Privacy Policy

RiseUP D·D·S is the member portal for AFGE Local 509's Disability Determination Services chapter, used by SSDI and SSI claims examiners and chapter staff. It collects information you provide directly: your name, email address, union membership details, and case information you enter.

We also collect first-party product analytics from Vercel Speed Insights and, when Vercel Web Analytics is enabled for the project, Vercel Analytics, so we can see whether the portal is loading reliably and which pages members use. Sentry receives operational error telemetry when the app crashes or a request fails.

We use your information to:

• Provide and operate the member portal
• Send you updates about your cases and chapter activity
• Authenticate your identity (passkeys, email login PIN, Google OAuth)
• Improve the portal based on how members use it

We do not sell your personal information. Ever.

Your information is accessible to you and to authorized union stewards and administrators in your chapter. Case details you submit are visible to stewards handling your grievance. No data is shared with employers or third parties outside of the union.

Data is stored on Supabase (hosted on AWS infrastructure in the United States) and backed up regularly. Vercel hosts the application. Neither provider has access to your case content for marketing or advertising purposes.

Account and profile records are kept while your membership is active. After your access ends the chapter retains grievance history, audit trails, and required union records on the schedule below so we can defend cases, satisfy labor-law record-keeping, and respond to subpoenas or arbitration discovery.

The operational retention schedule below is the chapter's live default and reflects the windows currently configured in the portal. Tables marked “nightly auto-purge” are deleted on a daily schedule once they cross the window. Tables marked “manual review” are held for legal, grievance, or audit reasons and are reviewed case by case before deletion.

• Failed sign-in attempts: 3 months. Nightly auto-purge. Abuse-detection and lockout records for failed OTP, PIN, and passkey challenges.
• Successful sign-in history: 1 year. Nightly auto-purge. Member-visible sign-in history and operational login telemetry.
• Portal page-view analytics: 6 months. Nightly auto-purge. First-party analytics used for navigation tuning, performance, and product improvement.
• In-app notifications: 1 year. Nightly auto-purge. Delivery history for member alerts and reminders.
• Broadcast records: 1 year. Nightly auto-purge. Administrative broadcast metadata and delivery bookkeeping.
• AI assistant conversations: 6 months. Nightly auto-purge. Messages sent to the AI assistant and the generated replies stored in the portal.
• AI assistant usage counters: 30 days. Nightly auto-purge. Daily request counters used to enforce member AI assistant rate limits.
• Grievance cases: retained until a manual case review decides otherwise. Manual review only. Grievance case records. Retained until manual legal review under NLRA / EEOC §1602 / state union recordkeeping obligations decides otherwise.
• Grievance notes: retained until a manual case review decides otherwise. Manual review only. Append-only case history and labor-strategy notes. Retained until manual legal review (NLRA / EEOC §1602 / state union recordkeeping) decides otherwise.
• Audit trail records: 7 years. Manual review only. Security, access, and chain-of-custody records. Held for seven years and reviewed manually before deletion.

Drafts saved only in your browser stay on that device until you submit them, clear them, or sign out.

If your chapter enables the AI assistant, the messages you type there are sent to Anthropic to generate a reply. Those messages are also stored in the portal so you can revisit the conversation later.

Do not paste highly sensitive member, medical, or benefits details into the assistant unless your chapter has approved that workflow and you understand it will be processed by a third-party AI provider.

The current retention window for assistant conversations is 6 months. Older conversations are purged on the nightly retention schedule.

You may request to:

• Access the personal data we hold about you
• Correct inaccurate information
• Delete your account and associated data

To submit a request, sign in to the portal and use the “Request data export” or “Request data deletion” buttons in the Data & Records section of your profile. The portal records your request, returns a tracking reference, and routes it to chapter administrators for review. We aim to respond within 30 days.

Some records may be held past a deletion request when the chapter has a legal, grievance, or audit obligation to preserve them (for example, audit-trail entries covered by the 7-year retention window above). When that applies we will tell you which records are being retained and why.

If you are unable to sign in, contact your chapter administrator directly.

We use session cookies to keep you signed in. You can choose “sign me out when I close the browser” on the login screen for shared devices. We do not use third-party tracking cookies.

We do use Vercel Speed Insights, and may use Vercel Analytics when Web Analytics is enabled in Vercel, as first-party analytics to understand reliability and which pages and features members use most. You can opt out of those client-side measurements by turning on privacy mode in the portal for your browser.

Sentry error monitoring stays on even when privacy mode is enabled because it is used for reliability and abuse investigation rather than product analytics, but it is limited to operational telemetry tied to failures.

If we make material changes, we will update the date on this page and post an in-portal notice at least 14 days before the new terms take effect, unless a shorter window is required for urgent security or legal compliance.