We believe you deserve to know exactly what we collect and why. Plain English — no legal fog.
PollXYZ is a mobile opinion platform. We are committed to being transparent about the data we collect and to collecting only what is necessary to operate the service. This Privacy Policy explains what we collect, why, and what your rights are.
Account data: your email address (used only for authentication — never shown in your profile or shared with anyone) and a username you choose, which can be your real name or any pseudonym.
Demographics: age range, gender, race/ethnicity, religion/faith, education, employment, income range, and political leaning — required during account creation. Your explicit consent to provide this data is obtained on the consent screen shown before registration begins. If you do not wish to provide this information, you are free not to create an account.
Interaction data: time spent viewing individual polls, used solely to personalise your feed ranking. This is processed in aggregate and never used to identify individuals.
Usage data: polls you vote on, polls you create, comments you post, and interactions within the app.
Technical data: device type, operating system, and app version for diagnostics and crash reporting.
PollXYZ is built on a pseudonymous design. Your username — whether it's your real name or a made-up handle — is never verified against any government ID, real-world identity, or external database. We have no way to prove who you really are, and we never try to.
Your demographic data is tied to your chosen username, not to a verified identity. This means our data — including all demographic breakdowns — cannot be reliably attributed to any confirmed real-world person.
The following fields are classified as "special category" personal data under GDPR Article 9 and require explicit consent to collect: race/ethnicity, political opinions, and religion/faith. We collect these only with your explicit consent, given on the consent screen shown at the start of registration.
These fields — along with all other demographic data — are required to create an account. Because demographic data is collectively integral to how PollXYZ works (it powers the anonymous breakdowns that make poll results meaningful), consent cannot be granted or withdrawn selectively for individual fields. Consent is granted by creating an account and fully withdrawn by deleting it.
If you do not wish to provide this information, you are free not to use the app — and we genuinely respect that choice.
This data is used solely to produce aggregate, anonymous statistical breakdowns of poll results. It is never used to target advertising, identify individuals, or profile users in any way.
We use your data to: operate your account and authenticate you; display your username on votes and comments you make public; generate aggregate, anonymous demographic statistics for poll results; detect and prevent fraud, abuse, and vote manipulation; and improve the platform.
We do NOT use your personal data to target advertising. We do NOT sell user lists, user segments, or individual data of any kind.
The only commercial product PollXYZ sells to third parties is aggregate, anonymous statistics — for example: "68% of 25–34 year-olds in New York said they prefer brand X" or "54% of respondents with a college degree support this policy."
This aggregate data contains no personal information, no usernames, no user lists, and no individual records. It cannot be used to identify or re-identify any person. It is therefore not personal data under GDPR Recital 26 and not subject to CCPA.
Sponsored content, if shown inside the app, is NEVER targeted by race, ethnicity, political opinion, or religion. Any targeting applied to sponsored content is limited to non-sensitive dimensions such as age range, income range, education level, or location — and is performed internally by PollXYZ. Brands never receive user data of any kind.
We use the following sub-processors — third parties that handle data on our behalf:
• Supabase (supabase.com) — database, authentication, and file storage. Your account data, demographics, votes, and comments are stored on Supabase servers under strict confidentiality and security standards.
• Expo (expo.dev) — push notification delivery. Expo receives only your push notification token (a device identifier) and the content of notifications we send you. Expo has no access to your account data, votes, comments, demographics, or any data stored in our database.
We never sell, rent, or transfer your personal data to data brokers or third-party advertisers. We may disclose data when required by a valid legal process (court order, subpoena, etc.). In such cases, we will notify you to the extent permitted by law.
Email, username, and demographics: retained until you delete your account, or until 3 years of account inactivity — whichever comes first. We will send a notice before deleting inactive accounts.
Individual votes and comments: retained until account deletion.
Aggregate, anonymous statistics: retained indefinitely. Once data is aggregated and stripped of any individual identifier, it is no longer personal data under GDPR Recital 26 and may be retained for historical record-keeping.
If you are in the EU, EEA, or United Kingdom, you have the right to:
• Access: request a copy of the data we hold about you by emailing privacy@pollxyz.com.
• Rectification: correct inaccurate data in Settings at any time.
• Erasure: delete your account and all associated personal data via Settings → Delete account.
• Portability: request your data in a machine-readable format by emailing privacy@pollxyz.com.
• Object: object to processing based on legitimate interests.
• Withdraw consent: because all demographic data is collectively required for the service to function, consent cannot be withdrawn for individual data fields. You may withdraw full consent at any time by deleting your account via Settings → Delete account, which permanently removes all your personal data.
We aim to respond to all requests within 30 days. Contact: privacy@pollxyz.com
If you are a California resident, you have the right to know what personal information we collect, use, and share; delete your personal information at any time via Settings → Delete account; correct inaccurate personal information in Settings; opt out of the sale or sharing of personal information (we do not sell personal data or user lists — this right is automatically satisfied); and limit the use of sensitive personal information.
We use sensitive personal information (race/ethnicity, political opinions, religion/faith) solely to produce aggregate, anonymous poll statistics — never to target advertising, profile individuals, or make inferences for commercial purposes.
PollXYZ is intended for users 18 and over. We do not knowingly collect data from California residents under 18. We will respond to verified requests within 45 days. Contact: privacy@pollxyz.com
We use industry-standard security measures: TLS encryption for all data in transit, database-level encryption at rest via Supabase, and Row Level Security (RLS) to ensure no user can access another user's data through our API.
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining reasonable security practices.
PollXYZ is intended exclusively for users aged 18 and over. We do not collect data from or knowingly permit registration by anyone under 18. Age is self-declared during registration. If we become aware that a user is under 18, we will immediately delete their account and all associated personal data.
If you believe someone under 18 has registered, contact us immediately at privacy@pollxyz.com and we will act promptly.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or in-app notification at least 14 days before the change takes effect. Continued use of the app after that date constitutes acceptance of the updated policy.
Privacy inquiries and data requests (access, portability, erasure): privacy@pollxyz.com
Please use the subject line "Data Request" and include your registered email address. We will verify your identity before processing any request.