BlazingStar Analytics — Privacy Policy
Effective date: February 28, 2026
Last updated: February 28, 2026
For the short version of our privacy commitments, visit our privacy page.
1. Who We Are
BlazingStar Analytics ("BlazingStar," "we," "us," "our") is a federal budget execution tracking platform based in Alexandria, Virginia. We provide tools that connect appropriations, apportionments, execution, and award data from public federal sources.
Contact:
Email: privacy@blazingstaranalytics.com
Mail: BlazingStar Analytics, P.O. Box 6045, Alexandria, VA 22306
2. Information We Collect
Information you provide directly
| Category | Data | When collected |
|---|---|---|
| Identifiers | Email address | Newsletter signup, early access form, account creation |
| Identifiers | Name | Early access form, account creation (optional) |
| Professional info | Company/organization, role | Early access form (optional) |
| Preferences | Feature interests | Early access form (optional) |
| Account credentials | Email, password | Account creation (when app launches) |
| Payment info | Credit card or payment method | Subscription purchase (handled entirely by Stripe — we never see your card number) |
Information collected automatically
| Category | Data | How |
|---|---|---|
| Aggregate analytics | Page views, referral sources, device type, country-level geography | Plausible Analytics (marketing site and blog only). No cookies, no IP logging, no individual identification. |
| Security data | IP address (transient, not logged by us) | Cloudflare processes IP addresses for DDoS protection and bot mitigation. We retain the IP address only for the duration of the request; it is discarded immediately after and never written to our logs. |
| Session cookies | Functional session token | Ghost uses session storage if you manage a newsletter subscription account. Expires when you close your browser. |
| Trial integrity | One-way cryptographic hash of email | Generated at trial signup. Cannot be reversed to reveal your email. Used solely to prevent trial abuse. |
Information we do NOT collect
- Tracking pixels or web beacons
- Behavioral analytics, click tracking, or session replay
- Cross-site tracking or advertising identifiers
- Biometric data, geolocation beyond country-level, or device fingerprints
- Any third-party analytics inside the BlazingStar application
3. How We Use Your Information
| Purpose | Data used | Legal basis |
|---|---|---|
| Send you the newsletter you signed up for | Email address | Contract performance (GDPR); consent (VCDPA) |
| Contact you about beta access and product launch | Email, name, company, role, interests | Contract performance (GDPR); consent (VCDPA) |
| Process your subscription and payments | Email, payment info (via Stripe) | Contract performance |
| Provide and operate the BlazingStar platform | Account credentials, usage data | Contract performance |
| Understand which marketing content is useful | Aggregate analytics (no personal data) | Legitimate interest |
| Prevent trial abuse | Cryptographic email hash | Legitimate interest |
| Maintain site security and prevent fraud | Cloudflare security data | Legitimate interest |
| Respond to your inquiries | Email, name | Legitimate interest |
| Comply with legal obligations | As required | Legal obligation |
We do not use your information for targeted advertising, profiling, or any purpose not listed above.
Where we rely on legitimate interest as a legal basis (trial abuse prevention, site security, responding to inquiries), we have conducted internal assessments to ensure our interests do not override your rights and freedoms.
4. How We Share Your Information
We do not sell your personal data. We have never sold personal data. We will never sell personal data.
We do not share your personal data for targeted advertising or cross-context behavioral advertising.
We share data only with the service providers ("processors") necessary to operate our services:
| Provider | Role | Data shared | Privacy policy |
|---|---|---|---|
| Ghost | Blog and newsletter platform | Email address, subscription data | ghost.org/privacy |
| Plausible | Privacy-first analytics | Aggregate data only (no personal data) | plausible.io/privacy |
| Formspree | Early access form processing | Form submissions (email, name, company, role, interest) | formspree.io/legal/privacy-policy |
| Cloudflare | CDN and security | IP address (transient, for routing and DDoS protection) | cloudflare.com/privacypolicy |
| DigitalOcean | Cloud infrastructure | Data stored on their servers | digitalocean.com/legal/privacy-policy |
| Stripe | Payment processing | Payment information, email | stripe.com/privacy |
| Framer | Marketing website hosting | Server logs (IP address) | framer.com/legal/privacy |
Each provider operates under a data processing agreement that limits how they can use your data. They process data on our behalf and cannot use it for their own purposes.
5. Cookies, Storage, and Tracking
We do not use tracking or advertising cookies.
Cookies
| Cookie | Source | Purpose | Duration |
|---|---|---|---|
ghost-members-ssr | Ghost (blog) | Keeps you logged in if you manage a newsletter subscription | Session (cleared when browser closes) |
cf_clearance | Cloudflare | Security — verifies you passed a bot or challenge check during elevated threat conditions. May not appear during normal browsing. | Up to 30 minutes |
Browser session storage
| Key | Source | Purpose | Duration |
|---|---|---|---|
ghost-history | Ghost (blog) | Records pages visited, timestamps, and referral source during your browsing session. Used for reading recommendations and, if you subscribe to the newsletter, to attribute which content led to your signup. | Session (cleared when tab closes) |
Session storage is not a cookie — it is never sent to any server and cannot be accessed by third parties.
