VoteChain
Get Started

Privacy Policy

How we collect, use, and protect personal information.

Last updated: March 2026

This Privacy Policy explains how Deepsink Partners Technologies (“Deepsink”, “we”, “us”, “our”), the operator of VoteChain, collects, uses, discloses, stores, and protects personal information when you use our websites, web application, API, official mobile applications, marketing forms, and support channels (collectively, the “Service”).

Not legal advice. This Policy is for transparency. It does not create rights beyond what applicable law provides.

By using the Service, you acknowledge this Privacy Policy. If you do not agree, do not use the Service.

1. Who we are

Responsible party (controller): Deepsink Partners Technologies, company registration K2021909044, VAT 4410303871, Sandton, Johannesburg, South Africa.

Information Officer (POPIA) and contact for PAIA requests (access to records): support@votechain.app.

We do not appoint an EU representative or DPO by default; EU data subjects may contact support@votechain.app and may lodge complaints with their local supervisory authority.

2. Personal information we collect

Categories depend on how you use the Service:

  • Identity and contact: name, email address, phone number if you provide it, organisation or community affiliation where applicable.
  • Account and profile: credentials, roles, preferences, profile details, and content you upload (such as profile images) where the product allows.
  • Voting and activity data: participation in topics or ballots, timestamps, technical metadata needed to operate votes (including proxy relationships where enabled), and audit-relevant events tied to your account as designed in the product.
  • Transactional and billing: subscription status, limited payment-related metadata; payment card data is processed by our payment partners (for example Payfast where enabled), not stored by us in full card form.
  • Technical and security: IP address, device or app identifiers, browser type, approximate location derived from IP, logs, authentication events, API usage, and anti-abuse signals (for example challenges completed when Cloudflare Turnstile is enabled).
  • Communications: messages you send to support, trust and safety, or forms; email delivery and engagement metadata.
  • Marketing: if you opt in (for example at registration), we may send product news; you may withdraw consent at any time.

We aim to collect only what we need for the purposes below.

3. How we use personal information and lawful bases (GDPR)

We process personal information on these bases, as applicable:

  • Provide the Service (accounts, votes, notifications, API tokens, support): contract with you; legitimate interests in operating the platform securely and reliably.
  • Security and abuse prevention (Turnstile where enabled, rate limits, fraud signals, logging): legitimate interests; legal obligation where applicable.
  • Billing (subscriptions, invoices via partners): contract; legal obligation (for example tax and accounting records).
  • Product improvement (diagnostics, aggregated metrics): legitimate interests.
  • Marketing (newsletters where you opted in): consent (you may withdraw at any time).
  • Legal compliance (responding to lawful requests): legal obligation.

Where we rely on legitimate interests, we balance them against your rights; you may object where GDPR allows. South African law (POPIA) requires lawful, fair, and reasonable processing consistent with these purposes.

4. Cookies and similar technologies

See our Cookie Policy. We use cookies and similar storage for session management, security, preferences, and (if enabled) analytics.

5. Sharing and subprocessors

We share personal information with service providers who assist us, for example:

  • Cloud hosting and databases (our primary processing is intended to be in South Africa and the EU; providers may offer encryption and access controls).
  • Email delivery (for example SMTP or transactional email providers such as Mailersend, Resend, Mailjet, Postmark, SES, or similar depending on configuration).
  • Payments (for example Payfast).
  • Sign-in partners (for example Google or Apple OAuth where you choose them).
  • Push notifications (for example platform vendors such as Apple Push Notification service or Firebase Cloud Messaging, depending on app configuration).
  • Security and abuse prevention (for example Cloudflare Turnstile).
  • Observability (for example application performance and error monitoring where enabled, configured to minimise unnecessary personal data).

We may also disclose information: to comply with lawful requests; to protect rights, safety, and integrity; in connection with a business transfer (merger, acquisition, restructuring) subject to continued protection; or with your consent.

We do not sell personal information in the conventional sense of selling lists to data brokers. We do not use personal information for targeted advertising across third-party sites unless we specifically introduce that feature and update this Policy.

6. International transfers

Your information may be processed in South Africa, the EU, and other countries where our providers operate. For transfers from the EEA/UK or where otherwise required, we use appropriate mechanisms (for example Standard Contractual Clauses or adequacy decisions) where applicable.

By using the Service, you expressly consent to transfers as described in section 17 of our Terms of Service, in addition to safeguards required by law.

7. Retention

We retain personal information only as long as needed for the purposes above, including security, dispute resolution, and legal requirements. Retention periods vary by data type; some logs or backups may persist for a limited time after deletion requests. We may anonymise data where feasible.

Account deletion, anonymisation, and votes

To protect the integrity of votes and aggregated results, when you delete your profile or we fully anonymise your account following your request, we remove or irreversibly disconnect personal identifiers from your account and related records held by us in the ordinary operation of the Service. Votes you cast remain on the platform (for example as part of a ballot’s outcome), but they cannot reasonably be linked back to you by us or by other users through the Service’s normal interfaces after anonymisation is complete.

Important limits: If personal data about you or your vote was already copied outside our systems before deletion—for example in an organisation’s downloaded report, a screenshot, another user’s records, an email notification, or a lawful export—we cannot retrieve or change those copies. In those cases someone might still be able to identify you from material they already hold, which is outside our control.

8. Security

We implement technical and organisational measures appropriate to the risk, including TLS for data in transit, access controls, authentication, logging, and vendor due diligence. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Your rights

South Africa (POPIA): You may request access, correction, and deletion (subject to exceptions), object on reasonable grounds, and complain to the Information Regulator (South Africa).

South Africa (PAIA): You may request access to records we hold in line with the Promotion of Access to Information Act, 2000, subject to its grounds for refusal and procedures. Contact support@votechain.app to route PAIA requests.

EU/UK (GDPR): You may request access, rectification, erasure, restriction, portability, object to certain processing, and lodge a complaint with your supervisory authority.

Exercising rights: Contact support@votechain.app. We may need to verify your identity. We respond as required by applicable law; where the law does not prescribe a fixed timeline, we aim to respond without undue delay.

10. Automated decision-making

We do not use personal information for solely automated decisions with legal or similarly significant effects unless we disclose otherwise in product-specific terms.

11. Age

We do not require a minimum age (such as 18) to use the Service. Parents, guardians, and institutions are responsible for ensuring that minors’ use complies with laws that apply where they live. We process personal information only as needed to provide the Service, as described in this Policy.

12. Third-party links and OAuth

The Service may link to third-party sites or allow sign-in through third parties. Their privacy policies govern their processing.

13. Changes

We may update this Policy by posting a new version. Continued use after the effective date constitutes acceptance where permitted by law. Material changes may require additional notice.

14. Contact

Privacy and Information Officer: support@votechain.app

Legal: legal@votechain.app

Compliance: support@votechain.app