Security

Security you can trust

Voting is about trust. We've built vote.direct with security at every layer, from encryption to audit trails to privacy-first practices.

How we protect your votes

Enterprise-grade security for every vote

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Votes cannot be intercepted or tampered with.

Anonymous votes are stored separately from voter identities. We minimize data collection to only what's necessary.

Built on Supabase with row-level security, hosted on enterprise-grade cloud infrastructure with automatic backups.

Every action is logged with timestamps. Immutable records ensure vote integrity can always be verified.

Multiple verification levels from email to government ID (powered by Stripe Identity) ensure voters are who they claim to be.

Multiple safeguards prevent double-voting including email verification, device fingerprinting, and ID verification.

Our commitment to security standards and compliance

Implemented

Data minimization, deletion rights, EU data handling

Implemented

Privacy disclosures, opt-out rights, data access

Planned

Formal audit planned as we scale

Evaluating

Assessing certification pathway

As we grow, we're committed to pursuing formal certifications that match our customers' needs.

How we maintain security every day

We only collect data necessary for voting. No tracking, no profiling, no selling data.

Code reviews, dependency scanning, and security-focused development practices from day one.

Row-level security policies ensure users can only access their own data. Admin actions are logged.

We welcome security reports at security@vote.direct and commit to prompt investigation and fixes.

Found a security issue? We take all reports seriously and respond promptly.