Built for organisations thattake trust seriously.

Cloud infrastructure

Built on independently audited providers

SimpleVote runs on major cloud platforms that hold SOC 2 Type II and ISO/IEC 27001 certifications. We publish our subprocessors and data processing agreement so your organisation can complete its own due diligence.

What you can rely on

• ✓SOC 2 Type II audited hosting and database providers
• ✓ISO/IEC 27001:2022 certified infrastructure under a shared responsibility model
• ✓Documented subprocessors, retention rules, and a standard DPA for organisers

UK & GDPR

Privacy by design for member elections

For UK parties, trade unions, and membership bodies, where voter records are stored matters. Member names, emails, and ballot data are processed in UK/EEA regions (London and Ireland).

What you can rely on

• ✓UK/EEA hosting for voter records (database London eu-west-2; email Ireland eu-west-1)
• ✓Automatic removal of voter names and emails 30 days after your election closes
• ✓GDPR-aligned processing with data minimisation and purpose limitation
• ✓Registered with the UK ICO (reference ZC162594; public certificate on the ICO website)

Data protection

Encryption by default

Voters and election managers can trust that data is protected in storage and in transit.

What you can rely on

• ✓Encryption at rest (AES-256) for database records and backups
• ✓Encryption in transit (HTTPS/TLS) for every connection to SimpleVote
• ✓Edge network protection against denial-of-service attacks

Payments

Card data stays with your payment provider

When you pay for larger tiers, card details are handled by a certified payment provider. SimpleVote never stores card numbers.

What you can rely on

• ✓PCI DSS Level 1 payment processing via a certified provider (e.g. Stripe)
• ✓SimpleVote only receives payment confirmations, not card data