Privacy Policy

PolicyMap – Privacy Statement

We are PolicyMap. Formally, we are PolicyMap, Inc. (“PolicyMap”, “we”, “us” and “our”). Among other things, we provide a data warehouse of over 50,000 indicators to policy makers and researchers, through our state-of-the-art mapping and analytics platform. As part of this effort, we provide our services online, including via the website at https://www.policymap.com (the “PolicyMap Site”), and through our applications, software, APIs, products, and other services (collectively, the “Services”).

Each person or entity who uses our Services is referred to as a “user” or “you” or “your”. This Privacy Statement and our Terms of Use (“Terms”) apply to each user.

This document is our statement of our privacy practices (“Privacy Statement”). Among other things, it explains how we and some of the companies we work with collect, use, share and protect the information you provide to us (“your Content” or “User Content”). The User Content may include any personally-identifiable information, including without limitation name, address, telephone numbers, electronic mail and postal addresses, and other sensitive information that identifies or is uniquely associated with an individual (collectively, “Personal Data”). This Privacy Statement also discusses your choices about the collection, storage and use of your Personal Data.

Any Content that is not Personal Data is referred to as “Non-Personal Data.” Non-Personal Data may include without limitation information about how users use the Services, what Services users select, how users respond to service offerings, how users share information with others, what users say they like and dislike, all of which we aggregate into larger data sets that do not identify individuals (collectively, “Behavioral Data” which is a type of Non-Personal Data).

Please note that this Privacy Statement does not apply to any other websites, mobile applications, or businesses. This Privacy Statement applies to any Personal Data and other Content we collect or process via any means, including via our Services; although the focus of this Privacy Statement is on Content we collect via our Services.

By using our Services, you consent to the collection, transfer, analysis, transformation, storage, disclosure and other uses of your Content, including your Personal Data, as described in this Privacy Statement.

For the purpose of any privacy laws which use the terms “controller” and “processor” with regard to Personal Data, PolicyMap is the “Data Controller”, meaning that PolicyMap is the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data. Our service providers and contractors who process Personal Data are each the “Data Processor”, meaning that they process Personal Data at our direction.

1. Information We Collect

As noted above, we collect Content from you while providing the Services. Some of the Content is Personal Data that we may use to contact you, and which is necessary to provide the Services. Other Content we collect from you includes Behavioral Data and other Non-Personal Data that we aggregate, share, and use to improve our Services, and the services of others.

We collect many different types of information from you, both directly and indirectly.

Information you provide us directly

We may collect the following information from you.

  • Profile information. You may provide us with your name, address and other profile information.
  • Location Information. We may ask for your postal address or your geographic location information, especially if you place an order for Services with us. When you post User Content to our website or to social media, you may provide your location information, including global positioning system (“GPS”) data or other location information embedded in or accompanying the User Content (e.g., in tags or captions).
  • Communications between you and PolicyMap: We may send you emails, SMS or text messages, and other electronic communications for sales and delivery, notices of changes/updates to features of the Services, technical and security notices, and for other purposes. We may collect and store these communications.

Information we gather from your use of our Services

We collect the following information from your use of our Services.

