Acceptable Use Policy

1. Purpose and Scope

This AUP sets forth specific use restrictions for the PTP Commercial API and any data obtained through it ("API Data"). The AUP supplements the API Terms of Service and the Privacy Policy. Any use of the API in violation of this AUP is grounds for warning, suspension, or termination at PTP's sole discretion. PTP is not required to follow a graduated enforcement path before termination, particularly for violations of §§ 3, 4.2, 5, or 7.

---

2. Permitted Use Cases

The PTP API is designed for legitimate use by:

2.1 Journalists and newsrooms

Producing reporting on candidates, elected officials, campaign finance, congressional activity, prediction markets, lobbying, dark money, and related public-interest topics. This includes freelance journalists, small/regional newsrooms, investigative units, and editorial divisions.

2.2 Academic researchers

Studying political behavior, campaign finance, lobbying, legislation, electoral outcomes, voter behavior, prediction markets, regulatory capture, and related topics. Includes faculty, graduate researchers, and undergraduate research under faculty supervision.

2.3 Software developers

Building tools that present public political data to end users in good faith. Includes indie developers, open-source maintainers, hackathon participants, and civic-tech projects.

2.4 Advocacy organizations focused on transparency and process reform

Organizations whose work touches government transparency, civic engagement, and process-level reform that respect non-partisan access to facts. Includes 501(c)(3) nonprofits, 501(c)(4) policy organizations, and academic centers.

2.5 Internal business analysis

Organizations whose work touches public policy, regulatory affairs, government relations, or compliance, where API Data is used for internal analysis and decision-making rather than republished as a primary product.

2.6 Government agencies and oversight bodies

Federal, state, or local government agencies, inspectors general, ethics committees, or similar oversight bodies using API Data in the performance of their official duties.

If you are uncertain whether your intended use is permitted, contact PolTraPro@proton.me before launch.

---

3. § 30111(a)(4) and State-Level Donor Data Use Restrictions

Subscriber may not use the API or any API Data for the purpose of soliciting political contributions or for any commercial purpose that implicates the privacy concerns of 52 U.S.C. § 30111(a)(4), 11 C.F.R. § 104.15, or any analogous state law.

3.1 The federal prohibition

52 U.S.C. § 30111(a)(4) directs the FEC to prohibit copying of FEC report information for the purpose of soliciting contributions or for any commercial purpose. The implementing regulation, 11 C.F.R. § 104.15, prohibits use of "[a]ny information copied, or otherwise obtained, from any report or statement filed under the Act... for the purpose of soliciting contributions or for any commercial purpose, except that the name and address of any political committee may be used to solicit contributions from such committee."

11 C.F.R. § 104.15(b) provides a news/publication exception: "The use of information... in newspapers, magazines, books or other similar communications is permissible as long as the principal purpose of such communications is not to communicate any contributor information... for the purpose of soliciting contributions or for other commercial purposes."

3.2 State-level prohibitions

The following states have enacted parallel commercial-use prohibitions on donor data disclosed under state campaign finance laws. Subscriber may not use the API or API Data in a manner that violates any of these statutes:

3.3 Specific prohibited uses

In particular, Subscriber may not:

• Compile or transfer donor lists for solicitation. Compile, sell, rent, lease, license, or otherwise transfer to any third party a list, database, or extract that includes individual contributor names, addresses, employer information, or similar identifying data, where the principal purpose of the resulting product is to solicit contributions or conduct commercial donor prospecting.

• Send unsolicited fundraising appeals. Use API Data to send unsolicited fundraising appeals, political advertising, or commercial solicitations to individuals identified in FEC or state campaign finance contributor records.

• Build donor-prospecting products. Build or operate a "donor prospecting" product, a "donor matching" service, a "small-dollar fundraising target list," a "predictive donor model," or any analogous commercial product whose primary value derives from identifying potential individual contributors. This includes products marketed to political campaigns, candidate committees, party committees, leadership PACs, super PACs, or 527 organizations.

• Combine for targeted political solicitation. Combine API Data with other databases (commercial mailing lists, voter files, consumer marketing lists, ActBlue/WinRed solicitation lists, etc.) for the purpose of targeted political solicitation, partisan donor prospecting, or building a unified donor-targeting product.

• Resell raw contributor data. Resell API Data or any subset that includes individual contributor names as a primary product to political campaigns, consulting firms, vendors, or fundraising platforms.

3.4 The news/publication exception

The news/publication exception to § 30111(a)(4) recognized by 11 C.F.R. § 104.15(c) permits use of contributor information in journalism, academic publication, books, and similar communications whose principal purpose is not solicitation or commercial activity. Subscriber bears the burden of ensuring its use falls within that exception.

