Privacy Policy

We are committed to protecting your privacy and ensuring the security of your data. Learn how we handle information when you use TapVoter for your elections.

Secure Data
Voter Privacy
Access Control
Data Protection

Privacy Policy

Effective Date: February 9, 2026

This privacy policy explains how we collect, use, and protect your information when using TapVoter.

1.Information We Collect

We collect and process the following types of information:

Administrator Account Data:

  • Email address and authentication credentials (via BetterAuth)
  • Google OAuth profile data (name, email, profile image — if signing in with Google)
  • Email verification status (verified via one-time password)
  • Account creation and last login timestamps
  • Organization name and timezone preference
  • Email notification preferences (6 configurable categories)

Election Configuration:

  • Election names, descriptions, and organization names
  • Start and end dates/times with timezone settings
  • Voting method (Direct, Ranked Choice, STAR, Approval, or Multi-Winner)
  • Position titles and candidate information
  • Candidate photos (automatically compressed with thumbnail generation)
  • Custom branding (logos, colors, fonts)
  • Language settings (30 languages) and custom label overrides
  • Draft elections (auto-saved during creation)

Voter Data:

  • Voter keys stored as HMAC SHA-256 hashes (original keys never stored)
  • Optional voter names and emails (if provided via CSV import)
  • Voter key usage status and timestamp when used
  • Vote records (stored anonymously, linked only to hashed voter keys)
  • Receipt IDs for vote verification

Technical and Session Data:

  • Browser timezone for accurate election and poll scheduling
  • Session tokens (2-hour TTL, 30-minute sliding window, stored in Cloudflare KV)
  • IP addresses for rate limiting (stored in Cloudflare KV with 60-second TTL)
  • CSRF tokens for voting session security
  • Altcha proof-of-work challenge responses (not stored after verification)
  • Cloudflare Turnstile tokens for poll vote verification (not stored after verification)
  • User-Agent strings for poll device analytics (stored with votes, aggregated only)
  • Temporary file uploads during election/poll creation

Third-Party Services Data:

  • Google Analytics (usage patterns and performance monitoring)
  • Cloudflare (Workers runtime, CDN logs, DDoS protection metrics)
  • Cloudflare Turnstile (bot detection tokens for poll votes)
  • Altcha (self-hosted proof-of-work verification for auth endpoints — no third-party data sharing)
  • Polar.sh (subscription billing — payment details handled by Polar as merchant of record)
  • Resend (transactional email delivery — email addresses shared for delivery only)

2.How We Use Your Information

Your information is used for the following purposes:

  • Providing and managing the TapVoter platform
  • Authentication and security verification
  • Preventing duplicate voting through access code validation
  • Generating anonymous election results and statistics
  • System monitoring and fraud prevention

3.Data Security

We implement multiple layers of security to protect your data:

Authentication & Access Control

  • BetterAuth: Session-based authentication with Google OAuth and email OTP
  • Altcha CAPTCHA: Self-hosted proof-of-work verification on login, registration, and contact forms — privacy-first with no Google dependencies
  • Cloudflare Turnstile: Bot detection on poll vote submissions
  • Ownership Enforcement: Every data access method verifies the requesting user owns the resource
  • Session Security: 2-hour TTL with 30-minute sliding window, stored in Cloudflare KV

Vote & Data Protection

  • Voter Key Security: HMAC SHA-256 hashing with secret salt — original keys never stored
  • Vote Privacy: Votes stored anonymously, separated from voter identities
  • Encryption: All data encrypted in transit (HTTPS/TLS with HSTS preload) and at rest
  • Attack Prevention: Constant-time comparison to prevent timing attacks on voter keys and passcodes
  • Double-Vote Prevention: Atomic database operations with conditional writes ensure each key can only vote once
  • One-Time Keys: Voter keys expire with the election and cannot be reused

Infrastructure Security

  • Rate Limiting: KV-based sliding-window rate limiting on all critical endpoints (5-30 requests/minute depending on endpoint)
  • Input Validation: Zod schema validation on all API endpoints — malformed payloads rejected before processing
  • Content Security Policy: Strict CSP headers preventing XSS, clickjacking, and content injection
  • Security Headers: HSTS (2-year max-age with preload), X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy
  • CSV Safety: All CSV exports sanitized against formula injection
  • File Security: Upload validation (5MB limit, type checks, path traversal prevention)
  • Automatic Cleanup: Regular removal of orphaned data, temporary files, and expired sessions

Ongoing Security

TapVoter has undergone 15 rounds of security audits covering voting algorithm integrity, ownership enforcement, input validation, rate limiting, authentication, CAPTCHA verification, and data privacy. We continuously monitor for vulnerabilities and apply fixes promptly.

