Privacy Policy

We collect and process the following types of information:

Your information is used for the following purposes:

• Providing and managing the TapVoter platform
• Authentication and security verification
• Preventing duplicate voting through access code validation
• Generating anonymous election results and statistics
• System monitoring and fraud prevention

We implement multiple security measures to protect your data:

• Voter Key Security: HMAC SHA-256 hashing with secret salt, original keys never stored
• Authentication: Firebase Authentication with secure password hashing (scrypt)
• Encryption: All data encrypted in transit (HTTPS/TLS) and at rest in Firebase
• Vote Privacy: Votes stored anonymously, separated from voter identities
• Session Security: Firebase-managed tokens with automatic expiration
• Attack Prevention: Constant-time comparison to prevent timing attacks
• Rate Limiting: 10 requests/minute on election status checks, memory-based tracking
• CSRF Protection: Token validation for all voting sessions
• Bot Protection: Google reCAPTCHA v3 integration
• Input Sanitization: All user inputs validated and sanitized
• File Security: Upload validation for type and size limits
• Failed Auth Delays: Random delays (0.5-1.5 seconds) on authentication failures
• One-Time Keys: Voter keys expire with election and cannot be reused
• Database Rules: Firebase Security Rules enforce granular access control
• Automatic Cleanup: Regular removal of orphaned data and temporary files

We store your data securely with the following retention practices:

• Election Data: Retained indefinitely until manually deleted by the administrator
• Voter Keys: Stored as hashes indefinitely (even after election ends)
• Vote Records: Permanently retained for audit and integrity purposes
• Uploaded Images: Stored in Firebase Storage until the election is deleted
• Draft Elections: Auto-saved with no automatic deletion
• Session Data: Firebase handles expiration (typically 1 hour of inactivity)
• Rate Limit Data: Stored in memory only, cleared after 1 minute
• Activity Logs: Currently retained indefinitely for security auditing
• Temporary Files: Automatically cleaned up after successful operations

We use the following third-party services to operate TapVoter:

• Firebase (Google Cloud): Authentication, Firestore database, Storage, and Hosting
• Google Analytics: Usage analytics and performance monitoring
• Google reCAPTCHA v3: Bot detection and prevention
• Cloudflare: Global CDN, DDoS protection, and Workers for email processing
• Google AdSense: Display advertising to keep the service free
• Resend: Transactional email delivery (when configured)

We maintain voter privacy through:

• Anonymous vote storage separate from voter identities
• One-time use access codes for vote verification
• Limited administrator access to voting data
• Aggregate-only results display

As a user, you have the right to:

• Access your personal information
• Request correction of inaccurate data
• Request deletion of your account
• Receive information about how your data is processed
• Opt-out of non-essential data collection
• Export your data in a portable format

TapVoter provides data export functionality that allows you to download your information:

We use cookies and similar technologies for:

• Authentication and session management
• Security and fraud prevention
• Remember user preferences
• Analytics (with user consent)

You can control cookie settings through your browser preferences.

We may update this privacy policy periodically. Significant changes will be communicated through:

• Notifications on the TapVoter platform
• Email notifications to registered administrators
• Updates to the effective date of this policy

For privacy-related questions or concerns, contact us at:

• Email: Contact Support
• Website: https://tapvoter.com