  • Emails. We may save private emails sent to us by users.
  • Social Media. In addition to media that we control, you may post comments, photographs, drawings and other User Content on third party social media, such as YouTube, Facebook, Instagram and X (formerly Twitter), each of which enforces its own terms of use and privacy policy for its service. As noted in the Terms, we may use and copy the User Content you post. More to the point, your User Content may contain Personal Data about you and other people in the form of names, email addresses, and location information. You should also be aware that a photograph or drawing of a person may be Personal Data to the extent the person may be recognized in and identified by the photograph or drawing, and medical or other healthcare information may be gleaned from any medical conditions, disorders or diseases are discussed or portrayed in the User Content, such as dietary restrictions. We may collect and use User Content and the Personal Data contained in the User Content to market our Services.
  • Analytics. We may use third-party analytics tools to help us measure traffic and usage trends and other Non-Personal Data (as that term is defined in our Privacy Statement) for the Services. These tools collect information sent by your device or our Services, including the web pages you visit, add-ons, and other information that assists us in improving our Services. We collect and combine this analytics information with analytics information from other users so that it cannot be used to identify any particular individual user. One of the analytics tools we use is Google Analytics. For more information and steps you can take to control the collection and use of your data, see the “Controlling the Collection and Use of Your Data” section below.
  • Use of Session Replay Tools. We (or our third-party vendors on our behalf) may collect certain categories of personal information from you when you interact with our Services through the use of session replay tools. Session replay is a tool that recreates your sessions from our websites or applications (including visual elements), giving us (or our third-party vendors on our behalf) a better understanding of how you interact with our Services to help maximize the customer’s experience. Session replay tools that we may utilize include, but are not limited to, video-like playback, error tracking integration, application performance monitoring (APM) integration, real user monitoring (RUM) session timeline, and speed controls. Depending on your interaction with our website (for example, chat functionality, submitting a “Contact Us” form, or other interaction), the categories of personal information we may also capture include, but are not limited to, name, organization, phone number, email, mailing address, and other identifiers that you may provide. By interacting with our Services, you are consenting to us (or our third-party vendors on our behalf) capturing any interactions and any information (including personal information) you provide.
  • Metadata. Metadata is usually technical data that is associated with other data, including User Content. For example, metadata can describe how, when and by whom an item of User Content was collected and how that User Content is formatted. PolicyMap may collect and store metadata, including about each user’s public posts on the Services.
  • Log Data. Our servers automatically record information (“log data”) created by your use of the Services. Log Data may include information such as your Internet Protocol (“IP”) address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device identifier, application identifier, and advertising identifier, search terms, and cookie information. We receive log data when you interact with our Services, for example, when you visit our website, sign into our Services or interact with our email notifications. PolicyMap uses log data to review how we provide our Services and to measure, customize, and improve the Services.

2. How We Store Your Information

We currently provide the Services from within the United States, and we store all User Content, including Personal Data, that we currently collect and retain on servers inside the United States.

Certain types of User Content you submit to us might reveal your gender, ethnic origin, nationality, age, religion, sexual orientation, or other Personal Data about you or others.

By using our Services, or by submitting your personal information to us, you consent to the collection, storage, processing and onward transfer of your personal information as stated in the current version of this Privacy Statement and the current version of our other online documents, including the Terms of Use.

3. How We Use Your Information

We share and use your Personal Data in the following circumstances:

