VoteAlly
VoteAlly platform background
Back to Home

Privacy Policy

How we collect, use, and protect your personal information.

Effective date: February 16, 2026

This Privacy Policy explains how NekoTech Ventures Inc. (DBA VoteAlly) (“VoteAlly,” “we,” “us”) collects, uses, and discloses personal information when you use VoteAlly (the “Service”).

Business address:
7070E Farrell Rd SE, #811
Calgary, AB T2H 0T2
Canada

Privacy contact: [email protected]

For personal information processed in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the Alberta Personal Information Protection Act (PIPA).

1. Roles: When We Are a Controller vs Processor

  • Organization Admin account data: VoteAlly is typically the controller for personal information related to administering your VoteAlly account (e.g., login, billing, security).
  • Voter and election data (Customer Data): The Organization is typically the controller, and VoteAlly acts as a processor/service provider processing that data on the Organization's instructions to provide the Service.

If you are a Voter, your Organization controls how your data is used for the election and is your primary contact for election-specific privacy questions.

2. Information We Collect

A. Visitors (Website / Public Pages)

  • IP address, device and browser information, and basic usage data collected through standard server logs and security tooling (including Cloudflare Turnstile).

B. Organization Admins/Managers

  • Contact info (name, work email), authentication data (hashed password, MFA metadata if enabled, including multi-factor authentication setup data and backup codes stored hashed), email verification tokens for self-service organization registration, and account settings.
  • Billing/plan information and payment processing identifiers (e.g., Stripe customer IDs and transaction references). We do not typically store full card numbers.
  • Organization branding assets (logos) and candidate photos uploaded by Admins, stored in Cloudflare R2.

C. Voters (Provided by an Organization)

  • Identifiers such as name, email, phone number (if used), member ID, eligibility fields, vote weight, and participation status.
  • Delivery-related metadata stored on the voter record when applicable (e.g., email delivery outcomes via Resend webhooks) until purge.

D. Ballots and Vote Data

Ballot selections are not stored in plaintext. We store:

  1. HMAC-SHA256 tally tokens derived from option/candidate IDs (used for counting), and
  2. AES-256-GCM encrypted ballot content for audit recovery, decryptable only using the encryption key held securely in the application environment.
  3. Receipt codes (HMAC-SHA256 hashes) generated for ballot verification provided to Voters.

E. Audit and Security Logs

  • Records of administrative actions and security events (e.g., actor ID, action type, timestamp, IP address, user agent).
  • Important distinction: Within our application audit logs, IP addresses are logged for Admin actions only (for security/audit). Voter actions do NOT log IPs to preserve anonymity. Note that infrastructure providers (e.g., hosting, CDN) may maintain their own logs.
  • Certain identifying elements in audit logs are scrubbed per retention rules (see Section 6).

3. How We Use Information

We use personal information to:

  • provide and operate the Service (create accounts, run Sessions, send invites/ receipts, compute results, export data);
  • secure the Service (access control, fraud prevention, monitoring, abuse prevention);
  • provide customer support and troubleshoot;
  • process billing and manage subscriptions/upgrades; and
  • comply with legal obligations and enforce our Terms.

We do not use Voter data to send marketing messages.

4. Communications

  • Transactional email (e.g., voting links, receipts, admin notifications) is sent as part of the Service via Resend.
  • Marketing email (if enabled in the future) would apply to Organization Admin contacts only and include an unsubscribe mechanism.
  • SMS (planned feature): Organizations must ensure they have the right to provide phone numbers and send SMS. We support messaging opt-out mechanisms where legally required and operationally safe.

Organizations using the Service to send emails to Canadian recipients must obtain express or implied consent as required by Canada's Anti-Spam Legislation (CASL) and distinguish between transactional election notices and marketing communications.

5. Technical Privacy and Security Controls

Ballot Encryption (Confidentiality)

  • Ballots are never stored in plaintext.
  • Counting is performed using opaque HMAC-SHA256 tally tokens derived from an application-scoped secret key.
  • Encrypted ballot content is stored for audit recovery using AES-256-GCM.

Anonymity via Timestamp Decoupling

  • Ballot timestamps are stored at hour-level precision (rounded down to the nearest hour), reducing correlation between participation events and ballot creation.

PII Purge

  • 90 days (default) after a Session ends (based on actual end timestamp, not scheduled end time), an automated job permanently scrubs Voter personal identifiers (name, email, phone, member ID).
  • Organizations may also request early purge for ended Sessions via the Reports dashboard.
  • We may redact identifying information from audit log records while retaining security-relevant metadata (such as action type, timestamp, and administrative actor information).
  • Candidate photos associated with purged Sessions are deleted from Cloudflare R2 during the purge process. Organization logos may be retained while the Organization account remains active.
  • Anonymous participation counts and encrypted ballot/tally records may remain for historical reporting and integrity checks.

6. Retention

  • Voter PII: scrubbed 90 days (default) after Session end, or earlier if the Organization initiates an early purge. Sessions have distinct lifecycle stages: ENDED (voting closed) and ARCHIVED (marked read-only). PII purge countdown starts from the ENDED timestamp.
  • Ballots: retained in encrypted/tally-token form after PII purge for historical tallying and integrity purposes.
  • Admin account data: retained while the account is active; certain records may be retained longer for billing, tax, or legal obligations.
  • Audit/security logs: retained as needed for security and dispute handling, with identifying information scrubbed per the purge mechanism described above.

7. Sharing and Disclosures (Subprocessors)

We share personal information with vendors that help us run the Service. See our Subprocessor List for the complete list, which includes:

  • Hosting and infrastructure (e.g., Vercel for application hosting; Neon for cloud database; Upstash for Redis caching; Cloudflare for R2 storage, caching, and DDoS protection)
  • Email delivery (e.g., Resend)
  • Payments (e.g., Stripe)
  • Error monitoring (e.g., Sentry, configured to minimize personal data before transmission where feasible.)
  • Anti-abuse (e.g., Cloudflare Turnstile)

We share only what is necessary for the vendor to provide its service. We require vendors to protect information and use it only for providing services to us.

8. Platform Administrator Access

VoteAlly platform administrators (Super Admins) may access Customer Data only as reasonably necessary for support, security, and service integrity purposes, subject to confidentiality obligations.

9. International Transfers

Your data may be processed in the United States and other jurisdictions where we or our vendors operate. Where required, we use appropriate safeguards (such as contractual protections) for cross-border transfers.

10. Your Choices and Rights

Organization Admins/Managers

  • You can access and update account details via the dashboard.
  • You can request account deletion; some information may be retained as required by law.

Voters

  • Your Organization is the primary point of contact for access, correction, or deletion requests relating to a specific election.
  • VoteAlly supports early purge (where enabled by the Organization) and automated purge after 90 days (default).

How to Submit Requests

  • Organization Admins/Managers: Email [email protected] with your request.
  • Voters: Contact your Organization first. If your request is not resolved, you may also contact us at [email protected].

11. Cookies and Similar Technologies

We use essential cookies/session storage to operate the Service:

  • admin_session: JWT cookie for admin authentication (HTTP-only, Secure, SameSite=Lax)
  • voter_session: JWT cookie for voter authentication (HTTP-only, Secure, SameSite=Lax)

We may also use local storage and session storage for essential functionality (e.g., session state synchronization across browser tabs).

We do not currently use third-party advertising cookies or behavioral tracking. If we add analytics in the future, we will update this policy and (where required) provide choices.

12. Security

We implement administrative, technical, and physical safeguards designed to protect information, including:

  • Encryption in transit (TLS 1.3)
  • Encryption for ballot content at rest (AES-256-GCM)
  • Access controls and authentication (JWT, MFA)
  • Rate limiting and abuse prevention

No method of transmission or storage is 100% secure.

13. Data Breach Notification

In the event of a data breach that affects personal information, we will provide notification as required by applicable law and our contractual obligations.

14. Children

The Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

15. Changes

We may update this Privacy Policy. If changes are material, we will provide notice (e.g., by email or in-product). The effective date will be updated.

16. Contact

Privacy requests and questions: [email protected]

Legal Documents

Privacy Questions?

Contact our privacy team for any inquiries about our policies.

[email protected]