Privacy Policy

Last updated 22 June 2026

This policy explains what data Unovote collects, why we collect it, and the choices you have. We keep data collection to what the product needs to run boards, voting, reporting, and decision updates.

1. Who we are

Unovote is a hosted, embeddable idea board with conviction voting. Product teams curate a small set of competing ideas, give participants a fixed pool of coins to allocate across them, and send decision updates back to the people who voted. We serve customers worldwide.

For any privacy question or request, contact us at hello@unovote.com.

2. The data we collect

Account holders (our customers)

  • Email address and display name.
  • A password, stored only as a salted hash by our authentication provider. We never see or store your plain password.
  • Organisation and membership details, including your role and timezone.
  • Board, idea, and reporting content you create.

Voting participants

  • Email address, used to verify public votes and to send decision updates you consent to.
  • An optional display name.
  • Your coin allocations and submission history for the boards you vote on.
  • Your consent choice for outcome-update emails, captured when you submit a public vote.
  • Short-lived one-time codes (OTP) used to verify a public vote. These expire within 2 to 3 minutes.

Collected automatically

  • Basic interaction data tied to the voting experience: device and input type and timing of allocation steps, used to improve the widget.
  • Standard server logs, including IP address and request metadata, used for security and to operate the service.

3. How we use your data

  • To run boards, record allocations, produce reports, and close the outcome loop.
  • To verify a public participant's email before accepting their vote.
  • To send transactional email: verification codes, member invitations, and decision updates you have consented to receive.
  • To keep the service secure and to investigate abuse.

We do not sell your personal data. We do not use it for third-party advertising, and we do not run advertising or analytics trackers on the voting widget.

4. Consent and legal basis

Outcome-update emails are sent only when a participant opts in during the vote submission flow. Transactional messages needed to run the service, such as a verification code or a member invitation, are sent as a necessary part of providing the product. Where the law requires a specific legal basis, we rely on your consent, the performance of our service, and our legitimate interest in operating it securely.

5. Service providers

We rely on a small set of trusted providers to operate Unovote. They process data only to provide their service to us:

  • Supabase — database, authentication, and data hosting.
  • Resend — delivery of transactional email.
  • Vercel — application hosting and content delivery.
  • Stripe — payment processing, used only if you subscribe to a paid plan. Card details are handled by Stripe; Unovote never stores card data.

6. Cookies and local storage

We use only the storage needed to make the product work:

  • Essential cookies for keeping you signed in to the dashboard.
  • A functional cookie remembering interface preferences such as the sidebar state.
  • Local storage in your browser to remember your active organisation and whether you have already seen a board.

We do not use advertising or analytics cookies.

7. Data retention

We keep account and board data for as long as the account is active. Deleting a board is permanent and removes all of its ideas, allocations, and participant records for that board; there is no recovery. One-time verification codes expire automatically within minutes. You can ask us to delete your account data at any time.

8. Your rights

You can ask us to access, correct, delete, export, restrict, or object to the processing of your personal data, and to stop sending you outcome-update emails. To make a request, email hello@unovote.com, and we aim to respond within 30 days. Depending on where you live, you may have additional rights under the privacy and data-protection laws that apply to you, and we honour those rights where they apply.

9. Security and data separation

Each organisation's data is partitioned and isolated at the database level, so one customer cannot access another customer's data. Data is encrypted in transit. We record validation notes for security-sensitive changes as part of how we work.

10. Children

Unovote is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will remove it.

11. International transfers

Because we serve customers globally and use the providers listed above, your data may be processed in countries other than your own. We rely on those providers' safeguards for international data handling.

12. Changes to this policy

We may update this policy as the product evolves. We will change the "last updated" date above when we do, and significant changes will be communicated through the product or by email where appropriate.