, the requests you have filed, and the agencies with which you have filed these requests.

Our payment processor, Stripe, collects and stores information necessary for making payments including your credit card information, your e-mail address, your Stripe ID, the date you registered, your FOIA Machine username, your subscription information, and logs of certain activities and interactions (e.g. when your account was created and every transaction you make with Stripe)

How We Store Information We Collect

Except for the information collected and stored by Stripe (as described above), all other information is stored by FOIA Machine inside the MuckRock Foundation’s Django app. This information may be further organized or broken down into the following headings and categories, such as: title, URL of request, status of request, jurisdiction, agency, date submitted, date response was received, date request is due, days until request is due, whether the request is currently embargoed, date the embargo extends until, price of the request if the government is charging, description of the request, whether the request is featured, whether special data should be displayed on the side of the request, the request’s government-provided tracking ID number, whether the user has viewed the request since the request was last updated, the number of page views the request has, what e-mail address the request was sent to and/or from, what other e-mail addresses were copied in the correspondence, tags used to organize the request, and FOIA Machine’s internal tracking ID. Metadata associated with every communication included as part of your request shall also be collected and stored. This may include the name of sender, name of receiver, data and time sent, whether it is to or from the user, whether the request uses HTML, the contents of the body of the message, whether that communication changed the status of the request, how may pages an attachment, a description of an attachment, and a copy of an attached file.

How we share information

Except as noted below, FOIA Machine does not share your Personally Identifiable Information with third parties unless you give us your permission or we need to share such information in order to provide the services you have requested. When we supply Personally Identifiable Information to these third parties, we require them to use it only for the function they are helping us with.

We will disclose Personally Identifiable Information when required by law or under the good-faith belief that such disclosure is necessary in order to conform to applicable law, comply with subpoenas, court orders or legal process served on FOIA Machine, to establish or exercise our legal rights or defend against legal claims, and to protect the property or interests of FOIA Machine, its agents and employees, personal safety, or the public. If we become part of another organization, including without limitation, by merger, change of control, sale of assets, or other acquisition, the acquiring organization will obtain and have access to the Personally Identifiable Information collected by FOIA Machine and it will assume the rights and obligations regarding your Personally Identifiable Information as described in this Privacy Policy. If we cease operation, your information may be transferred to and used by another company that offers similar or related products or services.

How Long Will We Store This Information

Due to the length of the typical public records process and the length of these documents' usefulness, we will store this information indefinitely. Should you no longer wish information from a request you filed through the site to be stored by FOIA Machine, you must send a request via e-mail to Deletion requests will be complied with within 10 days of their submission.

Security and Your Privacy Responsibilities

We keep the Personally Identifiable Information you provide on servers that are protected by technological means against intrusion and unauthorized access.

To help protect your privacy, be sure: not to share your user ID or password with anyone else; to log off the FOIA Machine Site when you are finished; and to take customary precautions to guard against “malware” (e.g. viruses, Trojan horses, bots, etc.), for example, by installing and updating suitable anti-virus software.

Publicly posted information

FOIA Machine does not control, and is not responsible for, the use of any information or content that you have exposed to the public through your use of the FOIA Machine Site.

Changes to this Privacy Policy

We reserve the right to change or update this Privacy Policy as we deem necessary or appropriate. We endeavor to notify you of any material change to the Policy by sending a notice to the e-mail address you have provided or by posting a notice of such changes on the FOIA Machine Site. Unless otherwise provided, the revised terms will take effect on the date they are posted. Once such changes become effective, your continued use of the Site or App will signify your acceptance of the new Privacy Policy. If you do not agree to the terms of this Privacy Policy, or any revised Privacy Policy, your sole and exclusive remedy is to discontinue using the Site and App.


If you have questions or comments about our Privacy Policy, please send an e-mail to

This Privacy Policy was last modified on Nov 26, 2016.