  • To provide and maintain the Services, including to monitor the usage of our Services.
  • To manage Your Account: to manage your registration as a user of the Services. The Personal Data You provide can give you access to different functionalities of the Services that are available to you as a registered user.
  • Opt-in with Your Consent. We may ask for your permission to share your Personal Data with other people and organizations outside of PolicyMap, including to provide you with Services. As with any opt-in procedure, you are under no duty to agree to a request that you opt-in.
  • Partners and Affiliates of PolicyMap. We may share your Personal Data with Partners to sell and provide the Services.
  • Cookies.
    • General. Cookies are unique identifiers that we transfer to your device to enable our systems to recognize your device and to provide features and remember your personalization choices. We use cookies to make it easier to access and use our Services. Cookies are also used to display particular Content and to set session identifiers for visitors who voluntarily join user areas.
    • Advertising. If your device permits analytics and advertising cookies, these identifiers can then be used to create a profile of your interests, which allows advertisers to display targeted ads that are more likely to be of interest to the individual. They are also used to limit the number of times an ad is shown and to help measure the effectiveness of advertising campaigns. Targeting cookies can also be used for retargeting, where ads for previously viewed products or services follow the user across different websites. The purpose of targeting cookies is to improve the effectiveness of online advertising by showing users ads that are more aligned with their preferences and interests.
  • Controlling the Collection and Use of Your Data.
    • Cookies. The help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, by changing the add-on’s settings or visiting the website of its manufacturer. Because cookies allow you to take advantage of some of the Services’ essential features, we recommend that you leave them turned on.
    • Global Privacy Control / Do not Track.
      • GPC: We honor general opt-out preference signals on users’ devices, such as Global Privacy Control (GPC). Several state privacy laws require that online platforms implement a “universal opt-out signal” such as GPC. More information about GPC is available at https://globalprivacycontrol.org/.
      • DNT: The “Do Not Track” setting has been found to enable the fingerprinting of user devices, and companies have generally moved away from this standard. Therefore, we do not honor the “Do Not Track” setting on users’ devices.
      • Google. For more information on how to control Google’s collection and use of your data, please visit Google’s page, “How Google uses information from sites or apps that use our services“. Google also provides an opt-out plugin for web browsers, located at: https://tools.google.com/dlpage/gaoptout/.
      • Other Options to Limit Personalized Advertising. The Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA) each enable you to opt-out of receiving personalized advertising in the future from their member organizations. NAI’s opt-out page is located at: https://thenai.org/opt-out/. DAA’s opt-out page is located at: https://optout.aboutads.info/.
  • Opt-out Email or Postal Address. If you supply us with your postal or email address you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not want to receive such mailings, please let us know by sending an email to us at the “opt-out” address, below. We will remove your name from the list we use internally. Opting-out of these emails does not mean we remove your email from our system entirely, because we still retain your email addresses for other purposes.
  • Required by Law. We may access, preserve and share your Personal Data in response to a legal request (like a search warrant, court order or subpoena). We may also access, preserve and share Personal Data when we have a good faith belief that it is necessary to: help to ensure security and integrity generally to the extent that your Personal Data is reasonably necessary and proportionate for those purposes; detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
  • Change of Control. If we sell or otherwise transfer part or the whole of PolicyMap or our assets to another organization (e.g., a merger, acquisition, or reorganization), your Personal Data such as user name and email address, User Content and any other information collected through the Services may be among the items sold or transferred. You will continue to own your User Content, but the license you grant to us in the Terms may be transferred to others at PolicyMap’s sole discretion.
  • Non-Personal Data. We may share Non-Personal Data publicly and with publishers, researchers or connected sites. For example, we may share aggregated Non-Personal Data publicly to show trends about the general use of our Services. Non-Personal Data includes aggregated or collective information about multiple users that does not reflect or reference an individually-identifiable user.
  • Other. In addition to some of the specific uses of information we describe in this Privacy Statement above, we may use Personal Data that we receive to:
    • help you efficiently access your information after you sign in.
    • remember information so you will not have to re-enter it during your visit or the next time you visit the Services.
    • provide personalized Content and information to you and others, which, in the future, could include online ads or other forms of marketing.
    • provide, improve, test, and monitor the effectiveness of our Services.
    • develop and test new products and features.
    • monitor metrics such as total number of visitors, traffic, and demographic patterns.
    • diagnose or fix technology problems.

4. Your Right to Review, Request Changes, and Disclose Personal Data

Where required by applicable laws and regulations, each user may inspect and receive a copy of his or her Personal Data as stored in the Services. In rare circumstances, we may deny a request, and we may provide you with an explanation. If we deny your request, you may request a review by another professional, who will be chosen by PolicyMap, and we will comply with the outcome of the review.

Subject to applicable laws and regulations, the Personal Data you provide to us remains completely under your control. If you believe the Personal Data we have is incorrect or incomplete, you may in writing request an amendment to your Personal Data. We will approve or deny each request, and notify you of our decision. If approved, we will amend the Personal Data. We will also make a reasonable effort to notify people to whom the Personal Data was released. In the case of a denial, we will provide the reason for the denial and instructions on how to appeal.

Any information or User Content that you voluntarily disclose for use of the Services, such as your user name, your Personal Data or other User Content, may become available to the public if you release it to other users or to the general public. Once you have shared your Personal Data or your User Content with other people, or otherwise made it public, that Personal Data and your User Content may be re-shared by others.

5. Changes to this Privacy Statement

We may modify our Privacy Statement from time to time on prior written notice sent to the email address we have for you. For any user who has not provided us with an email address, the revised Privacy Statement will become effective ten (10) calendar days after posting on the Services. If you choose not to be subject to a revised version of this Privacy Statement, then you may terminate your use of our Services.

6. Different Locations, Different Laws

The laws and regulations that address privacy rights and responsibilities (collectively, “Laws”) are different from one to another. Indeed, some of the Laws do or do not apply depending on different factors, including:

  • Location or residence of the user.
  • Location or residence of the individual that is the subject of the Personal Data (“Data Subject”).
  • Location or residence of the person or organization that employs or contracts with the Data Subject.
  • Location of each server or other machine where the Personal Data is received, stored, processed or forwarded to.
  • Location of the relevant office of PolicyMap or any company that processes Personal Data.