PTP's view of the exception's scope, as a matter of guidance to Subscribers:

• Within the exception: investigative reporting on a candidate's funding sources; academic studies of donor behavior or contribution patterns; books and documentaries about campaign finance; comparative articles on political committees; data visualization journalism; civic-engagement educational materials.
• Outside the exception: any use whose principal purpose is to identify, contact, or solicit contributions from individuals; commercial donor-modeling services sold to fundraising clients; political-campaign vendor products that fundraise off contributor data.

Where there is reasonable doubt about whether a use falls within the exception, Subscriber should consult counsel and may contact PolTraPro@proton.me for guidance.

3.5 State-level news exceptions

The federal news/publication exception applies only to FEC-disclosed federal donor data. State-level prohibitions in § 3.2 may or may not contain analogous news/publication exceptions, and the scope of any state-level exception is determined by state law. Subscriber should not assume that the federal exception covers state-level donor data from the states listed in § 3.2.

---

4. Other Prohibited Uses

Subscriber may not use the API:

4.1 To violate law

• For any purpose that violates federal, state, local, or applicable foreign law.
• To facilitate identity theft, fraud, or any criminal activity.
• In violation of campaign finance law, including FECA and state campaign finance acts.
• In violation of federal or state consumer-protection law, including unfair-or-deceptive-practices statutes.
• In violation of anti-spam law (CAN-SPAM Act, 15 U.S.C. § 7701 et seq.), telemarketing law (Telephone Consumer Protection Act, 47 U.S.C. § 227, and the FTC's Telemarketing Sales Rule), or do-not-call rules.
• In violation of federal or state data privacy law, including CCPA/CPRA, VCDPA, CPA, CTDPA, TDPSA, OCPA, and other state comprehensive privacy laws.
• In violation of election-period restrictions, electioneering disclosure requirements, or political advertising disclosure requirements applicable in any jurisdiction where Subscriber operates.
• To engage in deceptive AI-generated political content prohibited by state law (e.g., California AB 2655, Minnesota's deepfake law) or federal law (TAKE IT DOWN Act and any successor).
• In violation of right of publicity statutes, including Tennessee's ELVIS Act (T.C.A. § 47-25-1101) and California Civ. Code § 3344 (and AB 2602 / AB 1836) regarding AI-generated likenesses.

4.2 To harass, intimidate, stalk, or facilitate violence

• To harass, threaten, intimidate, dox, or stalk any individual identified in API Data, including candidates, officeholders, contributors, family members of any of the foregoing, or staff.
• To publish individual home addresses (where such information appears in API Data due to FEC filing requirements or analogous state requirements) in any manner that could enable harassment, intimidation, stalking, or violence.
• To compile lists targeting individuals for harassment based on political activity.
• To facilitate any threat of violence, swatting, or intimidation.
• To violate "Daniel's Law" (N.J.S.A. 56:8-166.1 et seq.) or analogous state protected-persons disclosure restrictions.
• To violate state anti-stalking, anti-harassment, or doxing statutes.

4.3 To abuse the technical platform

• To circumvent rate limits, including by rotating API keys, distributing requests across multiple accounts, using IP rotation to evade limits, or exploiting any technical mechanism not intended for general use.
• To attempt to access endpoints, data, or accounts not authorized for Subscriber's tier.
• To probe, scan, or test the vulnerability of any PTP system, except as expressly authorized in writing under a coordinated disclosure program.
• To submit malicious payloads, malformed requests intended to crash or corrupt PTP systems, or denial-of-service traffic.
• To attempt to gain unauthorized access to PTP infrastructure, databases, source code, or administrative accounts.
• To exploit any vulnerability for purposes other than coordinated disclosure to PTP.

4.4 To resell or republish in violation of license

• To resell raw API Data as a primary product to third parties (the API is licensed for use, not for resale).
• To republish the joined dataset (the pre-joined combination of finance, votes, trades, revolving door, prediction markets, and other relational joins) as a derivative dataset. Republication of upstream primary-source data is governed by the primary source's own license; the joined-dataset prohibition applies only to PTP's original join product.
• To remove or obscure attribution to PTP or to underlying primary sources.
• To create a "wrapper" service that re-exposes PTP API endpoints under a different brand.
• To circumvent PTP's tier structure by sharing one Subscriber's keys with multiple downstream users.

4.5 To misrepresent

• To misrepresent the accuracy, currency, source, or PTP's editorial positions on any API Data.
• To present API Data in a context that would falsely suggest PTP's endorsement of any candidate, party, organization, or commercial product.
• To use the PTP name, logo, "@PolTraPro" handle, or trademarks in a way that implies an affiliation, sponsorship, or partnership that does not exist.
• To make any statement about PTP, its accuracy, or its methodology that is not supported by PTP's own public methodology disclosures.

4.6 To publish in violation of editorial neutrality (limited application)

The API does not require Subscriber to adopt PTP's editorial posture. Subscriber's downstream use may include partisan analysis, opinion-led commentary, or advocacy. However:

• Subscriber may not represent or imply that PTP itself endorses, supports, or opposes any candidate, party, or position.
• Subscriber may not republish PTP-original editorial content (bios, summaries, MVG narratives) in a way that materially alters its meaning while attributing the altered version to PTP.

---

5. High-Sensitivity Uses (Pre-Launch Approval Required)

The following use cases are not categorically prohibited but require Subscriber to seek written approval from PTP before launch. Submit a description of the intended use to PolTraPro@proton.me at least 30 days before launch:

5.1 Real-time public widgets

Products that publish API Data in real time to a large audience (e.g., a public widget or feed) where source attribution may be obscured or where the consumer cannot easily reach the underlying methodology page.

5.2 Election-targeting products

Products targeting voters in a specific jurisdiction during an active election period (60 days before primary, 90 days before general).

5.3 Automated political messaging

Products that generate automated political messaging at scale (e.g., letters to officials, voter contact campaigns, scripted phone-bank applications).

5.4 Voter-file combination

Products that combine API Data with personal voter-file data for individualized targeting.

5.5 Foreign-government or foreign-state-owned customers

Subscribers that are foreign governments, foreign-state-owned enterprises, or are funded substantially by foreign governments. These uses require pre-launch approval and may require PTP to register or take other compliance steps under FARA or state Baby FARA laws (AR, LA, NE, OK, TX as of 2025). OFAC SDN screening (§ 7.2) applies.

5.6 AI-training corpora

Products that use API Data as part of an AI training corpus for machine-learning models. This is restricted because of the methodology-grounding requirements PTP imposes on its own AI use; uncontrolled training on PTP joined data could propagate errors or detach from source links.

5.7 Aggregation into broader political-intelligence platforms

Products that combine API Data with other political-intelligence data (lobbying contracts, election forecasts, polling, voter file) into a unified intelligence product sold to political clients. Pre-approval required to confirm the use is editorial or analytical, not solicitation-purpose.

PTP may approve, conditionally approve, or decline these uses based on its assessment of legal, editorial, and reputational risk.

---

6. Compliance with Consumer-Protection Laws

If Subscriber's use of API Data includes any communications to individuals (whether identified in API Data or in Subscriber's own customer base), Subscriber must comply with all applicable consumer-protection laws, including:

6.1 CAN-SPAM Act (15 U.S.C. § 7701 et seq.)

• Accurate header information
• Non-deceptive subject lines
• Identification of the message as an advertisement (where applicable)
• Valid postal address
• Clear unsubscribe mechanism that is honored within 10 business days

6.2 Telephone Consumer Protection Act (47 U.S.C. § 227)

• Express written consent for automated text messages and prerecorded calls
• Honor of National Do Not Call Registry and internal DNC lists
• Compliance with state-specific TCPA requirements (e.g., Florida and Oklahoma have stricter TCPA-style statutes)

6.3 State email and telemarketing laws

• Honor state-specific opt-out and disclosure requirements
• Florida CTAA, California Bus. & Prof. Code § 17529 et seq., and other state-specific statutes

6.4 Voter contact regulation

• State voter-contact disclosure requirements
• State campaign-finance reporting requirements where Subscriber's use constitutes "electioneering communications"

---

7. Sanctions, Export Controls, and Foreign-Customer Screening

7.1 Sanctions compliance

Subscriber represents and warrants that:

• Subscriber is not located in, organized under the laws of, or controlled by any country, region, or person subject to comprehensive U.S. sanctions, including those administered by OFAC under the Specially Designated Nationals and Blocked Persons List (SDN List) or any other applicable list.
• Subscriber is not, and is not owned 50% or more by, any person on the SDN List, the Foreign Sanctions Evaders List, or any other applicable sanctions list.
• Subscriber will not use the API or API Data to do business with, or transfer API Data to, any person on the SDN List or in a comprehensively sanctioned jurisdiction.
• Subscriber will not use the API or API Data in any country, region, or transaction subject to U.S. sanctions in violation of those sanctions.

