Privacy Policy
Introduction
This Privacy Policy explains how PollSpark, operated by PollSpark ("we", "us", "our"), collects and uses personal data when you use our website and services. PollSpark is a live polling and survey platform that enables users to create and run interactive sessions.
Who This Policy Covers
This policy covers two distinct groups of people.
Account holders are people who register for a PollSpark account to create and manage sessions. Account holders act as data controllers for any personal data they collect from participants. PollSpark acts as their data processor in that relationship.
Participants are people who join sessions created by account holders. Participants do not need an account. For personal data we collect directly from participants to operate the platform, PollSpark acts as data controller.
Data We Collect
From account holders:
| Data | Why we collect it |
|---|---|
| Name and email address | Account registration and communication |
| Organisation name | Account setup |
| Billing information, processed by Stripe. We do not store card details. | Payment processing |
| Usage data | Sessions created, features used, questions asked |
| Technical data including IP address, browser type and device information | Security and performance |
From participants:
| Data | Why we collect it |
|---|---|
| Session responses | To display results to the session presenter |
| Nickname | Only if the session is not in anonymous mode |
| Technical data including IP address and device information | Security purposes only |
We do not collect special category data as part of the platform's core function. If an account holder asks questions that elicit special category data from participants, the account holder is responsible for ensuring a lawful basis exists under UK GDPR.
How We Use Your Data
| Purpose | Legal basis |
|---|---|
| Providing access to the platform | Performance of a contract |
| Processing payments and managing subscriptions | Performance of a contract |
| Displaying session results in real time | Performance of a contract |
| Generating exports such as PDF downloads | Performance of a contract |
| Sending account and subscription emails | Performance of a contract |
| Maintaining security and preventing misuse | Legitimate interests |
| Improving and developing the service | Legitimate interests |
| Complying with legal obligations | Legal obligation |
Data Storage and Location
All personal data is processed and stored in the United Kingdom. Data does not leave the UK as part of normal service operation.
Who We Share Data With
We do not sell personal data to any third party. We use the following services to operate the platform:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, real-time data | UK |
| Vercel | Application hosting and delivery | UK/EU edge |
| Stripe | Payment processing | UK/EU |
| Resend | Transactional email delivery | EU |
| Plausible | Privacy-friendly usage analytics | EU (Germany) |
All providers are contractually required to handle personal data securely and in accordance with UK GDPR.
How Long We Keep Your Data
| Data | Retention period |
|---|---|
| Account data | Duration of account, plus 90 days after closure |
| Session results on paid accounts | Retained indefinitely while the account is active |
| Session results on free accounts | Accessible for 60 days from session date, then archived |
| Archived free tier results | Retained and restored if the account is upgraded |
| Participant response data | Retained with the session and deleted when the session is deleted |
| Billing records | 7 years, as required by law |
You can delete sessions and associated data through the platform at any time. Deleted data is purged within 30 days.
Security
We use encrypted connections (HTTPS/TLS), access controls, row-level database security and regular monitoring to protect personal data. All data is stored in the UK.
Your Rights
Under UK GDPR you have the right to access a copy of your personal data, request correction of inaccurate data, request deletion of your data, restrict or object to processing, request your data in a portable format, and withdraw consent where processing is based on consent.
To make a request, contact hello@pollspark.co.uk. We will respond within one calendar month.
You also have the right to complain to the Information Commissioner's Office at ico.org.uk.
Cookies
We use cookies to enable login, maintain security and understand platform usage. See our Cookie Policy for full details.
Changes
We will notify account holders of material changes to this policy by email before they take effect.
Contact
hello@pollspark.co.uk