4.Data Storage and Retention

We store your data securely with the following retention practices:

  • Election Data: Automatically deleted 90 days after the election ends
  • Free-Tier Poll Data: Automatically deleted 90 days after the poll ends
  • Voter Keys: Deleted along with election data after 90 days
  • Vote Records: Deleted along with election/poll data after 90 days
  • Uploaded Images: Deleted along with election/poll data after 90 days
  • Draft Elections: Auto-saved with no automatic deletion
  • Session Data: Automatic expiration after period of inactivity
  • Rate Limit Data: Stored in memory only, cleared after 1 minute
  • Activity Logs: Currently retained indefinitely for security auditing
  • Temporary Files: Automatically cleaned up after successful operations
Automatic Deletion for Privacy:

To protect your privacy and ensure data minimization, all election data and free-tier poll data is automatically and permanently deleted 90 days after it ends. This includes all votes, voter information, and uploaded files. A countdown timer is displayed on your dashboard as elections approach the 90-day expiry. Please export any data you wish to keep before this time.

Important:

Election administrators should export election results and any important data before the 90-day expiry. Deleted data cannot be recovered.

5.Third-Party Services

We use the following third-party services to operate TapVoter:

  • Cloudflare: Workers runtime, D1 database, R2 object storage, KV session store, CDN, DDoS protection, and Turnstile bot detection
  • Polar.sh: Merchant of record for Polls Pro subscriptions — handles payment processing, billing, and tax compliance
  • Google Analytics: Usage analytics and performance monitoring
  • Resend: Transactional email delivery (election reminders, poll digests, weekly summaries)
  • Altcha: Self-hosted proof-of-work CAPTCHA — challenges generated and verified on our own servers with no third-party data sharing
International Data Transfers:

Your data is stored in Cloudflare's global infrastructure. Data may be processed through Cloudflare's network for performance and security. By using TapVoter, you consent to these international data transfers.

6.Voter Privacy

We maintain voter privacy through:

  • Anonymous vote storage separate from voter identities
  • One-time use access codes for vote verification
  • Limited administrator access to voting data
  • Aggregate-only results display
Important Note:

While administrators can see who has participated in an election, they cannot see how individual voters voted. This ensures vote privacy while maintaining election integrity.

7.Your Rights

As a user, you have the right to:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion of your account
  • Receive information about how your data is processed
  • Opt-out of non-essential data collection
  • Export your data in a portable format

8.Data Export & Portability

TapVoter provides data export functionality that allows you to download your information:

What's Included in Your Export:

  • Election results with vote totals (CSV format)
  • Voter participation data (CSV format)
  • Audit log and transparency records (CSV format)
  • Official Election Reports (printable)
  • Poll results and analytics

What's Protected and Not Exported:

  • Individual voter keys (for security)
  • Individual vote records (for privacy)
  • Voter email addresses and identities
  • Detailed voting patterns or preferences
  • Any data that could compromise vote anonymity
How to Export Your Data:

On app.tapvoter.com: Access your election or poll command center to export results, voter data, and audit logs in CSV format. Official Election Reports are available as printable documents.

9.Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remember user preferences
  • Analytics (with user consent)

You can control cookie settings through your browser preferences.

10.Legacy Platform

Legacy Platform Sunset:

The legacy TapVoter platform (tapvoter.com) for elections created before 2026 will remain accessible until March 31, 2026. After this date, the legacy platform will be decommissioned and all remaining data will be deleted.

The legacy platform uses different technology (Firebase Authentication, Firestore, Firebase Hosting) with its own data handling practices. Data on the legacy platform is subject to:

  • Firebase's security and storage infrastructure
  • Google reCAPTCHA v3 for bot protection
  • The same privacy principles outlined in this policy
  • Complete deletion upon platform decommission (March 31, 2026)

Users are encouraged to migrate to app.tapvoter.com for continued access and enhanced security features.

11.Changes to This Policy

We may update this privacy policy periodically. Significant changes will be communicated through:

  • Notifications on the TapVoter platform
  • Email notifications to registered administrators
  • Updates to the effective date of this policy

12.Contact Information

For privacy-related questions or concerns, contact us at:

Last updated: February 9, 2026 | Version 3.0

Questions About Privacy?

If you have any questions or concerns about our privacy policy or how we handle your data, please don't hesitate to contact us.

Contact Support