Privacy Policy

1. Introduction

Welcome to BallotBox ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Information We Collect

2.1 Information You Provide to Us

When you register for an account, we collect:

• Email address
• Username/display name
• Password (stored in encrypted form)
• Any other information you choose to provide during account creation or profile setup

2.2 Information Collected Automatically

When you use our application, we automatically collect:

• Log data (IP address, browser type, pages visited, access times)
• Device information (device type, operating system)
• Authentication cookies necessary for maintaining your login session

2.3 Information from Third Parties

We use Supabase for authentication services. When you log in through Supabase, we may receive information in accordance with their privacy policy, which can be found at https://supabase.com/privacy.

3. How We Use Your Information

We use your personal information for the following purposes:

• To provide and maintain our service
• To authenticate users and manage user accounts
• To respond to your inquiries and provide customer support
• To improve and optimize our application
• To detect and prevent fraud or security breaches
• To comply with legal obligations

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Performance of a contract when we provide you with our services
• Your consent, which you can withdraw at any time
• Our legitimate interests in operating and improving our services
• Compliance with legal obligations

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

User account information is retained for the duration your account is active. Upon account deletion, we will securely delete or anonymize your personal data within 30 days, except where we need to retain certain information for legitimate business or legal purposes.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

Service Providers: Third-party vendors who help us operate our application (such as Supabase for authentication)

Legal Requirements: When required by law, court order, or governmental authority

Business Transfers: In connection with a merger, acquisition, or sale of assets

7. International Data Transfers

Your information may be transferred to and processed in countries other than the UK where our servers are located. We ensure appropriate safeguards are in place to protect your information in compliance with applicable data protection laws.

8. Your Data Protection Rights

Under UK data protection laws, you have the right to:

• Access your personal data
• Correct inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your personal data
• Object to processing of your personal data
• Data portability (receiving your data in a structured, machine-readable format)
• Withdraw consent at any time where we rely on consent to process your data

To exercise these rights, please contact us at help@groupsapp.co.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

10. Children's Privacy

Our service is not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected personal information from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

13. Data Protection Authority

You have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO) if you believe we have violated your data protection rights. The ICO can be contacted at: