Privacy Policy
Last updated: January 19, 2025
This Privacy Policy describes how votefirst.app ("us", "we", or "our") collects, uses, and handles your data when you use our votefirst.app website ("Service").
1. Information Collection and Use
We are committed to protecting your privacy. We collect only the personal information necessary to provide, secure, and improve our Service:
Account Information
When you create an account or use the Service, we may collect and store the following information in our database:
- First name and last name
- Email address (unique to your account)
- Password (stored in hashed form)
- Google User ID and profile picture URL (if you sign in with Google)
- Preferred language
- Plan and subscription-related status
- API key and related metadata (e.g., last used time)
- Notes you choose to store in your profile
- Last access time and activity metadata
- Number of projects, selected project ID, and related project state flags
- Additional configuration and usage data stored as JSON (Data field)
Email Address (Waitlist and Communications)
When you sign up for our waitlist or marketing communications via Sender, we collect your email address. This is used solely for waitlist management, onboarding, and product updates.
Usage Analytics
We collect anonymized or pseudonymized usage data through PostHog to understand how users interact with our Service and identify areas for improvement. This may include page views, feature usage, clicks, and technical performance metrics. Where possible, analytics data is collected without directly identifying you, and it is not used to track you across other services.
Billing and Subscription Information
For paid plans, we use Stripe to process payments and manage subscriptions. Stripe may collect and process billing details such as your name, email address, payment method information, and billing address. We do not store your full payment card details on our servers; this information is handled securely by Stripe.
2. Cookies and Tracking Technologies (Web)
Our website use PostHog analytics, which sets cookies and similar technologies only to understand how the site is used and to improve our services. These cookies are not used for advertising or tracking you across other websites.
Cookie Details:
- Cookie Type: First-party cookies only
- Purpose: Analytics, sit performance tracking, session management, and user experience improvement
- Scope: PostHog analytics collection and essential Service functionality only
No Third-Party Advertising Tracking
We do not use third-party advertising tracking services, retargeting cookies, or invasive tracking techniques that follow you across the internet.
Cookie Consent
PostHog and essential Service cookies are used with your continued use of the website. No cookies are placed for advertising purposes.
Browser Settings
You may choose to refuse or limit cookies through your browser settings. However, disabling certain cookies may affect authentication, session management, or other core features and functionality of our website and web app.
3. Third-Party Services
PostHog (Web Analytics)
We use PostHog to collect anonymized or pseudonymized usage data across our website. This includes:
- Feature interactions and user behavior patterns
- website performance metrics
- General usage statistics
PostHog processes this data according to their Privacy Policy. PostHog uses first-party cookies only and does not employ third-party advertising tracking or retargeting.
Stripe (Payments and Subscription Management)
We use Stripe to handle secure payment processing and manage subscriptions. Stripe may collect:
- Payment method details (e.g., card information)
- Billing and contact information
- Subscription status, invoices, and renewal information
Stripe processes this data according to their Privacy Policy. Stripe is responsible for securely storing your payment information and complies with applicable payment security standards (such as PCI-DSS).
Sender (Email Waitlist and Communications)
We use Sender to manage our waitlist and email communications. When you provide your email:
- Your email address is stored securely in Sender
- We send you product updates, onboarding information, and waitlist notifications
- You can unsubscribe at any time from our emails
Sender processes this data according to their Privacy Policy.
4. Use of Data
We use the collected data for the following purposes:
- Account Management: To create, maintain, and secure your VoteFirst account and projects
- Service Improvement: Analytics help us understand user behavior and improve features, performance, and usability
- Waitlist and Communication Management: Email addresses are used to keep you informed about onboarding, product launches, and updates
- Billing and Subscription Management: Stripe data helps us manage subscriptions, invoices, and payment status
- Product Development: Aggregated usage patterns inform our development roadmap and feature prioritization
- Technical Support and Security: We may use data to diagnose issues, monitor for abuse, and protect the Service against fraud and unauthorized access
5. Legal Basis for Processing (GDPR)
For users in the European Union, United Kingdom, and Switzerland, we process your personal data based on the following legal bases:
Consent
Your email address for waitlist or marketing communications is processed with your explicit consent when you provide it via our forms. You may withdraw this consent at any time by contacting support@votefirst.app or by using the unsubscribe link in our emails.
Legitimate Interests
We process analytics and certain account data based on our legitimate interest in improving our Service, maintaining security, understanding user needs, and operating an efficient and reliable web application, provided that these interests are not overridden by your privacy rights.
Contract Performance
Account, project, and subscription data processed through our own systems and Stripe is necessary to fulfill our contract with you for providing access to the Service, managing your subscription, and delivering the features you use.
6. Data Anonymization and Minimization
Where feasible, analytics data collected through PostHog is anonymized or pseudonymized and aggregated so that it does not directly identify individual users. We do not create marketing profiles for targeted advertising.
Account data such as your name, email, and project information is stored only to the extent necessary to operate the Service, manage your subscription, and comply with legal obligations.
7. Data Sharing
We do not sell, trade, or rent your personal information. We share data only with the third-party services necessary for operating our Service:
- PostHog: Receives anonymized or pseudonymized analytics data
- Stripe: Receives billing and payment-related data to process payments and manage subscriptions
- Sender: Receives your email address for waitlist and communication management
These third parties are contractually or legally bound to use your information only as necessary to provide services to us and to protect your information in accordance with applicable data protection laws.
8. Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. This includes secure storage of account data, restricted access controls, and SSL/TLS encryption for communications with our servers.
However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data, but we strive to use commercially acceptable means to protect it.
9. Children's Privacy
Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information and, if applicable, terminate the child's account.
10. Data Retention
- Account and Project Data: We retain your account and related project data for as long as your account is active or as needed to provide the Service. We may also retain certain data for a reasonable period after account closure for backup, security, fraud prevention, and legal compliance purposes.
- Analytics Data: Aggregated and anonymized analytics data is retained for as long as necessary to analyze and improve our Service.
- Email Addresses: We retain your email address as long as you remain on our waitlist, are subscribed to our communications, or maintain an active account. You can request deletion or unsubscribe at any time.
- Billing and Subscription Data: Stripe retains subscription and billing information according to their data retention policies and applicable financial and tax regulations.
11. Your Rights
You have the right to:
- Access: Request access to the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete personal data.
- Deletion: Request deletion of your personal data, subject to certain legal or contractual obligations.
- Restriction: Request restriction of processing in certain circumstances.
- Data Portability: Request a copy of your personal data in a commonly used, machine-readable format where technically feasible.
- Marketing Opt-Out: Opt out of marketing emails using the unsubscribe link in every email or by contacting us.
- Analytics and Cookies: Adjust your browser settings to limit cookies or contact us regarding analytics preferences.
- Information Request: Request information about how your data is processed and with whom it is shared.
- Lodge Complaint: If you are in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority.
To exercise these rights, contact us at support@votefirst.app.
12. International Data Transfers
Your personal data may be processed in countries other than your country of residence. Where this occurs, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws.
PostHog, Stripe, Sender, and other service providers we use comply with international data protection standards, including, where applicable, the EU-U.S. Data Privacy Framework, Standard Contractual Clauses, or equivalent mechanisms for cross-border data transfers.
13. Scope and Applicable Laws
This Privacy Policy complies with the following regulations, to the extent applicable:
- GDPR (European Union, United Kingdom, and Switzerland)
- CCPA/CPRA (California residents)
- Other applicable privacy and data protection laws in your jurisdiction
If you are a California resident, you may have additional rights regarding your personal information under the CCPA/CPRA. For more information or to exercise these rights, please contact us at support@votefirst.app.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or applicable laws. We will notify you of any material changes by updating the "Last updated" date at the top of this policy, and we may provide additional notice (such as an in-app banner or email) where required.
Continued use of our Service after such modifications constitutes your acceptance of the updated Privacy Policy.
15. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: support@votefirst.app