Privacy Policy

Last updated: May 5, 2026

Information We Collect

Account Data

When you create an account — either with an email and password or through an external provider (Google, Facebook, etc.) — we collect:

  • Email address - Used for account identification, login, and essential communications such as password resets and subscription notifications
  • External provider user ID (for external logins) - Used to link your external account to our platform
Vote Privacy: While we store your email for account purposes, vote choice data is stored separately from account identity. With database-only access, a specific user cannot be deterministically joined to a specific option choice.
What we don't import from external providers: When you sign in with Google, Facebook, or Microsoft, we do not pull your name, profile picture, or any other personal information from those providers — only the provider user ID needed to link the login.
What you may upload yourself: Once you reach the rank that allows it, you may voluntarily upload an avatar image. This is the only personal image we store, it is associated with your account, and it is removed when you delete your account.

User-Generated Content

  • Polls you create (questions, options, descriptions)
  • Comments you post on polls

Anonymous Voting Data

Privacy Protection: We use cryptographic proofs and separate participation records from vote-choice records. This lets us prevent double-voting while keeping identity and vote choice unlinkable at the database-record level.

Credit System Information

  • Credit balance and usage history
  • Credits are earned through human verification challenges, not purchased

Verification Attempt Data

  • Verification attempt timestamps and outcomes (success/failure)
  • Time spent on verification challenges
  • Verification step at which failure occurred (if applicable)
Purpose: This data helps us prevent automated abuse, enforce cooldown periods, and ensure fair access to our human verification system. It is not used for tracking or profiling.

What We DON'T Track

  • No general IP address logging - We don't log IP addresses for browsing, voting, or commenting. The only exception is password-reset requests, where the requesting IP is recorded for abuse-prevention and rate limiting (see "Password Reset Audit Data" below)
  • No browser fingerprinting - We don't collect browser or device information
  • No page tracking - We don't monitor which pages you visit or features you use
  • No behavioral analytics - We don't track your usage patterns

Password Reset Audit Data

  • Normalized email the reset was requested for
  • IP address the request originated from (used only for per-IP rate limiting)
  • Timestamp and whether a reset email was actually sent
Purpose: These records exist solely to throttle password-reset abuse and to prevent attackers from enumerating which emails are registered. The data is not used for tracking, profiling, or analytics.

How We Use Your Information

  • Account Management: Creating and maintaining your user account
  • Platform Functionality: Enabling poll creation, anonymous voting, and commenting
  • Bot Prevention: Offering external authentication and requiring human verification challenges to ensure authentic users
  • Credit System: Managing your credit balance and verification history
  • Abuse Prevention: Enforcing verification cooldowns and rate limits to prevent automated abuse
  • Content Moderation: Enforcing our Terms of Service and community guidelines
  • Communication: Responding to support requests and important platform updates

Anonymous Voting System

Our voting system is designed to protect your privacy while preventing fraud:

  • Database-Level Unlinkability: Vote rows contain no user ID, and participation rows contain no selected option. The two tables share no key that would allow joining a user to a choice.
  • Double-Vote Prevention: A separate participation record — user id and poll id only, with no chosen option — is what enforces one vote per user per poll.
  • Tamper-Evidence Receipts: When you vote, the recorded option is bound to a random token via a one-way hash. You receive the token as a receipt and can later check that your vote was preserved unchanged. The hash is not used to identify you and cannot be derived from your account.

Information Sharing

We do not sell, rent, or trade your personal information. We may share information in these limited circumstances:

  • Public Content: Polls and comments you create are publicly visible
  • Legal Requirements: When required by law or to protect our rights
  • Service Providers: With trusted third parties who help operate our platform (hosting, etc.)
  • External Authentication: If you choose to sign in with an external provider, that login is handled by the provider under their own privacy policy

Data Storage and Security

  • Vote Privacy: Vote records are stored without direct user identifiers, and participation is tracked separately so records cannot be directly joined into a user-to-choice mapping
  • Encryption in transit: All traffic between your browser and the site is served over HTTPS
  • Encryption at rest: The database file lives on encrypted disk on the hosting server
  • Vote integrity: Each vote is bound to a random token via a one-way hash so the recorded choice cannot be silently altered
  • Access to data is limited to authorized personnel only
  • We regularly review and update our security measures

Your Rights and Limitations

You have the following rights regarding your data:

  • Access: Request a copy of the data we hold (which is minimal and mostly hashed)
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a machine-readable format (limited due to hashing)

To exercise these rights, please contact us using the email address associated with your account.

Cookies and Sessions

We use essential cookies only to:

  • Keep you signed in to your account
  • Maintain session security
  • Prevent fraud and maintain platform integrity

We do not use tracking cookies, analytics cookies, or advertising cookies.

Third-Party Services

Our platform integrates with third-party services:

  • External Authentication: Google, Facebook, etc. (subject to their privacy policies)
  • Cloud Infrastructure: Hosting and database services

These services have their own privacy policies, which we encourage you to review.

Account Deletion and Data Retention

How to Delete Your Account

To delete your account, navigate to /Identity/Account/Delete . If you experience any trouble with the deletion process, please contact us at .

Important: What Happens When You Delete Your Account

You have the right to delete your account at any time. However, some data cannot be deleted due to technical limitations and legal obligations. Please read this section carefully before creating an account.

Data That Will Be Deleted

  • Login Credentials: Your email address and authentication data will be permanently removed
  • Comments: The text of every comment you have posted is wiped, and the comment is reassigned to "[Deleted User]". Comment rows are kept only as empty placeholders so that other users' replies remain readable in context.
  • Credit Balance and Transaction History: Your remaining credit balance is forfeited and your credit transaction log is deleted
  • Verification History: Your verification attempt logs are deleted

Data That CANNOT Be Deleted

1. Polls You Created

Your polls will remain on the platform but will be anonymized. Poll ownership will be transferred to a "[Deleted User]" placeholder account, removing any link to your identity.

Why: Other users have earned credits through verification challenges to vote and comment on your polls. Deleting them would remove the value of their participation. This is justified under GDPR Article 17 exceptions for contract fulfillment and legitimate interests.

2. Votes You Cast

Your votes will remain in the system as privacy-protected data. This is a privacy feature, not a limitation.

Why: Vote choice records are stored separately from account identity. In database records, there is no direct key that maps your account to a specific option choice.

GDPR Compliance and Legal Basis

Our data retention practices comply with GDPR Article 17 ("Right to be Forgotten"). We retain polls and votes based on the following legal exceptions:

  • Contract Fulfillment (Article 17.1.b): Other users spent earned credits, obtained through verification, to participate in your polls
  • Legitimate Interests (Article 17.1.f): Maintaining poll integrity and community value
  • Freedom of Expression (Article 17.3.a): Polls represent public discourse and opinion
  • Privacy-by-Design: Votes are stored using a separated model that prevents direct user-to-choice joins in database records

Standard Data Retention

  • Account data (email address) is retained while your account is active
  • Deleted content may be retained in backups for a limited time (30 days)
  • Verification attempt logs are retained for the lifetime of the account, for security and abuse prevention. When the account is deleted, those logs are deleted with it.
  • You can request account deletion at any time through Account Settings

Content Moderation

Please note that polls and comments violating our Terms of Service may be removed without prior notification. We reserve the right to moderate content to maintain a safe and respectful community environment.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify users through the platform or via email. Your continued use of our service after changes indicates your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

Email:
Subject: Privacy Policy Inquiry