7.2 OFAC SDN screening

PTP reserves the right to:

• Screen Subscriber and Subscriber's affiliates against the OFAC SDN List, the Foreign Sanctions Evaders List, the Sectoral Sanctions Identifications List, the Consolidated Sanctions List, and any other applicable sanctions lists at the time of API key issuance and periodically thereafter.
• Screen the IP addresses making requests to the API for geolocation consistent with comprehensive sanctions jurisdictions, and block requests from such jurisdictions.
• Suspend or terminate API access immediately if any screening returns a positive result, without prior notice.

7.3 Export controls

Subscriber represents and warrants that:

• API Data is not "controlled technology" under the Export Administration Regulations (EAR, 15 C.F.R. Parts 730-774) or the International Traffic in Arms Regulations (ITAR, 22 C.F.R. Parts 120-130).
• Subscriber will not use API Data in any manner that violates U.S. export-control laws.
• Subscriber will not transfer API Data to any restricted person or destination under the EAR, ITAR, or analogous foreign export-control regimes.

7.4 FARA and state Baby FARA

If Subscriber is a foreign government, foreign-state-owned enterprise, foreign political party, or is acting at the direction of any of the foregoing:

• Subscriber must disclose this to PTP at the time of API key issuance.
• Subscriber must comply with the Foreign Agents Registration Act (FARA, 22 U.S.C. § 611 et seq.) and analogous state laws (Arkansas, Louisiana, Nebraska, Oklahoma, Texas as of 2025; Florida SB 700 restrictions for nonprofits; and any subsequent state enactments).
• Subscriber's use of API Data may not include lobbying, political advocacy, or public-relations activity in the United States at the direction of a foreign principal, except in compliance with FARA's registration and disclosure requirements.

---

8. Children's Compliance

Subscriber may not direct the API or any application built on it to children under 13, and must not use the API to collect or process information from children in violation of the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501 et seq.) or analogous state laws.

If Subscriber's product is directed to minors aged 13-17 in jurisdictions with extended minor protections (e.g., California Age-Appropriate Design Code; Connecticut Public Act 23-56), Subscriber must comply with those laws as the responsible party.

---

9. Reporting Violations and Coordinated Disclosure

9.1 Reporting AUP violations

If you become aware of a violation of this AUP — your own, a partner's, or a third-party application's misuse — please report it to PolTraPro@proton.me. Good-faith reports do not create liability for the reporter.

9.2 Reporting security vulnerabilities

PTP supports coordinated disclosure of security vulnerabilities. Reports may be submitted to PolTraPro@proton.me. PTP will:

• Acknowledge receipt of a good-faith vulnerability report within 5 business days
• Investigate and respond with a remediation plan within 30 days
• Credit the reporter publicly upon remediation, unless the reporter requests anonymity
• Not pursue legal action against good-faith security researchers operating under this coordinated disclosure framework

9.3 Whistleblower retaliation prohibited

PTP will not retaliate against any Subscriber, individual, or third party for a good-faith report of AUP violations, regulatory non-compliance, or other wrongdoing related to the API or PTP's operations.

---

10. Enforcement

10.1 Enforcement actions

PTP may at its discretion take any of the following actions for a violation:

• Warn: notify Subscriber of an apparent violation and request correction within a specified time
• Suspend: temporarily disable Subscriber's API keys, with or without prior notice depending on severity
• Terminate: revoke API access permanently and pursue any other remedy available at law or equity
• Report: report the violation to applicable regulatory authorities, law enforcement, or affected third parties
• Refund or non-refund: in the case of a paid Subscriber, retain or refund prepaid fees consistent with the API Terms of Service

PTP is not required to follow a graduated enforcement path before termination, particularly for violations of §§ 3, 4.2, 5, or 7.

10.2 Cooperation with investigations

PTP may cooperate with criminal or regulatory investigations of API misuse, including disclosure of Subscriber identity, contact information, and usage records, consistent with applicable law and PTP's Privacy Policy § 6.2.

10.3 Surviving obligations

The following obligations survive termination of API access:

• Attribution obligations for previously published works
• Confidentiality obligations
• §§ 3, 4.1, 4.2, 4.4, 6, 7 compliance obligations with respect to API Data already received
• Deletion of API Data within 30 days of termination per API ToS § 9.4

---

11. Changes to This AUP

PTP may update this AUP from time to time. Material changes will be communicated to active Subscribers at least 30 days in advance via email and the developer portal. Continued use of the API after the effective date constitutes acceptance.

Non-material changes (clarification, typo correction, contact information updates) may be made without prior notice but will be reflected in the "Last revised" date at the top of this document.

---

12. Contact

Mailing address: Service-of-process address available on written request via PolTraPro@proton.me.