Privacy Policy

Your privacy is fundamental to our mission of secure, anonymous voting

Last Updated: January 28, 2026

Introduction

CharterVote ("we," "our," or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voting platform.

Please read this policy carefully. By using CharterVote, you consent to the data practices described in this policy.

Our Privacy Commitment

As a voting platform, we understand that privacy is not just a feature but a fundamental requirement. Our core commitment is:

  • Vote Anonymity: Once a vote is cast, it cannot be traced back to the voter. This is by design and cannot be overridden.
  • Minimal Data Collection: We collect only the information necessary to operate the Service.
  • No Data Sales: We do not sell, rent, or trade your personal information to third parties.
  • Transparency: We are clear about what data we collect and why.
  • Verifiability: Our enterprise transparency features allow voters to verify their ballot was recorded without compromising anonymity.

Information We Collect

Information You Provide

Administrator Account Information:

  • Name
  • Email address
  • Password (stored securely using bcrypt hashing)
  • Team/organization name

Voter Registration Information:

  • Name
  • Email address
  • Custom field data as configured by election administrators (e.g., membership ID, department)

Election Content:

  • Election titles and descriptions
  • Office names and descriptions
  • Candidate names, bios, and photos

Information Collected Automatically

When you use the Service, we may automatically collect:

  • Log Data: IP address, browser type, pages visited, time and date of visits
  • Device Information: Device type, operating system
  • Cookies: Session cookies necessary for authentication and security
  • Audit Trail Data: Actions performed within the system for security and compliance purposes

Information We Do NOT Collect

We explicitly do NOT collect or store:

  • Any link between a voter's identity and their vote choices
  • Payment information (the Service is free)
  • Social media profiles
  • Location data beyond what is included in IP addresses

How We Use Your Information

We use collected information for the following purposes:

For Administrators

  • Create and manage your account
  • Enable you to create and manage elections
  • Send important notifications about your elections
  • Provide customer support
  • Communicate service updates
  • Generate compliance reports and audit trails

For Voters

  • Process your registration for elections
  • Send your voting token via email
  • Verify your eligibility to vote (by administrators)
  • Prevent duplicate voting
  • Generate ballot receipts for verification purposes

For Service Operations

  • Maintain and improve the Service
  • Monitor for security threats and abuse
  • Analyze usage patterns to improve user experience
  • Comply with legal obligations
  • Maintain tamper-evident audit logs

Vote Anonymity Architecture

CharterVote is designed with vote anonymity as a core architectural principle:

  1. Token Generation: When a voter is approved, a cryptographically secure 64-character token is generated.
  2. Token Delivery: The token is sent to the voter's email address.
  3. Vote Casting: When voting, only the token is used to authenticate. The vote record contains only the token (which is then invalidated) and the vote choices.
  4. No Link: There is no database relationship or log that connects a voter's registration to their vote record.

This means that even we, as the service operators, cannot determine how any individual voted.

Enterprise Transparency and Privacy

CharterVote provides enterprise transparency features that enhance election integrity while preserving voter privacy:

Ballot Receipts

After voting, you receive a ballot receipt code. This code:

  • Is generated using a cryptographic hash of your ballot combined with a random salt
  • Allows you to verify your ballot appears on the public bulletin board
  • Does NOT reveal how you voted
  • Cannot be used by anyone else to determine your vote choices
  • Is designed to prevent vote-selling by making it impossible to prove your choices to a third party

Public Bulletin Board

The public bulletin board displays:

  • Anonymized ballot hashes (not linked to voter identities)
  • Timestamp of when ballots were recorded
  • Election integrity seals (voter roll hash, configuration hash)

The bulletin board does NOT display:

  • Voter names or email addresses
  • How any individual voted
  • Any information that could identify voters

Cryptographic Sealing

When administrators seal voter rolls and election configurations:

  • A SHA-256 hash is computed from the data
  • The hash is a one-way function: the original data cannot be reconstructed from it
  • The hash proves the data existed in a specific state at a specific time
  • Individual voter information is not exposed through the hash

Audit Logs

Our tamper-evident audit log records system actions for security and compliance. The log:

  • Records administrative actions with actor identification
  • Records vote casting events WITHOUT voter identification
  • Uses hash chaining to prevent tampering
  • Is accessible only to authorized administrators

Tally Exports

Administrators can export election data for independent verification. Exports contain:

  • Anonymized ballot records (ballot hashes, not voter identities)
  • Aggregate vote counts
  • Cryptographic hashes for integrity verification

Exports do NOT contain any information linking votes to voters.

Notice Delivery Logging

CharterVote maintains a log of email notifications sent for compliance purposes. This log records:

  • Recipient email address and name
  • Type of notice (e.g., voter approved, voting open, results ready)
  • Delivery timestamp and status
  • Associated election

This information helps organizations demonstrate proper notice was provided to eligible voters, which may be required by organizational bylaws or regulations.

Data Sharing and Disclosure

We do not sell your personal information. We may share information only in these limited circumstances:

With Election Administrators

Administrators can see voter registration information for their elections to verify eligibility. They cannot see how voters voted.

Public Bulletin Board

Anonymized ballot hashes are published on the public bulletin board. This information cannot be used to identify voters or their choices.

Service Providers

We may share information with third-party service providers who assist us in operating the Service, such as:

  • Email delivery services (to send voting tokens)
  • Hosting providers

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Legal Requirements

We may disclose information if required by law, such as in response to a subpoena or court order. However, we cannot disclose vote choices linked to individuals because we do not have that information.

Business Transfers

If CharterVote is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify users of any such change.

Data Retention

We retain data for the following periods:

  • Administrator Accounts: Until you delete your account or we terminate it
  • Election Data: Retained for the duration specified by administrators, or until the team is deleted
  • Voter Registrations: Retained with the election data
  • Vote Records: Retained with the election data (anonymous, not linked to voters)
  • Ballot Receipts: Retained with the election data for verification purposes
  • Audit Logs: Retained for compliance purposes as required by administrators
  • Notice Delivery Logs: Retained with the election data for compliance documentation
  • Log Data: Typically retained for 90 days for security purposes

Data Security

We implement multiple security measures to protect your information:

  • Encryption: All data is transmitted over HTTPS/TLS
  • Password Security: Passwords are hashed using bcrypt with appropriate cost factors
  • Access Controls: Strict access controls limit who can access data
  • Rate Limiting: Protection against brute force attacks
  • Input Validation: All inputs are sanitized to prevent injection attacks
  • Regular Updates: We keep our systems updated with security patches
  • Cryptographic Hashing: SHA-256 hashing for integrity verification
  • Hash Chaining: Tamper-evident audit logs using cryptographic hash chains

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

Access and Correction

You can access and update your account information through your dashboard. Contact us if you need assistance.

Ballot Verification

After voting, you can use your ballot receipt code to verify your ballot was recorded on the public bulletin board. This verification does not reveal your vote choices to anyone.

Account Deletion

Administrators can request account deletion by contacting us. Note that deleting a team will delete all associated elections and data.

Email Communications

You can manage notification preferences in your account settings. Note that some communications (like voting tokens) are essential to the Service and cannot be opted out of.

Cookies

We use only essential cookies for authentication and security. These cannot be disabled while using the Service.

Children's Privacy

CharterVote is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Users

CharterVote is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from your country.

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to request deletion of personal information
  • Right to non-discrimination for exercising these rights

To exercise these rights, contact us using the information below.

European Users (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Our legal basis for processing is consent (when you create an account or register to vote) and legitimate interests (for security and service improvement).

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Thank you for trusting CharterVote with your organization's elections. Your privacy is our priority.