What we don't use
- No analytics cookies (Plausible is cookieless)
- No marketing or advertising cookies
- No third-party tracking cookies
- No cross-site cookies
- The marketing site sets zero cookies
- The BlazingStar application sets zero cookies (a functional session cookie will be added when the app launches)
All cookies listed above are first-party and strictly functional. None are shared with advertisers or used for tracking. We periodically audit our properties to confirm no unauthorized tracking scripts are present.
That's the complete list. Open your browser's developer tools and check — we'll wait.
6. Data Retention
| Data | Retention period |
|---|---|
| Aggregate analytics | Retained indefinitely by Plausible. No individual data to retain. |
| Newsletter subscribers | Until you unsubscribe. Deleted upon unsubscribe. |
| Early access signups | Until we contact you about beta access. You can request deletion at any time. |
| Trial integrity hash | Retained for the duration of the trial program. Deleted upon account deletion or by request. |
| App account data | Until you delete your account or request deletion. |
| Payment records | As required by tax and financial regulations (typically 7 years for transaction records). |
| Security logs | Cloudflare retains security logs per their retention policy. We do not independently store these. |
7. Your Privacy Rights
For all users
Regardless of where you live, you can:
- Unsubscribe from any email with one click
- Access your data by emailing privacy@blazingstaranalytics.com
- Correct inaccurate information
- Delete your data — we will purge your information within 7 days of your request
Virginia residents (VCDPA)
Under the Virginia Consumer Data Protection Act, you also have the right to:
- Confirm whether we are processing your personal data
- Obtain a copy of your personal data in a portable format
- Opt out of the sale of personal data — we do not sell personal data, so there is nothing to opt out of
- Opt out of targeted advertising — we do not engage in targeted advertising
- Opt out of profiling — we do not profile users in furtherance of decisions that produce legal or similarly significant effects
Universal opt-out signals: We support the intent of Global Privacy Control (GPC) and similar universal opt-out preference signals. Because we do not sell data or engage in targeted advertising, our practices already comply with what these signals request.
California residents (CCPA/CPRA)
Under the California Consumer Privacy Act, you have the right to:
- Know what personal information we collect, use, disclose, and the categories of personal information we have disclosed for a business purpose
- Delete your personal information
- Correct inaccurate personal information
- Opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising
- Non-discrimination — we will not discriminate against you for exercising your privacy rights
"Do Not Sell or Share My Personal Information": We do not sell or share your personal information. Period.
EU, EEA, and UK residents (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access your personal data and receive a copy
- Rectify inaccurate or incomplete data
- Erase your personal data ("right to be forgotten")
- Restrict processing of your personal data
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interest
- Lodge a complaint with your local data protection authority
Legal bases for processing: See Section 3 above. We rely on contract performance, consent, legitimate interest, and legal obligation as appropriate.
International transfers: Some of our service providers are US-based. Cross-border transfers are protected by Standard Contractual Clauses (SCCs) incorporated into our data processing agreements with each provider.
8. How to Exercise Your Rights
Email: privacy@blazingstaranalytics.com
We will acknowledge your request within 7 days and fulfill it within 45 days. If we need more time (up to an additional 45 days), we will tell you why.
We may ask you to verify your identity before processing a request. We will not ask for more information than necessary to confirm you are who you say you are.
9. Appeals Process
If we deny your privacy rights request, you have the right to appeal.
To appeal: Email privacy@blazingstaranalytics.com with "Privacy Appeal" in the subject line. Describe your original request and why you believe it should be granted.
Our response: We will respond to your appeal within 60 days with a written explanation of our decision and any action taken.
If we deny your appeal: You may file a complaint with the Virginia Attorney General:
- Online: www.oag.state.va.us/consumer-protection/index.php/file-a-complaint
- Phone: (800) 552-9963
10. Sensitive Data
We do not collect sensitive data as defined by the VCDPA, including:
- Racial or ethnic origin
- Religious beliefs
- Health information
- Sexual orientation
- Citizenship or immigration status
- Genetic or biometric data
- Precise geolocation
- Personal data of children under 13
11. Children's Privacy
BlazingStar is a professional tool for federal budget analysis. Our services are not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
12. Security
We implement administrative, technical, and organizational safeguards to protect your personal data, including:
- Encryption in transit (TLS/HTTPS on all connections)
- Encryption at rest for stored data
- Access controls limiting who can access personal data
- Regular security monitoring and incident response procedures
- Cloudflare DDoS protection and bot mitigation
No system is perfectly secure. If we discover a breach that affects your personal data, we will notify affected users and any relevant authorities within 72 hours of confirming the breach, as required by applicable law.
13. Changes to This Policy
If we make material changes to this policy, we will provide at least 30 days' notice before the changes take effect. Notice will be provided via email to registered users and newsletter subscribers, and by posting a prominent banner on our website alongside the updated policy on this page.
Non-material changes (formatting, clarifications that don't affect your rights) may be made without notice.
14. Contact
Email: privacy@blazingstaranalytics.com
Mail: BlazingStar Analytics, P.O. Box 6045, Alexandria, VA 22306
Version History
| Version | Date | Summary |
|---|---|---|
| 1.0 | January 1, 2026 | Original policy |
| 2.0 | February 28, 2026 | Restructured into manifesto + full policy. Added VCDPA compliance, appeals process, expanded rights disclosures. |
