Privacy Policy

Last updated: 3/5/2026

1. Introduction

Welcome to Votare ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our hackathon voting platform.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password (hashed), and profile picture
  • Organization Data: Organization names, descriptions, member lists, and roles
  • Hackathon Data: Hackathon details, projects, roadmaps, voting settings, and results
  • Voting Data: Votes cast, timestamps, and device fingerprints for security
  • Content: Project descriptions, comments, notes, and other user-generated content
  • Communication: Messages sent through contact forms or support channels

2.2 Automatically Collected Information

We automatically collect certain information when you use our platform:

  • Device Information: IP address, browser type and version, operating system, device type
  • Usage Data: Pages visited, time spent, features used, click patterns
  • Technical Data: Error logs, performance metrics, session recordings (for debugging)
  • Security Data: Device fingerprints, violation attempts, audit logs
  • Cookies and Tracking: Session cookies, authentication tokens, analytics cookies

2.3 Information from OAuth Providers

When you sign in using OAuth providers (Google, GitHub, or Microsoft/Azure AD), we receive:

  • Google: Email address, name, profile picture
  • GitHub: Email address, username, profile picture
  • Microsoft/Azure AD: Email address, name, profile picture, user principal name

We only request the minimum information necessary to create and manage your account. You can revoke access at any time through your OAuth provider's settings.

3. How We Use Your Information

We use the information we collect to:

  • Service Delivery: Provide, maintain, and improve our hackathon voting platform
  • Account Management: Create and manage user accounts, authenticate users, manage organizations
  • Voting Functionality: Process votes, prevent fraud, ensure vote integrity, display results
  • Communication: Send authentication emails, invitations, notifications, and support messages
  • Security: Detect and prevent fraud, violations, and unauthorized access using device fingerprinting
  • Analytics: Monitor usage patterns, analyze performance, and improve user experience
  • Error Tracking: Identify and fix technical issues, monitor application health
  • Compliance: Maintain audit logs, comply with legal obligations, enforce terms of service

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share your information
  • Legal Compliance: To comply with legal obligations, court orders, or government requests
  • Safety and Security: To protect our rights, property, safety, or that of our users
  • Service Providers: With trusted third-party services that help us operate our platform (see Section 5)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Within Organizations: Organization members can see other members' names and email addresses within their organization
  • Public Data: Hackathon results, project information, and public voting data may be visible to authorized participants

5. Third-Party Services and Data Sharing

We use the following third-party services to operate Votare. Each service has its own privacy policy:

5.1 Supabase

Purpose: Authentication, database storage, email delivery, and real-time features
Data Shared: User account information, authentication tokens, email addresses, application data
Privacy Policy: https://supabase.com/privacy

5.2 Vercel

Purpose: Hosting, web analytics, and performance monitoring
Data Shared: Usage analytics, page views, performance metrics (anonymized)
Privacy Policy: https://vercel.com/legal/privacy-policy

5.3 Sentry

Purpose: Error tracking, performance monitoring, and debugging
Data Shared: Error logs, stack traces, performance data, session recordings (with sensitive data masked)
Privacy Policy: https://sentry.io/privacy/

5.4 OAuth Providers

Google: Privacy Policy
GitHub: Privacy Statement
Microsoft/Azure AD: Privacy Statement

5.5 Upstash Redis

Purpose: Rate limiting and caching
Data Shared: IP addresses (temporarily), rate limit counters
Privacy Policy: https://upstash.com/privacy

5.6 Resend (Optional)

Purpose: Transactional email delivery (when configured)
Data Shared: Email addresses, email content
Privacy Policy: https://resend.com/legal/privacy-policy

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data in transit is encrypted using TLS/SSL. Passwords are hashed using industry-standard algorithms.
  • Authentication: Multi-factor authentication support, OAuth integration, and secure session management.
  • Access Controls: Role-based access control, organization-level permissions, and audit logging.
  • Fraud Prevention: Device fingerprinting, email normalization, violation tracking, and rate limiting.
  • Database Security: Data stored in Supabase (PostgreSQL) with Row Level Security (RLS) policies.
  • Infrastructure: Hosted on Vercel with DDoS protection and automatic security updates.

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal data (subject to legal and operational requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data for certain purposes
  • Restriction: Request restriction of processing in certain circumstances
  • Withdrawal: Withdraw consent for OAuth providers or email communications at any time
  • Account Deletion: Delete your account and associated data through account settings

To exercise these rights, please contact us through our contact page. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for the following purposes:

  • Authentication: Session cookies to maintain your login state
  • Security: CSRF tokens and security cookies to prevent unauthorized access
  • Analytics: Vercel Analytics cookies to understand usage patterns (anonymized)
  • Error Tracking: Sentry cookies to track errors and performance issues
  • Preferences: Theme preferences and user settings

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our platform.

9. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Voting Data: Retained for the duration of the hackathon and as required by organization policies
  • Audit Logs: Retained for security and compliance purposes (typically 1-2 years)
  • Error Logs: Retained by Sentry for debugging purposes (typically 90 days)
  • Analytics Data: Retained by Vercel Analytics in anonymized form

You can request deletion of your data at any time, subject to legal and operational requirements.

10. Children's Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. Our third-party service providers (Supabase, Vercel, Sentry, etc.) may store data in various locations worldwide. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Contact Page