1. VERIFY
  2. VOTE
  3. RESULTS
Sign in
Legal

Privacy Policy

Last updated: 2026-05-08 · Effective: 2026-05-08

Vote For CM ("we", "us", "our", or the "Service") respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have. Read it carefully. By using the Service you confirm that you have read and accepted this Policy and our Terms of Service.

1. Who we are (Data Fiduciary)

Vote For CM is operated by an independent civic-engagement project ("the Operator"), reachable at hello@voteforcm.com. For the purposes of the Digital Personal Data Protection Act, 2023 (DPDPA, India) we act as a Data Fiduciary. For users in the European Economic Area or the United Kingdom, we act as a Data Controller under the GDPR / UK GDPR.

2. Scope

This Policy applies to the website at voteforcm.com, all subdomains, and any related interfaces (collectively, the "Service"). It does not apply to third-party websites or services that we link to but do not operate.

3. What we collect

3.1 Account data (from Google sign-in)

When you sign in with Google we receive and store the following from your Google profile:

  • Your Google account ID (a stable unique identifier).
  • Your verified email address.
  • Your display name.
  • Your profile picture URL (used only for display).

We do not request access to your contacts, calendar, files, location, or any other Google data.

3.2 Vote data

When you cast a vote we additionally store:

  • The candidate identifier you selected.
  • The Unix timestamp of your vote.
  • A SHA-256 hash of the IP address that submitted the vote.
  • A SHA-256 hash of the User-Agent string of the browser that submitted the vote.

The raw IP address and the raw User-Agent string are not persisted in our database. Only their irreversible hashes are kept, and only for the limited audit purpose described in section 4.

3.3 Technical / log data

Our infrastructure provider (Cloudflare) automatically processes standard request metadata (IP address, request headers, response status, geo-region inferred from IP) to operate, secure, and protect the Service against abuse. These logs are retained by Cloudflare under their own policies and are not joined to our user database. See Cloudflare's privacy policy.

3.4 Sensitive personal data

We do not intentionally collect any sensitive personal data, including biometric data, financial account information, government-issued identification numbers, health data, or political-party membership. Do not submit such data through the Service.

3.5 Children

The Service is not directed to anyone under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to the Service, contact us at hello@voteforcm.com and we will delete it.

4. How we use your data

We process your data only for the following specific purposes:

  • Identity and integrity. To verify that each ballot represents a distinct, real person and to enforce the one-vote-per-person rule.
  • Service operation. To display your current vote status to you, render the leaderboard, and keep you signed in.
  • Security & abuse prevention. To detect and respond to bot activity, ballot-stuffing, account-farming, and similar abuse using the hashed IP/UA signals and Cloudflare Turnstile.
  • Audit. To allow internal review of suspicious patterns and to respond to lawful inquiries from competent authorities.
  • Legal compliance. To comply with applicable law, regulation, or a binding order from a competent court or authority.

5. Legal bases for processing

We process your data on the following legal bases:

  • Your consent under the DPDPA (India), GDPR Art. 6(1)(a), and UK GDPR — given when you sign in and cast a vote.
  • Legitimate interest (GDPR Art. 6(1)(f)) — for security, fraud prevention, and the integrity of the poll.
  • Legal obligation (GDPR Art. 6(1)(c)) — when responding to lawful authority requests.

You may withdraw consent at any time by deleting your account (see section 9).

6. Cookies and tracking

We set a single first-party cookie named vfc_session to keep you signed in. It is HttpOnly, Secure, and SameSite=Lax. We also briefly set a short-lived cookie vfc_oauth_state during sign-in to prevent CSRF attacks; it expires automatically.

We do not use any third-party cookies, advertising cookies, analytics cookies, or cross-site tracking technology of any kind. We do not run Google Analytics, Meta Pixel, Hotjar, or similar tools.

7. Third-party services we rely on

  • Google OAuth 2.0 — for sign-in. We send Google standard OAuth requests; Google sends us your verified profile fields. See Google's Privacy Policy.
  • Cloudflare — hosts the application, the database (D1), the leaderboard cache (KV), and provides the Turnstile bot check. See Cloudflare's Privacy Policy.

We have no other sub-processors. We do not sell, rent, or trade your personal data with third parties for any purpose.

8. International data transfers

Cloudflare and Google operate globally. Your data may be processed at edge locations outside your country of residence (for EEA users, this may include transfers to the United States and other jurisdictions). Where required, these providers use Standard Contractual Clauses or equivalent safeguards. By using the Service you acknowledge and consent to such international transfers.

9. Your rights

Depending on your jurisdiction, you have some or all of the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate data.
  • Erasure / "right to be forgotten" — request deletion of your account and associated data.
  • Restriction / objection — ask us to limit processing in certain cases.
  • Portability — request your data in a machine-readable format.
  • Withdraw consent — at any time, with effect for the future.
  • Lodge a complaint — with your local data-protection authority (e.g., the Data Protection Board of India, ICO in the UK, or your EEA supervisory authority).

Note: deleting your account also deletes your vote from the tally. We cannot anonymise the vote separately from the account because the user-id is the unique identifier that prevents duplicate voting. To exercise any of these rights, email hello@voteforcm.com from the email address registered on your account. We will respond within 30 days, or sooner where required by law.

10. Data retention

  • Account record + vote — retained for the duration the poll is publicly active and for up to 90 days afterwards for audit.
  • Hashed IP / UA — retained alongside the vote, deleted at the same time.
  • Session cookies — up to 30 days; cleared on logout.
  • Cloudflare logs — governed by Cloudflare's own retention windows (typically days).

You may request deletion at any time, which we will perform within 30 days of a verified request unless retention is required by law.

11. Security

We use industry-standard technical and organisational measures to protect your data: transport over HTTPS only, HttpOnly + Secure cookies, server-side session validation via signed JWTs, hashed audit fields, principle-of-least-privilege access to the database, and Cloudflare's edge security stack including DDoS mitigation, WAF, and Turnstile bot scoring.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

12. Data breach notification

If we become aware of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected users without undue delay and in any event within the timeframes mandated by applicable law (72 hours under GDPR; reasonable timeframes under DPDPA).

13. No tracking, no profiling, no advertising

We do not build profiles of users, do not run targeted advertising, do not perform cross-site or cross-device tracking, and do not use any automated decision-making that produces legal or similarly significant effects on users.

14. Grievance Officer (DPDPA, India)

If you are an Indian data principal and have a grievance regarding our processing of your personal data, you may contact our Grievance Officer:

We will acknowledge your grievance within seven (7) days and resolve it within thirty (30) days. If unresolved, you may escalate to the Data Protection Board of India.

15. Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of the page and, where required, by direct notice to registered users. Continued use of the Service after a change constitutes acceptance of the revised Policy.

16. Contact

For privacy questions, requests, or complaints, contact us at hello@voteforcm.com. Please include enough detail (your registered email, nature of the request) to allow us to respond.