Legal

Privacy Policy

Last updated: April 2026

We collect only what you choose to share with us. All demographic fields are optional, your email is never stored in plain text, and you can delete your account at any time. Privacy is not an afterthought here, it is baked into how the app works.

What we collect and why

  • Your email address — used only to send you a sign-in link. We immediately hash it (one-way encryption) and never store it in plain text. We cannot read your email.
  • Your IP address — used at vote time to detect your country, so we can show geographic breakdowns on the results map. We do not log or retain IP addresses beyond this single lookup.
  • Your vote — stored under a pseudonymous random token, never your email. Your vote is permanently separated from your identity at the database level.
  • Demographic data (optional) — if you fill out your profile, fields like age, gender, political affiliation, religion, and race are encrypted with a key only the app holds. We also store a one-way hash of each value to enable filtered queries without ever decrypting the data at query time. You can skip all of this.
  • Location (optional) — country, state/region, and city, if you provide them in your profile. Used to show your vote on the map.

What we never do

  • We do not sell your data. Ever. We do not run ads.
  • We do not share your data with third parties, except the infrastructure providers that run the app (Railway for hosting, Upstash for caching). These providers process data on our behalf under strict data processing agreements.
  • We do not link your vote to your email, this is enforced at the database architecture level, not just policy.

How results are shown

All results displayed on Doxapoll are aggregated and anonymous. You see percentages and counts, never individual responses. Demographic breakdowns require a minimum threshold of voters to be shown, so no single person's response can be inferred.

Data retention

Your data is retained for as long as you have an account. You can delete your account at any time from your profile page. Doing so immediately and irreversibly removes your email hash, your profile, and all associated tokens. Your historical votes are retained in anonymised form with no identifying information attached.

Your rights

Depending on where you live (EU, Canada, and many other jurisdictions), you have the right to access, correct, or delete the personal data we hold about you. You can delete your account and all associated data directly from your profile page. For access or correction requests, email us at hello@doxapoll.com and we will respond within 30 days.

Cookies and local storage

We use browser local storage to keep you signed in (via a JWT token). We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

Changes to this policy

If we make material changes, we'll update the date at the top of this page. We won't bury it in a lengthy legal notice. If something significant changes, we'll tell you.

Contact

Questions? Concerns? Email us at hello@doxapoll.com.