Several of the Laws that concern users and PolicyMap are discussed in this Section, but these are not all of the Laws that may apply. In addition, if there is any conflict or ambiguity between the statements made in this Privacy Statement and an applicable Law, then the Law will control.

6.1 Consent to United States Law

All Personal Data and other data provided by users will be stored in the United States under United States law.  Accordingly, United States law will apply to all users.  All users consent to the application of the law of the United States in connection with the Services.

6.2 United States Federal and State Laws

Several of the federal Laws in the United States may apply to the Personal Data collected by us. Congress has passed several federal information privacy and security laws, while each state in the United States has passed and enforces information privacy and security laws that apply to data subjects, data, and businesses resident in that state. Currently, all Personal Data of PolicyMap users is stored on servers and other machines physically located within the United States. From time to time, Personal Data may be moved between servers in the same location or may be moved to a different location. When we receive a verified request by a user, we will provide the user with information required by applicable laws regarding the location and storage of their Personal Data.

6.2.1 Children’s Online Privacy Protection Act (“COPPA”)

Currently, COPPA should not apply to the Services. Each user must be 18 years of age or older. As noted in this Privacy Statement, if we learn any user is under the age of 18 (“Minor User”), or if any parent or guardian contacts us, we will delete all information provided by the individual from our Services. 

Moreover, users of the Services are responsible and liable for compliance under COPPA and are prohibited from collecting, using, and/or disclosing personal information from and about children in connection with the use of the Services, or assisting any third party in doing so. These users may include educational institutions, which are responsible for supervising access to the Services. We do not permit Minor Users to create user accounts, and we do not collect personal information from Minor Users. If you are the parent or guardian of a Minor User, and you become aware that your Minor User has provided us with Personal Data or User Content, please contact us at legal@policymap.com and we will delete the information or User Content.

6.2.2 Your Privacy Rights Under State Laws

This section supplements the information contained elsewhere in our Privacy Statement and applies to all visitors, users, and others (“consumers” or “you”). This notice of privacy rights has been adopted in order to comply with United States state and federal laws, and any terms defined in such laws have the same meaning when used in this notice.

6.2.3 Specific Rights Under State Laws

Under several state privacy and data protection laws, residents of those states may have one or more of the following rights and may exercise these rights free of charge. Since these state laws are generally modeled on the GDPR, the following list mirrors the GDPR section below:

  • Right to lawfulness, fairness and transparency. Requires that we follow these principles when processing your personal information
  • Right to Access. Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • Right to Rectification. Require us to correct any mistakes in your information which we hold
  • Right to Be Forgotten: Require the erasure of personal information concerning you in certain situations
  • Right to Data Portability: Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • Right to Object to Direct Marketing: Object at any time to processing of personal information concerning you for direct marketing
  • Right to Object to Automated Individual Decision Making: Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • Right to Restriction of Processing:
    • Object in certain other situations to our continued processing of your personal information
    • Otherwise restrict our processing of your personal information in certain circumstances

You may also have the right to claim compensation for damages caused by our breach of any data protection laws.

6.2.4 Rights Regarding Sensitive Data

Under state laws, you may have the right to opt-out of our processing Sensitive Personal Data, or the right to prevent our processing your Sensitive Personal Data without your affirmative consent. We do not request or intentionally collect Sensitive Personal Data, but it is possible for a user to provide it in a contact form or otherwise.

“Sensitive Personal Data” is defined differently by each state, but generally includes Personal Data relating to one or more of the following categories:

  • Social security, driver’s license, state identification card, or passport number.
  • Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
  • Precise geolocation.
  • Racial or ethnic origin, religious or philosophical beliefs, or union membership.
  • Genetic data.
  • Biometric and health information.
  • Information regarding a consumer’s sex life or sexual orientation.
  • Citizenship or immigration status
  • Personal Data regarding a known Minor User.

6.2.5 California

6.2.5.1 Disclosure of Personal Data to Third Party for Direct Marketing

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Data by us to third parties for the third parties’ direct marketing purposes. To make such a request, see the section “How to Exercise Your Rights,” below.

