Skip to main content
VMS
VMS

Privacy Policy

Last updated: March 13, 2026

1. Introduction

VMS ("we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and share data when you use our Voting Management System platform (the "Service").

By using the Service, you consent to the practices described in this policy. We encourage you to read it carefully alongside our Terms of Service.

2. Information We Collect

We collect the following categories of information:

Account Information

  • Full name, email address, and phone number
  • Organization name and type
  • Encrypted password and two-factor authentication (2FA) configuration
  • Subscription plan and billing details

Voter Information

  • Voter names, email addresses, and phone numbers as provided by election organizers
  • Voter access codes and authentication credentials
  • Voting status (whether a vote has been cast)

Election & Event Data

  • Election configurations, candidates, and ballot structures
  • Vote records (anonymized where applicable)
  • Pay-per-vote event transactions and payment data

Technical Data

  • IP addresses, browser type, and device information
  • Session data, access timestamps, and usage patterns
  • USSD session identifiers and mobile carrier information

3. How We Use Your Information

We use collected information for the following purposes:

  • Providing, maintaining, and improving the Service
  • Authenticating users and preventing unauthorized access
  • Processing payments, payouts, and generating invoices
  • Detecting and preventing fraudulent voting activity
  • Sending transactional emails (election notifications, payout confirmations, security alerts)
  • Generating anonymized analytics and usage reports
  • Complying with legal obligations and responding to lawful requests
  • Providing customer support

4. Data Sharing & Third Parties

We do not sell your personal data. We share information with third parties only as necessary to provide the Service:

Cloud Storage (Cloudinary)

Election media, candidate photos, and backup files are stored on Cloudinary. Data is transmitted securely and subject to Cloudinary's privacy practices.

Payment Processors

Payment information for subscriptions and pay-per-vote transactions is processed by third-party payment providers. VMS does not store full payment card details.

AI Analysis (Anthropic Claude)

Anonymized voting pattern data may be sent to Anthropic Claude for AI-assisted fraud analysis. No personally identifiable voter information is included in these requests.

We may also disclose information if required by law, court order, or to protect the rights, safety, or property of VMS and its users.

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

  • Authentication: JWT-based authentication with support for two-factor authentication (TOTP)
  • Encryption: AES-256 encryption for sensitive data at rest, with scrypt-based key derivation
  • Passwords: Hashed using bcrypt with appropriate salt rounds
  • Database: MongoDB with access controls and encrypted connections
  • Transport: All data in transit is protected via HTTPS/TLS
  • Backups: Automated encrypted backups with configurable retention policies

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. USSD-Specific Data

When voters use USSD (Unstructured Supplementary Service Data) to participate in elections:

  • We collect the phone number used to initiate the USSD session
  • Session data (menu navigation, inputs) is temporarily stored for the duration of the session
  • USSD sessions are subject to the same security and privacy protections as web-based interactions
  • Mobile carrier data is not stored beyond what is necessary for session authentication

7. AI & Fraud Detection Disclosure

VMS uses artificial intelligence and heuristic algorithms to detect potentially fraudulent voting activity. This includes:

  • Heuristic checks: Vote velocity analysis, IP clustering detection, device fingerprint reuse, and bot behavior patterns
  • AI analysis: Anonymized voting patterns may be analyzed by Anthropic Claude for deeper fraud insights
  • Automated alerts: Fraud alerts are generated automatically and reviewed by election administrators

No automated decision-making results in the automatic invalidation of votes. All fraud alerts are reviewed by human administrators before any action is taken. The AI analysis is advisory in nature.

8. Cookies & Tracking

VMS uses minimal cookies and local storage for essential functionality:

  • Authentication tokens: JWT tokens stored in local storage for session management
  • Theme preference: Your light/dark mode preference is stored locally
  • Essential cookies: Required for basic platform functionality

We do not use third-party tracking cookies or advertising pixels. We do not track users across other websites.

9. Data Retention & Deletion

We retain data according to the following guidelines:

  • Account data: Retained for the duration of your account and a reasonable period after closure
  • Election data: Retained as long as the election exists; archived elections follow tenant-configured retention policies
  • Fraud alerts: Automatically deleted after 180 days
  • Backup data: Subject to automated retention policy enforcement (daily cleanup of expired backups)
  • Payment records: Retained as required by applicable financial regulations
  • Security events: Retained for security analysis and audit purposes

You may request deletion of your personal data by contacting our support team. Certain data may be retained where required by law.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Withdrawal of consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the information in the Contact section below. We will respond within 30 days.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Material changes will be communicated via email or through the platform at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: