← Back to District Mapper
North ArrowDistrict Mapper

Data & Privacy Policy

You're trusting us with your constituents' data. Here's exactly what we do with it — in plain language, not legal boilerplate.

Last updated: May 8, 2026

The short version

🔒

Your uploaded constituent data is stored securely, accessible only to your organization, and used for nothing other than the analysis you request. We will never sell it, share it, or use it to train AI models. Ever.

What we store

We collect two categories of data:

  • Account information — your name, organization name, job title, state, and email address. Collected when you sign up. Used to manage your account and communicate with you about the service.
  • Uploaded datasets — the CSV or Excel files you upload, including coordinates, addresses, and any other columns in your file. Stored privately and accessible only to your organization. We do not inspect, analyze, or read your data except to provide the features you use.

We do not use cookies for tracking or advertising. We do not build profiles of your constituents. We do not track individual user behavior beyond what's needed for authentication and basic service operation.

How your data is isolated

Every organization on District Mapper has a unique ID. Your uploaded dataset is stored at a private path keyed to that ID, and every data access requires authentication through your account. No other user — including us — can retrieve your data through the application.

This isolation is enforced at the database level, not just the interface. A request for your data must pass both Clerk authentication and a database check that confirms the requesting user belongs to your organization.

Third-party services that touch your data

We use a small number of reputable third-party services to operate District Mapper. Here's exactly what each one sees:

Handles authentication. Sees your email address, name, and login activity.

Constituent data: No — Clerk never sees your uploaded constituent data.

Hosts the application and stores your uploaded datasets. All data is encrypted in transit (HTTPS) and at rest (AES-256).

Constituent data: Your dataset files are stored on Vercel's infrastructure, but are private and not publicly accessible.

Handles billing and payment processing. Sees your payment information when you subscribe.

Constituent data: No — Stripe never sees your uploaded constituent data. We never see your card details.

Used to convert street addresses into coordinates (geocoding) when you upload an address-based dataset. Addresses are sent to Mapbox's API through our server — your browser never contacts Mapbox directly.

Constituent data: Street addresses are sent to Mapbox during the geocoding step. Per Mapbox's API terms, they do not retain or use geocoded address data submitted via the API.

What we will never do

  • Sell, share, rent, or monetize your constituent data — to anyone, for any price.
  • Access your constituent data for our own analysis, research, or product development.
  • Provide your data to government agencies, law enforcement, or other organizations unless legally compelled and after notifying you (if permitted).

Data retention and deletion

Your uploaded dataset is kept until you delete it or close your account. You can delete your current dataset at any time from the main interface — click the trash icon next to any dataset in the left panel.

Deletion is permanent. When you delete a dataset, it is removed from our servers immediately and cannot be recovered.

To delete your account and all associated data (account info, datasets, billing records), contact charles@north-arrow.org. We will complete the deletion within 30 days.

Security

  • All data is transmitted over HTTPS. Unencrypted connections are not accepted.
  • Uploaded datasets are stored with private access — they are not publicly accessible URLs.
  • Access to your data requires authentication and is scoped to your organization ID.
  • Infrastructure is hosted on Vercel, which maintains SOC 2 Type 2 certification.

If you discover a security vulnerability, please report it to charles@north-arrow.org rather than disclosing it publicly.

Changes to this policy

If we make material changes to how we handle your data, we will notify you by email and update the "last updated" date above. Continued use of the service after a change constitutes acceptance of the revised policy.

Contact

Questions about this policy or your data? Contact Charles at charles@north-arrow.org.

District Mapper is operated by North Arrow, a data visualization consultancy serving nonprofits.