Privacy Policy

Last updated 25 March 2026. Questions? legal@polldium.com

PrivacyTermsCookies

Privacy Policy

Effective date: 25 March 2026

This Privacy Policy explains how Polldium ("we", "us", "our") collects, uses, stores, and shares your personal data when you use the Polldium platform at polldium.com (the "Service"). Please read it carefully. By using the Service you agree to the practices described here.

1. Who We Are

Polldium is an opinion polling and prediction market platform. For questions about this policy or your personal data, contact us at privacy@polldium.com.

2. Data We Collect

Account data

When you create an account we collect:

  • Email address — used for authentication, transactional emails, and support replies.
  • Password — stored as a secure hash by Supabase Auth. We never see your plaintext password.
  • Username and display name — shown publicly on polls and comments you create.
  • Profile avatar — an image you optionally upload.
  • OAuth provider tokens (if you sign in with Google, Apple, X, or Meta) — we receive only the email address and display name from the provider. We do not receive or store your social media password.

Activity data

As you use the Service we record:

  • Polls you create, including questions, options, categories, and any attached images.
  • Votes you cast and the option you chose.
  • Points wagered on predictive polls and transaction history.
  • Comments and replies you post.
  • Polls you have saved to your Favourites.
  • Interest categories and expertise tags on your profile.
  • Problem reports you submit through the Report a Problem form.
  • Notification preferences and read status.

Technical data

  • IP address — logged by Cloudflare (our hosting and CDN provider) for security and DDoS protection. Cloudflare Web Analytics aggregates this data and does not build individual user profiles.
  • Browser type, operating system, and device identifiers — collected by Sentry for error tracking and crash reporting only.
  • Session token — a secure, HttpOnly cookie set by Supabase Auth to keep you logged in.

3. Why We Collect It (Legal Basis)

  • Contract performance — processing your account data and activity is necessary to provide the Service you signed up for.
  • Legitimate interests — we use technical data to maintain security, detect abuse, and fix errors. We have balanced this against your privacy interests.
  • Legal obligation — we may retain certain data to comply with applicable law.
  • Consent — for optional email notifications, which you can withdraw at any time in Settings.

4. Third-Party Services We Use

We share data with the following processors solely to operate the Service. Each is bound by a data processing agreement.

  • Supabase (US) — database, authentication, and file storage. Your account data, activity data, and uploaded images are stored on Supabase infrastructure. Supabase Privacy Policy.
  • Resend (US) — transactional email delivery (verification emails, notifications, support replies). Your email address is passed to Resend when we send you an email. Resend Privacy Policy.
  • Cloudflare (US) — hosting, CDN, DDoS protection, and cookieless web analytics. Cloudflare processes IP addresses and request metadata. Cloudflare Privacy Policy.
  • Sentry (US) — application error tracking. Error reports may include your user ID, browser environment, and the page URL where the error occurred. No poll content or vote data is included. Sentry Privacy Policy.

We do not sell your data to third parties. We do not use your data for advertising targeting.

5. Data Retention

  • Active accounts — data is retained for as long as your account exists.
  • Deleted accounts — when you delete your account, your profile, votes, comments, favourites, and transaction history are permanently removed within 30 days. Polls you created are retained with the creator field set to anonymous so that other users' votes on those polls are preserved.
  • Anonymised analytics — aggregated, non-identifiable usage statistics may be retained indefinitely.
  • Problem reports — retained for 12 months after resolution for audit purposes, then deleted.

6. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — update inaccurate data (you can do this directly in Settings).
  • Deletion — delete your account and all associated data from Settings → Danger Zone. For residual data held by processors, contact us at privacy@polldium.com.
  • Portability — request your data in a machine-readable format.
  • Restriction / Objection — object to or restrict certain processing activities.
  • Withdraw consent — turn off email notifications at any time in Settings.

To exercise any of these rights, contact privacy@polldium.com. We will respond within 30 days. If you are in the EU/UK and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.

7. International Transfers

Polldium's third-party processors are based in the United States. If you are located in the European Economic Area, UK, or Switzerland, your data is transferred to the US under Standard Contractual Clauses or equivalent transfer mechanisms approved by the relevant authorities.

8. Children

Polldium is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has created an account, contact us at privacy@polldium.com and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. When we make material changes we will notify you via an in-app notification and update the effective date at the top. Continued use of the Service after the effective date constitutes acceptance of the updated policy.