PollsUp — Privacy & Cookie Policy

Effective date: August 14, 2025

This Privacy & Cookie Policy explains how PollsUp (“we,” “us,” “our”) collects, uses, shares, and protects information when you use our websites, apps, and services (the “Service”).

If you do not agree, please do not use the Service.

1) Who we are (Controller)

PollsUp
Based in Finland (EU/EEA)
Contact: support@pollsup.com

We have not appointed a Data Protection Officer. You can reach our privacy team at the address above.

2) What we collect

Account & Profile: username, email, password, settings.
Content & Activity: polls, options, captions, comments, votes, photos/images you upload (which may include personal data of you or others), reports/flags, messages to us.
Device & Usage: IP address, device and browser data, language, timestamps, referrer, pages viewed, crash logs, approximate location (from IP).
Payments (if used): processed by our payment provider; we receive limited billing metadata (e.g., status, last 4 digits).
Cookies & Similar Tech: see Cookie Policy below.

Photos & metadata: Uploaded images can include EXIF/GPS data. We may attempt to strip metadata, but we cannot guarantee all metadata is removed. Remove sensitive metadata before uploading.

3) Why we use your data (legal bases)

Provide the Service: create accounts, host polls/photos, display content, maintain voting integrity, support.
Legal bases: Contract, Legitimate Interests.

Moderation & safety: detect/remove illegal or policy-violating content; prevent spam, fraud, vote manipulation, and security incidents.
Legal bases: Legitimate Interests, Legal Obligation.

Improve & analyze: product research, metrics, diagnostics.
Legal bases: Legitimate Interests, Consent for non-essential cookies.

Marketing/ads (if enabled): show or measure ads/sponsored polls; personalize with consent.
Legal bases: Consent (where required), Legitimate Interests for non-personalized ads.

Legal & compliance: enforce Terms, respond to lawful requests, tax/accounting.
Legal bases: Legal Obligation, Legitimate Interests.

4) Your responsibility for photos & others’ data

Only upload content you have the right to share. If your photos include other people or private places, you must have a lawful basis (e.g., consent). You are responsible for obtaining any required permissions/releases and complying with privacy, publicity, venue, and IP laws.

Note: PollsUp is a user-generated content platform. You—not PollsUp—are responsible for where and how your photos were captured. We are not responsible for the legality of your photo capture or whether you had permission to take a specific image.

5) Sharing your information

We share data only as needed:

Service providers/processors: hosting/CDN, analytics, anti-abuse/security, email/SMS, customer support, payments, moderation tools.

Other users/public: content you post is typically public and may be indexed by search engines.

Corporate events: mergers/acquisitions.

Legal/safety: to comply with law, enforce Terms, protect users and the public.

We do not sell your personal information.

6) International transfers

Data may be processed outside your country. For EU/EEA transfers, we rely on GDPR-compliant safeguards (e.g., Standard Contractual Clauses) where required.

7) Retention

Account data: for your account’s lifetime; inactive accounts may be deleted or anonymized after 24 months.

Polls/photos: until you delete them or your account (allow time for caches/backups).

Moderation logs/reports: typically 36 months (longer if legally required).

Legal/finance records: per applicable law.

We may retain anonymized/aggregated data indefinitely.

8) Your rights (EU/EEA, incl. Finland)

You can access, correct, delete, port, or object/restrict certain processing, and withdraw consent (e.g., cookies/marketing) at any time.
Request via support@pollsup.com. We may need to verify your identity.

You can lodge a complaint with the Office of the Data Protection Ombudsman (Finland). We encourage contacting us first so we can help.

9) Security

We use technical and organizational safeguards (encryption in transit, access controls, logging). No method is 100% secure. If a breach poses risk, we’ll notify you and regulators as required.

10) Children

The Service is not for children under 13 (or the applicable digital consent age). If we learn we’ve collected data from a child below that age without proper consent, we’ll delete it.

11) Changes

We may update this Policy from time to time. Material changes will be notified in-app or by email and the effective date updated.

Cookie Policy
1) What are cookies?

Cookies are small files stored on your device. We also use similar tech like local storage and SDKs. Some cookies are strictly necessary; others are optional and require your consent (per the EU ePrivacy rules and GDPR).

2) How we use cookies

Strictly necessary (no consent): login/authentication, security, load balancing, fraud prevention, remembering your cookie choices.

Functionality (consent): preferences like language or UI layout.

Performance/analytics (consent): understand usage, improve features, track outages.

Advertising/measurement (consent): show ads or sponsored content and measure performance; personalize if you opt-in.

We honor Global Privacy Control (GPC) signals and your cookie preferences where legally required.

3) Your choices

Cookie banner & settings: On first visit we ask for your choices. You can change them anytime via “Cookie Settings” (place a link or button in your footer or account menu).

Browser controls: You can block or delete cookies in your browser; some features may not work if you block strictly necessary cookies.

Analytics opt-out: If we use analytics that offer an opt-out, we’ll link it from Cookie Settings.

4) Typical cookies we use (examples)

Update this table to match your stack; durations are typical defaults.

Cookie name Purpose Category Duration
ps_session Maintain login/session Strictly necessary Session
ps_cs Stores your cookie selections Strictly necessary 6–12 months
ps_vote Prevent duplicate voting Strictly necessary 30–180 days
_ga Usage analytics (e.g., Google Analytics) Performance/Analytics 13 months (EU)
_gid Short-term analytics Performance/Analytics 24 hours
_gat / gtag_* Throttle analytics requests Performance/Analytics 1 minute
ad_consent Records ad consent preferences Advertising 6–12 months
cf_bm / __cf_* Bot management/edge security (e.g., CDN) Strictly necessary 30 minutes–1 day

If you use different vendors (e.g., Matomo, Plausible, Cloudflare, Fastly, AWS, Sendgrid, etc.), list their cookies in this table and link to your Subprocessors page.

5) Legal bases for cookies

Strictly necessary: Legitimate Interests (provide and secure the Service).

All other cookies: Consent (which you can withdraw at any time in Cookie Settings).

6) Third-party cookies

When enabled, third parties (e.g., analytics or ad partners) may set cookies. They are responsible for their own processing. See their policies for details; we strive to only work with vendors that meet EU standards.

Contact

Questions or requests about privacy or cookies?
Email: support@pollsup.com

Upload Notice (place near your uploader)

Only upload content you have the right to share. Photos may contain personal data (including EXIF/GPS). Remove metadata if you don’t want it shared. We may review, label, limit, or remove content to enforce our rules.

Not legal advice. This policy is designed for GDPR/ePrivacy compliance in Finland. For maximum protection, consider a quick legal review and ensure your site includes: (1) a working Cookie Settings control, (2) your active cookie list kept up to date, and (3) links to any analytics/ad vendor policies if used.