Security contact
Vulnerability reports route through RFC9116 security.txt and the public review packet.
Open security processTrust
Trust starts with what Polis refuses to do.
Privacy, security, deletion receipts, and public evidence make the institution inspectable before it asks citizens to meet.
Accessibility statement
WCAG 2.2 AA is the baseline for public, onboarding, and account surfaces.
Open statementPrivacy policy
GDPR and CCPA rights are treated as product contracts, including a 24-hour deletion clause.
Open policyPrivate by default
Citizen state is not public by default, and public profiles are architecturally denied.
Deletion path
A citizen can exit, receive a deletion receipt, and keep only anonymized aggregate counts behind.
Public evidence
Build and governance evidence is published without exposing private citizen data.