Skip to content
voteMe.livevoteMe.livevoteMe.live home
EventsPricingBlogHelp
Sign inHost an event
voteMe.livevoteMe.livevoteMe.live home

Voting, ticketing, and awards nominations β€” built for African events, starting in Ghana. Transparent results, signed QR tickets, and USSD for every voter.

  • Twitter / X
  • Instagram
  • Facebook
  • TikTok
  • YouTube

Product

  • Events
  • Voting
  • Ticketing
  • Awards
  • Studio
  • Pricing

Organizers

  • For organizers
  • How it works
  • USSD guide
  • Verify a ticket
  • Sign up
  • Sign in

Resources

  • Blog
  • Help center
  • Contact
  • Status
  • Changelog
  • System notifications

Legal

  • Terms of service
  • Privacy policy
  • Refund policy
  • Acceptable use
Β© 2026 voteMe.live β€” All rights reserved.TermsPrivacyRefunds
Version 1.0

voteMe.live is operated out of Ghana and processes payments through Paystack. We never share voter details with organizers beyond what the event's registration settings authorize. Tickets are signed with a rotatable HMAC key so a compromised scanner cannot forge entries. Read more in our privacy policy and how it works.

  1. Home
  3. Legal
Legal
Terms of servicePrivacy policyRefund policyAcceptable use
Legal Β· Privacy

Privacy policy

Last updated 22 April 2026

This policy explains what personal data voteMe.live collects, why we collect it, how long we keep it, and what rights you have over it. Read it end to end. If anything is unclear, email info@voteme.live.

1. Who we are

voteMe.live (β€œvoteMe”) is operated from Accra, Ghana. We act as a data processor on behalf of event organizers for the personal data they collect through events they run on our platform, and as a data controller for the personal data we collect directly from you (for example when you sign up for an organizer account or fill in our contact form).

2. What we collect

From organizers

  • Full name, email, phone number, chosen username.
  • Optional profile picture and biography.
  • Payment details (Paystack subaccount metadata β€” we never store full card or mobile money credentials; Paystack does).
  • Login and security metadata: last login timestamp, IP address, user-agent string, failed-login counter.

From voters, nominators, and ticket buyers

  • Email address (always required for paid actions).
  • Phone number (required when the event rules demand it).
  • Optional name, organization, and social handles (TikTok, Instagram) when submitting nominations.
  • Paystack transaction references and the result codes returned when your payment resolves.
  • Device and session metadata for fraud scoring: IP address, user-agent, session fingerprint, timestamp.

From general visitors

  • Analytics data via Plausible (privacy-focused, no cookies, no cross-site tracking).
  • Standard server logs for the 30 days required to debug operational issues.

3. How we use it

We process personal data only for these purposes:

  • Operating the service you signed up for or voted in.
  • Processing payments through Paystack and issuing receipts.
  • Preventing fraud, manipulation, and abuse (fraud scoring, rate limiting, audit logging).
  • Delivering transactional email (registration, OTP, payment confirmations, ticket delivery, withdrawal notifications).
  • Responding to your messages when you contact support or fill in the contact form.
  • Complying with legal obligations β€” including tax records, AML checks on withdrawals, and lawful requests from authorities.

We do not use your personal data to train machine-learning models. We do not sell personal data.

4. Legal bases

Where applicable data-protection law (such as Ghana's Data Protection Act 2012 or the EU GDPR for visitors in the EEA) requires a legal basis, we rely on:

  • Contract β€” processing necessary to deliver the service you signed up for.
  • Legitimate interest β€” fraud prevention, audit logging, product analytics at a level where your identity is not the subject of the analysis.
  • Consent β€” marketing communications, newsletter opt-in, and any analytics beyond what we describe above.
  • Legal obligation β€” tax, financial reporting, and lawful request compliance.

5. Sub-processors

We use a small list of sub-processors to deliver the service. Each handles a narrow slice of processing; none receive the whole dataset.

  • Google Firebase (Firestore, Cloud Storage, Cloud Tasks, Firebase Auth). Data-at-rest is encrypted.
  • Paystack (payments, subaccount settlement, transfers). We never store full card or MoMo credentials; Paystack processes them under their own privacy policy.
  • Nalo Solutions (USSD connectivity and SMS delivery for Ghana). Processes phone numbers and short-code inputs.
  • Vercel (hosting and edge delivery). Processes request IP and user-agent metadata to route traffic and run edge functions.
  • Upstash (Redis rate-limiter). Processes IPs and rate-limit identifiers; no content is stored.
  • Resend or Zoho Mail (transactional email delivery), depending on the mailbox configuration.
  • Sentry (error tracking). We scrub personal identifiers from error payloads before they leave our servers.
  • Plausible (privacy-focused analytics, no cookies).

6. Data retention

We keep personal data only as long as we need it:

  • Active accounts and events: for as long as the account is active.
  • Audit logs: at least 7 years, matching the financial-records retention window.
  • Deactivated accounts: 12 months in the audit archive, then eligible for deletion upon request.
  • Unverified OTPs: purged nightly after expiry.
  • Contact form submissions: 24 months, unless a longer retention is required to resolve a dispute.
  • Server logs: 30 days.

7. Security

voteMe follows industry-standard security practices:

  • All data in transit is protected with TLS 1.2+.
  • All data at rest is encrypted by Firebase.
  • Ticket QR codes are signed with HMAC-SHA256 using rotatable keys.
  • Organizer sessions use iron-session cookies with the HttpOnly, Secure, and SameSite=Lax flags.
  • Destructive actions (withdrawals, transfer of event ownership) require email OTP confirmation.
  • We rate-limit login, OTP, vote, nomination, and withdrawal endpoints to prevent brute-force attacks.
  • Every admin action is audit-logged with the actor identity, timestamp, and affected entity.

No service is perfectly secure. If we become aware of a security incident that affects your personal data, we will notify you without undue delay and in accordance with applicable law.

8. Your rights

Depending on where you live, you may have the following rights over your personal data:

  • Access β€” request a copy of the personal data we hold about you.
  • Correction β€” ask us to correct inaccurate personal data.
  • Deletion β€” ask us to delete personal data we no longer need. Note that we cannot delete data required by law (for example, tax records).
  • Portability β€” receive your personal data in a machine-readable format.
  • Objection β€” object to processing based on our legitimate interest.
  • Withdraw consent β€” where processing is based on your consent, withdraw it at any time.

To exercise any of these rights, email info@voteme.live. We may ask you to verify your identity before we act on the request and we will respond within 30 days.

9. Children

voteMe is not intended for use by children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

10. International transfers

Our Firebase instance is hosted in Google Cloud regions that may be outside Ghana. Where data is transferred across borders, we rely on Google's contractual safeguards and the service provider's certified compliance frameworks. Paystack processes data within its own compliance regime.

11. Cookies and storage

voteMe uses the minimum cookies and local storage necessary to run the service:

  • A session cookie for signed-in organizer and member accounts.
  • A theme preference in localStorage for dark/light/system choice.
  • A session identifier cookie (30-day lifetime) to deduplicate analytics view counts without cross-site tracking.
  • Short-lived IndexedDB caches used by the offline-capable gate scanner.

We do not use third-party advertising cookies and we do not sell browsing data.

12. Changes to this policy

If we make a material change to this policy, we will update the date at the top of this page and announce the change on the platform. Continued use after a change means you accept the revised version.

13. Contact

Data-protection questions, access requests, and deletion requests go to info@voteme.live.

Privacy policy Β· voteMe.live Β· voteMe.live