This Privacy Policy explains how Hopstick LLC doing business as (“d/b/a”) Polity ("Polity," "we," "us," or "our") collects, uses, shares, and safeguards personal information when you visit polityinc.com (the "Site"), contact us, or use our consulting and technology services for municipal clients (the "Services").

‍

Quick summary

• We collect only what we need to operate the Site, respond to inquiries, deliver our Services, and meet legal obligations.

• We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

• For most municipal projects, Polity acts as a service provider/processor handling client data under contract and client direction.

• You can request access, correction, or deletion of your information using the instructions below.
‍

Not legal advice. This policy is a general statement of our practices and is not legal advice. Your use of our Site and Services is also governed by any master services agreement (MSA), statement of work (SOW), data processing agreement (DPA), or similar contract we have with you.

1. Who we are & scope

Hopstick LLC d/b/a Polity provides data consulting, automation, and software-agnostic integration services to municipalities and related organizations. This policy covers personal information we process as a controller for the Site and marketing/sales operations, and as a processor/service provider for client-supplied data processed under contract.

‍

Contact:

Email: info@polityinc.com

Mailing address: 417 Cattell Street, Easton, PA 18042

‍

2. Information we collect

We collect the following categories of information:

‍

A. Information you provide directly

• Contact details (name, email, phone, organization, title).

• Communications (messages, support requests, meeting notes).

• Contract and billing details (billing contact, invoicing addresses, tax IDs where applicable).

• Job applications (resume/CV, cover letter, work history).

• Project inputs (field mappings, configuration choices, sample datasets you provide for evaluation).

‍

B. Information we process for clients (“Client Data”)

When municipalities or other clients engage Polity, they may provide datasets (e.g., ERP exports, backups, field mappings, or other records) that can include personal information. We handle Client Data only as instructed by the client and only for the contracted purposes (e.g., migration, transformation, analytics, quality checks). Where applicable, these activities are governed by a DPA or comparable agreement.

‍

C. Information collected automatically (Site)

• Device and usage data (IP address, approximate location, browser type, pages viewed, referring/exit pages, timestamps).

• Cookies and similar technologies for essential functionality and (optionally) analytics. See Cookies below.

D. Information from third parties

• Basic business contact information from lead-generation partners, event registrations, or public sources (e.g., official municipal websites or directories).

• Analytics service providers that help us understand Site usage in aggregate.

‍

3. How we use information

We use personal information to:

• Operate, maintain, and improve the Site and Services.

• Respond to inquiries, schedule meetings, and provide customer support.

• Perform and administer contracts (project planning, execution, quality assurance, delivery, invoicing).

• Configure and operate data processes and automations at your direction.

• Monitor for abuse, security incidents, and fraud; maintain the integrity and availability of systems.

• Comply with legal, regulatory, and tax obligations.

No automated decision-making with legal or similarly significant effects. We do not use personal information to make automated decisions that produce legal effects about individuals.

Legal bases (EEA/UK visitors): consent (where required), performance of a contract, legitimate interests (e.g., Site functionality, communications, security), and compliance with law.

‍

4. How we share information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

We share personal information only with:

• Service providers/sub-processors who perform services on our behalf (e.g., secure hosting, project management tools, analytics, email delivery). These parties may access personal information only to provide services and must protect it per contract. A current list of material sub-processors is available on request.

• Clients (for Client Data): Access and disclosures occur strictly under client control and instructions.

• Professional advisors and auditors under confidentiality obligations.

• Authorities when required to comply with law or protect rights, safety, and security.

• Business transfers: In connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.

‍

5. Cookies & analytics

We use essential cookies to make the Site work and, if enabled, analytics cookies to understand aggregate usage and improve performance.

• Essential cookies: Required for core functionality (e.g., security, load balancing).

• Analytics cookies: Measure traffic and usage patterns. Where required, we request consent before setting these.

Your choices: You can control cookies through your browser settings and, where available, a cookie banner or “Cookie Settings” link on the Site. Blocking some cookies may impact Site functionality. We currently do not respond to “Do Not Track” browser signals.

‍

6. Data retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, including providing Services, complying with our legal obligations, resolving disputes, and enforcing agreements. Client Data is retained per the applicable contract and then securely deleted or returned at the client’s direction.

‍

7. Security

We implement reasonable and appropriate technical and organizational measures designed to protect personal information, including access controls, least-privilege practices, encryption in transit (and at rest where supported), audit logging for sensitive operations, and vendor due diligence. No method of transmission or storage is 100% secure; risks remain.

‍

8. Your privacy rights

Depending on your location, you may have rights to:

• Access the personal information we hold about you.

• Correct inaccurate or incomplete information.

• Delete your information, subject to legal/contractual exceptions.

• Restrict or object to certain processing.

• Port your information to another provider (data portability).

• Withdraw consent where processing is based on consent.

‍

How to exercise your rights:

Email us at info@polityinc.com and describe your request and the nature of your relationship with Polity (e.g., Site visitor, prospective client, municipal client contact). We will verify your identity before fulfilling requests. If your request relates to Client Data that a municipality controls, we may refer you to the relevant client to exercise your rights.
‍

‍

California/US state disclosures:

• We do not sell or share personal information as defined by the California Consumer Privacy Act (CCPA/CPRA).

• We do not use or disclose sensitive personal information for purposes requiring a right to limit.

• You have the right to know, delete, correct, and opt-out of sales/sharing (not applicable as described), and to non-discrimination for exercising your rights.

• Authorized agents may submit requests with appropriate proof of authority.

‍

EEA/UK: You may lodge a complaint with your local supervisory authority; we encourage you to contact us first so we can address your concerns.

‍

9. Client Data (processor/service provider role)

For municipal projects, Hopstick LLC d/b/a Polity typically acts as a processor/service provider:

• Instructions & purpose limitation: We process Client Data only on documented instructions from the client and solely for the contracted purposes (e.g., migration to a new ERP, field mapping, data quality checks, automation).

• Security & confidentiality: We apply appropriate security measures and ensure personnel are bound by confidentiality obligations.

• Sub-processors: We engage vetted sub-processors with written agreements imposing data-protection obligations. A current list is available on request.

• Assistance: We support clients’ obligations regarding data subject requests, security events, and DPIAs, as required by contract.

• Return/Deletion: At the end of the engagement, we return or delete Client Data per contract and client instructions, subject to legal retention requirements.

‍

10. International data transfers

If we transfer personal information internationally (for example, to service providers in other countries), we will do so using appropriate safeguards such as Standard Contractual Clauses (SCCs), UK Addendum/IDTA, and comparable mechanisms as required by law.

‍

11. Children’s privacy

Our Site and Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.

‍

12. Third-party sites and services

The Site may link to third-party websites or services. Their privacy practices are governed by their own policies; we are not responsible for their content or practices.

‍

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice (e.g., a banner on the Site). Your continued use of the Site or Services after an update constitutes acceptance of the revised policy.

‍

14. How to contact us

If you have questions about this policy or our privacy practices, contact us at:

info@polityinc.com

417 Cattell Street, Easton, PA 18042