Legal & Utility

Privacy Notice

We are a News Media and Research Organization. We minimize what we collect, protect Subscriber Data, and publish verified public record information as part of our journalistic mission.

PRIVACY NOTICE

Effective Date: December 15, 2025

Entity: VARRY LLC doing business as Center for Federal Accountability (Virginia)

1. The Preamble: Our Stance

The Center for Federal Accountability ("CFA," "we," "us") exists to audit the data practices of the United States Government. As an organization dedicated to transparency and the Fourth Amendment, we hold ourselves to a strict standard of data minimization and security.

We are a News Media and Research Organization, not a data broker. Our business model relies on the value of our intelligence and the support of our subscribers, not the monetization of your personal information.

2. The Distinction: Subscriber Data vs. Public Record

This policy governs two distinct categories of information. It is critical that you understand the difference:

  • Subscriber Data: Information you voluntarily provide to us (e.g., email, payment info) to access our services. We protect this rigorously.
  • Investigative Data: Information regarding government officials, contractors, and systems that we aggregate from public records (FOIA, SAM.gov, Federal Register). This data is published as part of our journalistic mission.

3. Information We Collect

A. From Subscribers & Visitors

  • Identity Data: If you subscribe to The Intelligence Brief or create an account, we collect your email address and, optionally, your name.
  • Transactional Data: If you purchase a subscription or B2B service, our payment processor (e.g., Stripe) collects financial data. The CFA does not store full credit card numbers.
  • Technical Data: We collect minimal server logs (IP address, browser type) to secure our infrastructure against DDoS attacks and unauthorized scraping.

B. From Government Sources (Investigative Data)

We aggregate data from the public domain to generate our Scorecards. This may include the names, titles, and work contact information of:

  • Federal Employees (e.g., Contracting Officers, Program Managers).
  • Government Contractors and Vendors.
  • Public officials listed in OIG reports or regulatory filings.

Note: We do not knowingly collect or publish the private home addresses or private financial information of government employees unless it has been voluntarily disclosed in a public record (e.g., a financial disclosure form).

4. How We Use Your Data

A. Subscriber Data

We use your data solely to:

  1. Deliver the reports, newsletters, and alerts you requested.
  2. Process payments and manage your account status.
  3. Notify you of changes to federal laws or CFA policies.
  4. We do not sell, rent, or trade Subscriber Data to third parties.

B. Investigative Data

We use public record data to:

  1. Populate the "Agency Scorecards" and "System Watchlists."
  2. Identify waste, fraud, and abuse in federal spending.
  3. Cross-reference regulatory filings (e.g., matching a Contracting Officer to a specific sole-source award).
  4. Publish journalistic reports protected by the First Amendment.

5. Whistleblower & Source Protection

If you are a government employee or contractor submitting evidence:

  • Do not use this website while connected to a Government Furnished Equipment (GFE) device or network (e.g., NIPRNet).
  • Do not submit sensitive documents via standard email or the general "Contact Us" form.
  • Please use our designated Secure Drop methods: Secure Drop.
  • The CFA invokes the Reporter’s Privilege to protect the identity of confidential sources to the fullest extent of the law.

6. Data Sharing & Third Parties

We only share data in the following limited circumstances:

  • Service Providers: We use trusted vendors for hosting (e.g., AWS), email delivery (e.g., SendGrid), and payments. They are contractually bound to protect your data.
  • Legal Compliance: We may disclose data if required by a valid court order. However, we will aggressively challenge any subpoena attempting to unmask our subscribers or sources, relying on the Privacy Protection Act of 1980 (42 U.S.C. § 2000aa).

7. The Journalistic Exception (GDPR/VCDPA/CCPA)

The CFA is a news gathering entity. While we respect privacy rights, Investigative Data (public records regarding government operations) is processed under the Journalistic Exception found in most major privacy laws (including the Virginia Consumer Data Protection Act).

  • We will not honor requests to remove accurate public record information regarding government officials or contractors from our Scorecards, as this would constitute censorship of the public record.
  • We will correct proven factual inaccuracies upon review.

8. Security Measures

We employ a Zero Trust architecture similar to the standards we demand of the government.

  • All data in transit is encrypted via TLS 1.3.
  • Subscriber databases are isolated from our public-facing web servers.
  • Access to subscriber data is restricted to authorized CFA staff with specific job necessities.

9. Your Rights (Subscriber Data Only)

For your personal Subscriber Data, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update your email or payment details.
  • Deletion: Request that we delete your subscriber account. Note: This does not apply to Investigative Data.

10. Contact Us

For privacy inquiries or to report a factual error in a Scorecard:

VARRY LLC doing business as Center for Federal Accountability
Attn: Privacy Officer
8401 MAYLAND DR # 7387
RICHMOND, VA 23294
Phone: (202) 750-1130
Email: privacy@federalaccountability.com