Every record in PoliAPI is traceable to a source we are legally entitled to use. Here is the hierarchy we apply, in order, before anything reaches the API.
// sourcing hierarchy
In strict order of preference.
Tier 1 · Official bulk feed
Secretary of State CSV/XML downloads, county clerk endpoints, published change feeds.
Tier 2 · FOIA / public-records request
Standing requests on a quarterly cadence. We pay fees and publish the request log.
Tier 3 · Authorized API key
Where the agency offers credentialed access we register and respect quota.
Tier 4 · Robots-compliant scrape
Public, non-authwalled HTML, published User-Agent, throttled to 1 req/sec/host.
Tier 5 · Partner / licensed feed
Where we have an explicit commercial agreement, attributed in the response payload.
// CFAA defense
Why our scraping is lawful.
hiQ v. LinkedIn (9th Cir. 2022)
Scraping public, non-authwalled pages is not 'unauthorized access' under the CFAA.
Van Buren v. United States (2021)
Narrowed CFAA scope to gated systems. We never bypass auth, captchas, or rate limiters.
robots.txt + ToS review
Reviewed quarterly by counsel. Disallowed hosts removed from the crawl set within 24h.
Takedown response
Verified requests actioned within 72 hours. Public log at /trust/takedowns.
// FOIA workflow
Standing requests, quarterly cadence.
· 51 standing FOIA requests across all SoS offices