Who We Are
PoliData is operated by Nilote LLC. Contact us at privacy@getpolidata.com for privacy requests and support@getpolidata.com for product support. We act as controller for account data processed through the PoliData service.
Data We Collect
Account records include your name, work email, hashed password, organization, role, default jurisdiction, timezone, and legal consent timestamps. Workspace records may include alerts, watchlists, saved searches, digest preferences, invitation records, notification history, support chat identity details, and operational audit logs. Session records contain token timing and revocation metadata; IP address and user-agent data may appear in request, telemetry, and audit logs for security and reliability, but are not stored directly on user refresh-token rows.
We also process public legislative data about public officials and institutions, including names, roles, party or chamber affiliations, official contact details published by source institutions, votes, bills, and legislative activity.
Why We Process It
- Contract performance: accounts, authentication, alerts, watchlists, and collaboration.
- Legitimate interests: service security, audit logging, abuse prevention, telemetry, product reliability, and civic transparency around public legislative data.
- Legal obligations: tax, accounting, incident response, and GDPR operation records.
- Consent: non-essential marketing analytics or marketing communications where enabled.
Sub-processors
| Provider | Purpose | Data |
|---|---|---|
| Mailjet | Transactional email delivery | Recipient email, subject, delivery metadata |
| Cloudflare | DNS, edge proxy, and security | IP address, request metadata |
| Chatwoot | Workspace support chat | User ID, email, name, organization ID, role |
| Self-hosted LLM service | Summaries, classification, and intelligence features | Legislative text, task prompts, generated output; support content only if a support-chat LLM feature is enabled |
| Stripe | Billing when enabled | Billing contact and payment metadata |
| Google Analytics and Ads | Marketing-site analytics and conversion measurement | Marketing-site usage metadata after consent |
Public-Figure Data
Public-official data comes from sources such as Congress.gov, UK Parliament, Sejm, Tweede Kamer, and European Parliament sources. We process it under legitimate interests for civic transparency and journalistic research. Public officials or their representatives can request correction of inaccurate public data by emailing privacy@getpolidata.com.
Retention
Account data is retained while your account is active. Operational retention policies currently keep email delivery events for 90 days, organization audit logs and admin audit logs for 365 days, notification rows for 180 days, pending email dispatch records for 30 days after send/failure, outbox terminal events for 7 days, and GDPR operation logs for 1095 days. Stale verification and password-reset token hashes are cleared by the scheduled retention job. The self-hosted VictoriaLogs monitoring stack is configured for 30-day log retention.
Your Rights
You can request access, rectification, deletion, restriction, portability, and objection by emailing privacy@getpolidata.com. Signed-in users can also download their account export and request account deletion from Settings. Organization owners must transfer ownership before deleting their own account.