VotGOAT Logo

VotGOAT Privacy Policy

Last updated: 10 November 2025

What Data We Collect

We collect the following categories of data:

Account and Profile Data

  • Email address
  • Display name / username
  • Preferred language
  • Notification settings

Service Usage Data

  • Votes cast, duels you participate in, participation history
  • Token balances, internal transactions and rewards earned
  • Moderation actions applied to your account (e.g., warnings, suspensions)

Technical and Security Data

  • IP address and approximate location (at country / city level)
  • Device and browser identifiers
  • Login and error logs
  • Security logs for fraud and abuse detection

Payment Data

  • When payments are active, we will not store full card details; they will be processed by our payment providers (e.g., Stripe, PayPal, Netopia)
  • We retain transaction identifiers, amounts, currencies, and payment statuses for record-keeping and accounting

Communication and Support

  • Messages and requests sent through the contact form or by email
  • Our responses and conversation history

We do not intentionally collect special categories of data (e.g., health, political opinions, religion). Please do not enter such data in the Service.

Purposes and Legal Bases for Processing

Providing the Service

Creating and managing your account, participating in voting duels and displaying results, managing tokens and transactions.

Legal basis: performance of the contract between you and us (Art. 6(1)(b) GDPR).

Security and Fraud Prevention

Detecting and preventing unauthorized access, investigating abusive use of the Service, maintaining the integrity of voting duels.

Legal basis: our legitimate interest in protecting the Service and users (Art. 6(1)(f) GDPR).

Analysis and Improvement

Aggregated analysis of how the Service is used, developing new features and optimizing performance.

Legal basis: legitimate interest in improving the Service or consent, where necessary (e.g., for analytics cookies).

Communications

Sending notifications about your account, security or changes to the Terms; sending marketing messages (newsletter, campaigns), if you have given your consent.

Legal basis: legitimate interest / legal obligation for essential notifications; consent for marketing communications (Art. 6(1)(a) GDPR and legislation on commercial communications).

Compliance with Legal Obligations

Accounting and tax records, responding to authority requests, compliance with legal retention periods.

Legal basis: legal obligation (Art. 6(1)(c) GDPR).

Protecting Your Data

We combine technical and organizational safeguards aligned with industry standards.

Technical controls

  • TLS encryption in transit and managed encryption at rest
  • Role-based access and session hardening for internal tools
  • Automated monitoring and anomaly detection on key services
  • Regular penetration tests and dependency patching

Operational safeguards

  • Least-privilege access for staff and mandatory security training
  • Background checks for employees handling sensitive information
  • Documented incident response and breach notification procedures
  • Resilience testing and encrypted backups across regions

Who We Disclose Data To

We may share your data with the following categories of recipients:

  • IT infrastructure providers (hosting, databases, cloud services)
  • Payment processors (Stripe, PayPal, Netopia, etc.)
  • Analytics and monitoring service providers
  • Communication service providers (email, push notifications)
  • Consultants (legal, accounting) and authorities, when necessary

In all cases where we use processors, we enter into contracts that impose security and confidentiality rules at least at the level required by GDPR.

Transfers Outside the European Economic Area

If data is transferred to countries outside the EEA (e.g., IT providers from the USA), we ensure that there is an adequacy decision by the European Commission, or we use standard contractual clauses or other guarantees provided by GDPR. You can request more details about these guarantees at privacy@votgoat.com.

How Long We Keep Data

We keep data only as long as necessary for the purposes described above:

  • Account data: for the duration of the account's existence and an additional period of 3 years after closure, to defend our rights and fulfill legal obligations
  • Transaction data: for the period required by tax and accounting legislation (usually 5–10 years)
  • Security logs: for a period of 6–24 months, depending on identified risks
  • Data processed on the basis of consent: until consent is withdrawn or the period specified at the time of collection expires

After the periods expire, we will delete or anonymize the data.

Your Rights

Under the conditions provided by law, you have the following rights:

  • Right of access – to obtain confirmation that we process your data and a copy of the data
  • Right to rectification – to request correction of inaccurate data or completion of incomplete data
  • Right to erasure ("right to be forgotten") – in certain situations, to request deletion of data
  • Right to restriction – in certain cases, to request limitation of processing
  • Right to portability – to receive data in a structured, commonly used format, or to transmit it to another controller
  • Right to object – to object to processing based on legitimate interest or for direct marketing
  • Right to withdraw consent – when processing is based on consent, you can withdraw it at any time (without affecting the legality of previous processing)
  • Right to lodge a complaint with ANSPDCP if you believe your rights have been violated

To exercise your rights, you can contact us at privacy@votgoat.com. ANSPDCP contact details are available at www.dataprotection.ro.

Cookies and Similar Technologies

We use cookies and similar technologies for essential website operation (authentication, session maintenance, security), measuring and improving performance (analytics), personalizing the experience or, if applicable, marketing.

For complete details, please consult the Cookie Policy. From the consent banner you can choose what types of cookies you want to be used.

Minors

The Service is not intended for children under 13 years of age. We do not intentionally collect data from them. If you are a parent or guardian and believe a minor has provided us with personal data, write to us at privacy@votgoat.com and we will delete the data, if applicable.

Policy Updates

We update this policy when we launch new features, expand into new territories, or change our data practices. We will post the new effective date and notify you through email or in-app alerts when updates are material.

Contact Us

For privacy inquiries or data subject requests, reach out to our dedicated team.

Email: privacy.votgoat@gmail.com

    VotGOAT - Live Voting Platform