Security & compliance

Built for organisations thattake trust seriously.

SimpleVote keeps voter records in UK/EEA regions, encrypts data in storage and transit, and automatically removes personal data after your election closes. Everything you need to reassure members, trustees, and data protection leads.

SimpleVote Ltd is certified to Cyber Essentials and Cyber Essentials Plus (24 June 2026, issued by The IASME Consortium Ltd). Verify certificate

Cyber Essentials Plus

Independently verified UK cyber security

SimpleVote Ltd is certified to Cyber Essentials and Cyber Essentials Plus (issued 24 June 2026). The UK government-backed scheme assesses firewalls, secure configuration, access control, malware protection, and patching.

What you can rely on

  • Cyber Essentials and Cyber Essentials Plus certified by IASME
  • Verify our certificate on the Blockmark registry at any time

Cloud infrastructure

Built on independently audited providers

SimpleVote runs on major cloud platforms that hold SOC 2 Type II and ISO/IEC 27001 certifications. We publish our subprocessors and data processing agreement so your organisation can complete its own due diligence.

What you can rely on

  • SOC 2 Type II audited hosting and database providers
  • ISO/IEC 27001:2022 certified infrastructure under a shared responsibility model
  • Documented subprocessors, retention rules, and a standard DPA for organisers

UK & GDPR

Privacy by design for member elections

For UK parties, trade unions, and membership bodies, where voter records are stored matters. Member names, emails, and ballot data are processed in UK/EEA regions (London and Ireland).

What you can rely on

  • UK/EEA hosting for voter records (database London eu-west-2; email Ireland eu-west-1)
  • Automatic removal of voter names and emails 30 days after your election closes
  • GDPR-aligned processing with data minimisation and purpose limitation
  • Registered with the UK ICO (reference ZC162594; public certificate on the ICO website)

Data protection

Encryption by default

Voters and election managers can trust that data is protected in storage and in transit.

What you can rely on

  • Encryption at rest (AES-256) for database records and backups
  • Encryption in transit (HTTPS/TLS) for every connection to SimpleVote
  • Edge network protection against denial-of-service attacks

Payments

Card data stays with your payment provider

When you pay for larger tiers, card details are handled by a certified payment provider. SimpleVote never stores card numbers.

What you can rely on

  • PCI DSS Level 1 payment processing via a certified provider (e.g. Stripe)
  • SimpleVote only receives payment confirmations, not card data

For IT & procurement

Technical details

A concise summary for security questionnaires. For legal terms, subprocessors, and the DPA, see our legal pages or contact admin@simplevote.org.

Application hosting
Vercel serverless functions, eu-west-2 (London)
Database & auth
Supabase PostgreSQL, eu-west-2 (London)
Transactional email
Resend only, eu-west-1 (Ireland) - magic links, reminders, results
Voter PII retention
Automatic purge 30 days after election close
ICO registration
ZC162594 (public entry on ico.org.uk)
Subprocessors & DPA
See Subprocessors and Data Processing Agreement
SimpleVote certification
Cyber Essentials and Cyber Essentials Plus (issued 24 June 2026, IASME). SimpleVote is not ISO 27001 or SOC 2 certified as an organisation; our infrastructure providers are.

Questions about security?

Read our privacy policy and DPA, or create a free account and run a test election before your live poll.

Security & compliance | SimpleVote | SimpleVote