We believe you deserve to know exactly what we collect and why. Plain English — no legal fog.
PollXYZ is a mobile opinion platform. We are committed to being transparent about the data we collect and to collecting only what is necessary to operate the service. This Privacy Policy explains what we collect, why, and what your rights are.
Account data: your email address (used only for authentication — never shown in your profile or shared with anyone); a username you choose (your real name or any pseudonym); and a display name — the name shown on your comments and public profile, which can be your real name or any name you choose.
Optional encrypted name backup: if you choose to store an encrypted backup of your real name, it is encrypted on your device before being sent to our servers using AES-256 encryption. We never receive or store the plaintext version. The decryption key (your Master Encryption Key) is stored only in your device's secure keychain and is never transmitted to us. This is used solely for identity recovery if you reinstall the app.
Device identifier: a unique device ID used to prevent duplicate account creation and detect fraudulent activity. Stored securely and never shared with third parties.
Demographics: age range, gender, education, employment, and income range — collected during account creation to power the anonymous aggregate breakdowns that make poll results meaningful. Your consent to provide this data is obtained on the consent screen shown before registration begins. If you do not wish to provide this information, you are free not to create an account.
What we deliberately do NOT collect: race or ethnicity, religion or faith, and political leaning. These are classified as "special category" personal data under GDPR Article 9, and we have made the explicit choice not to hold them at all.
Usage data: polls you vote on, polls you create, comments you post, and interactions within the app.
Technical data: device type, operating system, and app version for diagnostics and crash reporting.
Device model & OS version: public hardware info such as “iPhone 15 Pro” and “iOS 18.2” from the operating system. Refreshed at every sign-in so the data stays current if you upgrade. Used in aggregate poll breakdowns only (e.g. “52% of iPhone 15 Pro users voted X”), never shown on your profile, never linked to your individual vote in any user-facing surface.
PollXYZ is built on a pseudonymous design. Your username — whether it's your real name or a made-up handle — is never verified against any government ID, real-world identity, or external database. We have no way to prove who you really are, and we never try to.
Your demographic data is tied to your chosen username, not to a verified identity. This means our data — including all demographic breakdowns — cannot be reliably attributed to any confirmed real-world person.
GDPR Article 9 designates certain personal data as "special category" — including race or ethnicity, political opinions, religious or philosophical beliefs, and information concerning health, sexual orientation, biometric or genetic data.
PollXYZ does not collect, store, or process any special category data. This is a deliberate design choice. We have determined that the marginal product value of holding these fields does not justify the regulatory weight, the security risk, or the impact on user trust.
If you used an earlier version of the app that asked for race, religion, or political leaning, those columns and any data within them have been permanently removed from our database.
Profile photos are optional. If you choose to upload a photo, it is processed as follows:
• Compression: photos are automatically compressed and resized on your device to a maximum of 60 KB and 512×512 pixels before upload. Higher-quality originals never leave your phone.
• EXIF removal: all metadata, including GPS coordinates, camera model, and capture timestamps, is stripped from photos before upload.
• Random URL paths: uploaded photos are stored at unguessable random paths so the URL of one user's photo cannot be derived from another user's identifier.
• Public visibility: uploaded profile photos are publicly visible to other PollXYZ users alongside your username and bio. We label this clearly in the upload UI before you confirm.
• Erasure: deleting your profile photo via Edit Profile removes both the database reference and the underlying file from our servers. Account deletion erases all photo files associated with your account.
If you choose not to upload a photo, your initials are displayed instead in a coloured circle generated from your username.
Your bio is a short optional self-description (up to 160 characters) shown on your profile. Comments on polls are limited to 500 characters; replies to comments are limited to 280 characters. To protect users and the platform, all user-submitted text is automatically processed at submission time as follows:
• Links (URLs), bare domains, URL shorteners, email addresses, phone numbers, and crypto wallet addresses are blocked on submission. Bios, comments and replies containing them are rejected with an explanatory message and never stored.
• A list of unambiguous slurs, threat terms, and known scam phrases (e.g. "free crypto", "click here", "lottery winner") is matched at submission time. Matches result in either hard rejection or automatic flagging for human moderator review, depending on confidence.
• Spam patterns such as excessive capitalisation, long runs of repeated characters, and oversized emoji walls are auto-flagged for moderator review.
• Comments and replies that pass automated filtering may still be removed or hidden by the moderators of PollXYZ if they violate the community guidelines outlined in the Terms of Service.
You retain copyright in your own bio, comments, and replies. By submitting them you grant PollXYZ the licence described in our Terms of Service to display them within the platform.
To preserve the integrity of our city-level and country-level statistics, your primary location (country, state, city) is locked for a period of between 65 and 120 days at a time once approved.
To change your primary location you submit a request through the app, which is reviewed by an administrator. Once approved, your primary location is updated and a new lock window of randomised duration begins. The randomised duration prevents adversarial users from synchronising location changes to manipulate demographic breakdowns.
Secondary locations (a second country/state/city associated with your account, used for diaspora analytics) are not locked.
We use your data to: operate your account and authenticate you; display your display name on votes and comments you make public; generate aggregate, anonymous demographic statistics for poll results; detect and prevent fraud, abuse, and vote manipulation; improve the platform; and compute an internal Trust Score (described below).
We do NOT use your personal data to target advertising. We do NOT sell user lists, user segments, or individual data of any kind.
PollXYZ computes an internal Trust Score (0–100) for every account based on behavioural signals including: account age, engagement quality, content moderation history, voting patterns, and time spent reading polls before voting. The exact formula is not disclosed to prevent gaming.
The raw score is never shown to users. Users may see a tier badge (such as "Verified Voice" or "Trusted Member") derived from their score range. Accounts with very low scores may have certain features quietly limited — for example, reduced posting frequency — as a fraud and abuse prevention measure.
This processing is based on our legitimate interest in maintaining platform integrity under GDPR Article 6(1)(f). You may object to this processing by contacting privacy@pollxyz.com. Note that objecting may affect your ability to use certain features of the platform.
The only commercial product PollXYZ sells to third parties is aggregate, anonymous statistics — for example: "68% of 25–34 year-olds in New York said they prefer brand X" or "54% of respondents with a college degree support this policy."
This aggregate data contains no personal information, no usernames, no user lists, and no individual records. It cannot be used to identify or re-identify any person. It is therefore not personal data under GDPR Recital 26 and not subject to CCPA.
Sponsored content, if shown inside the app, is targeted only on non-sensitive dimensions such as age range, income range, education level, employment status, or location. We do not collect race, ethnicity, religion, or political opinion at all — so we cannot target by them, and brands cannot request it. Any targeting is performed internally by PollXYZ. Brands never receive user data of any kind.
Sponsored polls. Some polls in the app are paid promotional content sponsored by a brand, organisation, or researcher. Every sponsored poll is clearly labelled with the word "Sponsored" and the sponsor's name in both the feed and the poll detail screen, in accordance with FTC native-advertising guidelines (US), Article 26 of the EU Digital Services Act, and Apple App Store guideline 1.4. The sponsor's logo, where provided, appears alongside the disclosure.
Sponsors never receive your username, email, demographics, votes, comments, profile photo, or any other identifying data. The only thing brands receive is the same aggregate, anonymous statistical breakdown described in section 6 (e.g. "62% of 25–34 year-olds chose Option A"). Brands cannot identify, contact, or re-identify any individual user from the data they receive.
Targeted polls. A poll may be targeted to a specific audience — for example, only shown to users in a specific age range, country, or income bracket. When a poll is targeted, users who do not match the audience never see it: it does not appear in their feed, search results, or trending lists, and a direct link to the poll returns a "not found" response for them.
Targeting cannot use race or ethnicity, religion or faith, sexual orientation, or political leaning for any poll, sponsored or otherwise — because PollXYZ does not collect this data at all. The original database-level constraint that rejected such targeting on sponsored polls remains in place defensively.
Targeting parameters used on sponsored polls are limited to: age range, gender, income range, education level, employment status, country, state, city, and self-declared interests.
We use the following sub-processors — third parties that handle data on our behalf:
• Supabase (supabase.com) — database, authentication, and file storage. Your account data, demographics, votes, and comments are stored on Supabase servers under strict confidentiality and security standards.
• Expo (expo.dev) — push notification delivery. Expo receives only your push notification token (a device identifier) and the content of notifications we send you. Expo has no access to your account data, votes, comments, demographics, or any data stored in our database.
We never sell, rent, or transfer your personal data to data brokers or third-party advertisers. We may disclose data when required by a valid legal process (court order, subpoena, etc.). In such cases, we will notify you to the extent permitted by law.
We do not keep personal data forever. PollXYZ runs an automated retention policy that disables and eventually deletes accounts that have been inactive for long periods, so dormant data does not accumulate on our servers indefinitely.
4 months of inactivity → account disabled. If you do not sign in or interact with the app for 4 consecutive months, your account is automatically moved to a disabled state. Your profile becomes hidden, and your votes, polls, and comments are removed from public counts, feeds, and aggregate statistics (your data is still in our database at this point — just hidden). You receive an email notice approximately two weeks before this happens, with a one-tap sign-in link to keep the account active.
8 months of inactivity (total) → account permanently deleted. If you remain inactive for a further 4 months after being disabled — 8 months without a sign-in in total — your account and all associated personal data are permanently deleted. This includes your email, username, bio, demographics, location, votes, polls, comments, profile photo, and the encrypted real name blob if you stored one. You receive a final email notice approximately two weeks before deletion.
Re-activating before deletion restores everything. If you sign in at any point during the disabled period (between months 4 and 8), your account is automatically re-activated and all your content reappears as it was. There is no recovery once the 8-month deletion has occurred.
Individual votes, comments and polls: retained until you delete your account, or until the 8-month automated deletion runs — whichever comes first.
Aggregate, anonymous statistics: retained indefinitely. Once data is aggregated and stripped of any individual identifier, it is no longer personal data under GDPR Recital 26 and may be retained for historical record-keeping.
If you are in the EU, EEA, or United Kingdom, you have the right to:
• Access: request a copy of the data we hold about you by emailing privacy@pollxyz.com.
• Rectification: correct inaccurate data in Settings at any time.
• Erasure: delete your account and all associated personal data via Settings → Delete account.
• Portability: request your data in a machine-readable format by emailing privacy@pollxyz.com.
• Object: object to processing based on legitimate interests.
• Withdraw consent: you may withdraw full consent at any time by deleting your account via Settings → Delete account, which permanently removes all your personal data.
We aim to respond to all requests within 30 days. Contact: privacy@pollxyz.com
If you are a California resident, you have the right to know what personal information we collect, use, and share; delete your personal information at any time via Settings → Delete account; correct inaccurate personal information in Settings; opt out of the sale or sharing of personal information (we do not sell personal data or user lists — this right is automatically satisfied); and limit the use of sensitive personal information.
PollXYZ does not collect any of the categories California classifies as sensitive personal information (race or ethnicity, religion, political opinions, biometric data, precise geolocation, sexual orientation, etc.). This right is automatically satisfied because there is no such data to limit.
PollXYZ is intended for users 18 and over. We do not knowingly collect data from California residents under 18. We will respond to verified requests within 45 days. Contact: privacy@pollxyz.com
We use industry-standard security measures: TLS encryption for all data in transit, database-level encryption at rest via Supabase, and Row Level Security (RLS) to ensure no user can access another user's data through our API.
For users who choose to store an encrypted name backup: encryption is performed on your device using AES-256 before any data leaves it. Our servers receive only the encrypted ciphertext. Your Master Encryption Key never leaves your device. This means we are technically unable to read your real name — even in response to a legal request.
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining reasonable security practices.
PollXYZ is intended exclusively for users aged 18 and over. We do not collect data from or knowingly permit registration by anyone under 18. Age is self-declared during registration. If we become aware that a user is under 18, we will immediately delete their account and all associated personal data.
If you believe someone under 18 has registered, contact us immediately at privacy@pollxyz.com and we will act promptly.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or in-app notification at least 14 days before the change takes effect. Continued use of the app after that date constitutes acceptance of the updated policy.
Privacy inquiries and data requests (access, portability, erasure): privacy@pollxyz.com
Please use the subject line "Data Request" and include your registered email address. We will verify your identity before processing any request.