SimpleVote

Legal

Privacy Policy

SIMPLEVOTE LTD (Company No. 17251484), registered in England and Wales · Last updated 2026-06-04 · admin@simplevote.org

This Privacy Policy explains how SIMPLEVOTE LTD (Company No. 17251484), registered in England and Wales ("we", "us", "SimpleVote") processes personal data when you use simplevote.org and related services.

1. Who we are and how to contact us

Data controller (for account holders): SIMPLEVOTE LTD (Company No. 17251484), registered in England and Wales

Contact: admin@simplevote.org

ICO registration: SimpleVote is registered with the UK Information Commissioner's Office (ICO). Registration reference ZC162594. A copy of our registration certificate is publicly available on the ICO website.

2. Controller and processor roles

SimpleVote acts in two distinct roles depending on the data:

  • Data controller for Electoral Returning Officer (ERO), Admin, and Manager account data: names, email addresses, organisation membership, login metadata, and tier information.
  • Data processor for election and voter data uploaded or configured by your organisation: voter names and email addresses on invite lists, ballot configuration, and related operational records. We process this data only on the documented instructions of the organisation running the election.

The organisation (and its ERO/Admin) is the controller for voter list lawfulness. They are responsible for ensuring they have the right to upload voter contact details.

3. Data we collect

Account holders (controller data)

  • Name and email address
  • Organisation name and membership role
  • Authentication and security logs (hashed identifiers)
  • Usage and tier information

Election data (processor data)

  • Voter names and email addresses on invite lists
  • Election titles, dates, ballot configuration, and candidate details
  • Anonymous voting tokens (hashed; not linked to rankings after cast)
  • Operational audit logs (who performed ERO actions, not how individuals voted)

We do not store voter rankings linked to email addresses after a ballot is cast. Cast ballot rows contain rankings alone.

4. Special category and sensitive personal data

Under UK GDPR, special category data includes information such as political opinions, trade union membership, religious or philosophical beliefs, racial or ethnic origin, health data, and sexual orientation. SimpleVote is built for organisational elections and membership ballots; we do not require you to collect or upload special category data to use the platform.

When it may arise: Your organisation may process special category data through the service, for example when running political party or trade union elections, when candidate statements or photos reveal beliefs or affiliation, or when a membership roll implies union or party membership. In those cases:

  • Your organisation is usually the controller and must identify a valid condition under Article 9 UK GDPR (and document it) before processing.
  • SimpleVote acts as processor and processes that data only on your documented instructions under our Data Processing Agreement.
  • We do not use special category data for our own marketing or profiling.

Anonymous voting: After a voter submits a ballot, rankings are stored without email or name on the vote record (a secret ballot in the database). That design limits (but does not remove) the risk of linking special category inferences back to identifiable individuals through how they voted. Invitee names and emails remain on the roll until the retention period below.

Your responsibility: Only upload fields you need; avoid unnecessary sensitive columns in voter CSVs; use candidate statements proportionately. Contact us if you need guidance on configuration for high-sensitivity elections.

5. Lawful bases

  • Account data: contract performance and legitimate interests in operating a secure election platform.
  • Processor election data: processing on the organisation's instructions under our Data Processing Agreement.
  • Security logs: legitimate interests in fraud prevention and platform security.

6. Retention

  • Voter invitee contact details (names and emails) are deleted 30 days after results are published and the election is closed. Anonymised vote records and Scottish STV results are retained for audit integrity.
  • Account data is retained while your account is active. You may delete your account from Account settings or contact us at admin@simplevote.org; we will respond within 30 days.
  • Security audit logs are retained for up to 24 months unless a longer period is required for a legitimate investigation.

7. Email and communications

Voter invitations, magic links, reminders, and results broadcasts are sent only through Resend, our transactional email provider. They are not sent via Google Workspace or Cloudflare.

Each voter email includes an unsubscribe link scoped to the organisation running that election (your Data Controller). Unsubscribing stops further election emails from that organisation only; it does not affect other organisations on SimpleVote. Uploading or syncing a voter list again does not automatically re-subscribe someone — the Controller must explicitly re-subscribe them (with a recorded legal declaration) if they have permission. Manual re-subscribes and voter unsubscribes are stored in an append-only audit log for regulatory enquiries.

Business contact with SIMPLEVOTE LTD (for example admin@simplevote.org) uses Google Workspace and is separate from the voter email pipeline.

8. International transfers

Core hosting and database processing use UK/EU regions (London and Ireland). Some optional or billing-related subprocessors are in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards including Standard Contractual Clauses and, where applicable, the UK–US Data Bridge. See our Subprocessor list.

9. Your rights, subject access requests, and deletion

When SimpleVote is the controller (account holders)

If we process your account data as controller, you may have rights to access, rectify, erase, restrict, object, and port your data, and to withdraw consent where applicable.

  • Subject access request (SAR): Email admin@simplevote.org from your registered address, or use Download my data on your Account page for a JSON export of your profile, organisation membership, and elections you created. We aim to respond within 30 days.
  • Account deletion: Use Delete my account on the Account page (type DELETE to confirm), or email us. We anonymise your name in election audit entries where needed, remove membership, and delete your login. We respond within 30 days. You cannot delete while your organisation has an election in progress if you are the sole Admin.

When an organisation is the controller (voters and candidates)

If your data was uploaded for an election, the organisation running that election is usually the controller. Contact them first to exercise your rights. SimpleVote will assist that organisation as processor within the timelines in our Data Processing Agreement (typically within 30 days of receiving documented instructions).

We cannot disclose how a particular identifiable person voted after ballots are cast, because rankings are stored without voter identity.

Complaints

You may lodge a complaint with the UK Information Commissioner's Office (ICO). We are registered with the ICO (reference ZC162594); see our public registration entry.

10. Changes

We may update this policy. Material changes will be reflected by the "Last updated" date above. Organisations may be asked to re-accept updated terms before sending new voter invites.