Privacy & Cookies Policy
Last updated: 10 April 2026
1. Introduction
PollsCafe ("we", "us", "our") is committed to protecting your personal data. This policy explains how we collect, use, store, and protect your information when you use our website, mobile application, API, or participate in polls via SMS.
By using our platform, you acknowledge that you have read and understood this policy. If you do not agree with our practices, please do not use our services.
2. Data Controller
PollsCafe is the data controller responsible for your personal data. For any questions about this policy or your data, contact us at privacy@pollscafe.com.
3. Personal Data We Collect
3.1 Account Registration
When you create an account, we collect:
- Name, email address, and phone number
- Password (stored as a cryptographic hash — we never store your actual password)
- Account verification data (email verification tokens, SMS passcodes)
3.2 Demographic Information
To ensure representative polling results, we may ask you to provide:
- Age, gender, location (county/region)
- Education level, employment status, income bracket
- Other demographic attributes relevant to polling accuracy
Providing demographic information is voluntary but may affect which polls you are eligible to participate in.
3.3 Poll Responses
When you participate in polls, we collect:
- Your answers to poll questions
- Timestamp and duration of your response
- The poll and article context in which you responded
3.4 Device & Technical Data
We automatically collect:
- Device fingerprint data (browser type, screen resolution, installed fonts, and similar technical attributes) for fraud prevention
- IP address and approximate geolocation
- Push notification tokens (if you enable notifications on our mobile app)
- Session data and authentication tokens
3.5 SMS Participation
If you participate in polls via SMS, we collect your phone number, message content, and session data through our SMS gateway provider.
3.6 Business Users
If you register as a business user, we additionally collect your organisation name, business contact details, and payment information processed securely through Stripe.
4. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Poll participation and results aggregation | Contract performance |
| Points, reputation, and rewards management | Contract performance |
| Demographic analysis of poll results | Legitimate interest |
| Fraud detection and prevention | Legitimate interest |
| Platform security and abuse prevention | Legitimate interest |
| Service communications (verification, password resets) | Contract performance |
| Payment processing for business users | Contract performance |
| Analytics and service improvement | Legitimate interest |
5. Data Sharing
We do not sell your personal data. We may share data with:
- Service providers — Infrastructure hosting (Hetzner Cloud), payment processing (Stripe), email delivery, and SMS gateway (Africa's Talking) providers who process data on our behalf under data processing agreements.
- Business poll clients — Aggregated, anonymised poll results only. Individual responses are never shared with business clients. We enforce a minimum response threshold (5 responses) before any results are made available to protect respondent privacy.
- Legal requirements — Where required by law, regulation, or valid legal process.
6. Data Retention
- Account data — Retained for as long as your account is active, and for a reasonable period thereafter to comply with legal obligations.
- Poll responses — Retained indefinitely in anonymised/aggregated form for historical trend analysis. Individual response records are retained for the lifetime of the associated poll.
- Device fingerprints — Retained for fraud detection purposes and periodically purged.
- Authentication logs — Login attempts and security events are retained for 12 months.
- Payment records — Retained as required by applicable financial regulations.
7. Cookies & Local Storage
We use the following:
- Session cookies — Essential for authentication and CSRF protection on our web platform. These expire when you close your browser or after a period of inactivity.
- Admin session cookies — Expire after 30 minutes of inactivity for security.
- Local storage — Used to store your theme preference (light/dark mode).
- Mobile app storage — JWT tokens are stored securely using device secure storage. Poll feed data is cached locally for offline access.
We do not use third-party advertising or tracking cookies.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Passwords stored using secure cryptographic hashing
- CSRF protection on all web forms
- Rate limiting on authentication endpoints to prevent brute-force attacks
- Account lockout after repeated failed login attempts
- Content Security Policy headers with nonce-based script execution
- Encrypted connections (HTTPS/TLS) for all data in transit
- Network policies restricting inter-service communication in our infrastructure
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate personal data.
- Erasure — Request deletion of your personal data, subject to legal retention requirements.
- Restriction — Request that we limit how we use your data.
- Portability — Request your data in a structured, machine-readable format.
- Objection — Object to processing based on legitimate interest.
- Withdraw consent — Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact privacy@pollscafe.com. We will respond within 30 days.
10. Children's Privacy
Our platform is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. International Data Transfers
Your data may be processed on servers located outside your country of residence. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on our platform. Continued use of our services after changes take effect constitutes acceptance of the updated policy.
13. Contact
For any questions or concerns about this policy or your personal data:
Email: privacy@pollscafe.com