  • Pursuant to California Civil Code Section 1798.83(c)(2), we do not share users’ Personal Data with affiliate companies or others outside PolicyMap for those parties’ direct marketing use, if a user has exercised an option that prevents that information from being disclosed to third parties for those purposes.

6.2.5.2 Rights of Minors

As stated in the section titled “Children’s Online Privacy Protection Act (“COPPA”)”, minors are not permitted to register to use the Services. However, if you are under the age of 18, and a registered user of any site where this Privacy Statement is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. Also, if you are a minor 16 years of age or older (whether you’re a registered user or not), you have the right to opt-out from the collection and sale of your Personal Data. To make such a request, please send an email or letter with a detailed description of the specific content or information to the addresses provided in the section below titled “How to Exercise Your Rights.” Please be aware that such a request does not ensure complete or comprehensive removal of the Content or information you have posted and that there may be circumstances in which the law does not require or allow removal, even if requested.

6.3 Your Rights under the GDPR and UKDPA

If you are covered by the GDPR or by the United Kingdom Data Protection Act 2018 (“UKDPA”), you may have a number of important rights. In summary, those include:

  • Right to lawfulness, fairness and transparency. Requires that we follow these principles when processing your personal information
  • Right to Access. Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • Right to Rectification. Require us to correct any mistakes in your information which we hold
  • Right to Be Forgotten: Require the erasure of personal information concerning you in certain situations
  • Right to Data Portability: Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • Right to Object to Direct Marketing: Object at any time to processing of personal information concerning you for direct marketing
  • Right to Object to Automated Individual Decision Making: Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • Right to Restriction of Processing:
    • Object in certain other situations to our continued processing of your personal information
    • Otherwise restrict our processing of your personal information in certain circumstances

You may also have the right to claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation, available at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

If you would like to exercise any of those rights, please:

  • Email, call, or write to us
  • Provide us enough information to identify you: account number, user name, registration details, order number
  • Provide us proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill)
  • Provide us with the information to which your request relates including any account or reference numbers, if you have them

If you make requests which are manifestly unfounded or excessive, we may charge a reasonable fee based on administrative costs, or may refuse to act on the request.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. The EU maintains a website which you may use to locate your supervisory authority, at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

6.4 Use and Transfer of Your Information Out of the EEA

The Services are operated in the United States and third parties with whom we might share your personal information as explained above are located in the United States. If you are located in the European Economic Area (“EEA”) or elsewhere outside of the United States, please be aware that any information you provide will be transferred to the United States. By using the Services, participating in any of its services or providing your information, you consent to this transfer.

The United States and many other countries do not have the same data protection laws as the United Kingdom and EEA. While the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, if you live in the EEA or the United Kingdom, any transfer of your personal information will be subject to the derogation in Article 49 permitting non-repetitive transfers that concern only a limited number of data subjects, as permitted by Article 49 of the GDPR that is designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your Personal Data. If you would like further information, see “Contact Us” below.

7. Use of Email Addresses and Other Contact Information

We collect the email addresses of those who voluntarily provide them to us. You may receive subscription, editorial and other messages from the Services or from us. If you do not want to receive email from us in the future, please let us know at legal@policymap.com.

8. How to Exercise Your Rights

If you would like to exercise any of your rights as described in this Privacy Statement, please:

  • Complete a data subject request form available on our website;
  • Email us at legal@policymap.com; or
  • Write to us at “Attn: Privacy, PolicyMap, Inc., 109 S. 13th Street, Unit 3N, Philadelphia, PA  19107.”

9. Verifying Your Identity

If you choose to contact us directly, you will need to provide us with:

  • Enough information to identify you (e.g., your full name, address and customer or matter reference number);
  • Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
  • A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

Any Personal Data we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

10. Contact Us

If you have questions or concerns about this Privacy Statement, please contact us online at legal@policymap.com, or by postal mail addressed to: Attn: Privacy, PolicyMap, Inc., 109 S. 13th Street, Unit 3N, Philadelphia, PA  19107.

11. Revision Date and History

This Privacy Statement was last revised: 9/26/2024.

Prior versions of this Privacy Statement are listed below:

  • 11/1/2017.