Skip to main content
MYPOLITY
Sign In

Trust & Security

Constituent data is a public trust, not an asset.

When a resident saves their address or answers a survey, that information belongs to them. It exists for one reason: to help their representatives serve them. We treat that as the condition of being allowed to build this at all.

Here is exactly what we do, and do not do, with the data your residents share.

What we promise

We never sell or share it

Constituent data is never sold, licensed, or handed to lobbyists, campaigns, donors, or any commercial interest. There is no version of MyPolity where your residents’ data is a revenue source.

No partisan targeting

The data is never used to target residents by party or belief. Our product is non-partisan by design, and our terms forbid using it for political operations.

Individual data is never shown

Governments see their community in aggregate. No official, on any screen, can pull up an individual resident’s record, demographics, or survey answer.

Sharing is opt-in

Residents choose what they share. Demographic fields are optional, and a resident can use MyPolity to find their representatives without providing any of them.

How we enforce it

Promises are only as good as the system underneath them. These protections are built into the database itself, not just the app, so they hold even if a screen has a bug.

The database decides who sees what

Every record is governed by row-level security. Access is enforced at the data layer: a resident can only ever read their own record, and an official can only ever reach aggregates for their own jurisdiction. The rules are not a checkbox in the interface. They are the gate.

Aggregates have a hard privacy floor

Insights are aggregate-only, and any group too small to be anonymous is suppressed before it ever leaves the database. If a breakdown would point to a handful of identifiable people, it does not render. The floor is enforced in the query, not left to the page.

Roles are separated

A citizen account and a government account are distinct, on purpose, even for the same person. Government access carries no ability to read individual constituent records.

Every civic fact carries its source

Representatives, bills, and elections are stamped with where the information came from and when it was last verified, so residents can check our work and corrections have a path.

We test it the way an attacker would

We run hostile security reviews against our own system, trying to read data we should not be able to reach and to escalate access we should not have. Findings are fixed and verified, and an automated check runs on every release that fails the build if any protected data becomes reachable. Security here is a standing practice, not a one-time audit.

What this means for your government

Your residents’ data stays your residents’. You get a clear, aggregate picture of the community you serve and a direct line to engage them. You do not take on a vendor who treats that community as a list to be sold. That is the whole point.

Questions

Security questions, disclosure, or a request from your IT team? Write hello@mypolity.org. For how we handle data day to day, see our Privacy Policy.