PollGPT
Login
PollGPTPollGPT
Your Privacy Matters

Privacy Policy

We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your personal information.

Last updated: December 8, 2025
Effective: December 8, 2025
GDPR Compliant
CCPA Compliant
EU Data Hosting

Privacy at a Glance

  • • We collect only what's necessary to provide our services
  • • Your poll data belongs to you — we never sell it
  • • We use industry-standard encryption and security measures
  • • You can export or delete your data at any time
  • • We comply with GDPR, CCPA, and other privacy regulations
1. Overview

PollGPT ("Company," "we," "our," or "us") operates the PollGPT platform and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the "Services").

We act as a data controller for information we collect about you directly (such as account information and usage data). When you use our Services to create polls and collect responses, you act as the data controller for that respondent data, and we act as a data processor on your behalf.

By using our Services, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies, please do not use our Services.

2. Data We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, and profile details when you create an account
  • Payment Information: Billing address and payment method details (processed securely by our payment provider)
  • Poll Content: Questions, options, descriptions, and settings for polls you create
  • Communications: Messages you send to us through support channels or feedback forms

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, and time spent on the platform
  • Device Information: Browser type, operating system, device identifiers, and screen resolution
  • Log Data: IP address, access times, referring URLs, and error logs
  • Location Data: General geographic location based on IP address (country/region level)

2.3 Information from Third Parties

  • OAuth Providers: If you sign in with Google or other providers, we receive your name, email, and profile picture
  • Analytics Partners: Aggregated usage statistics and performance metrics

2.4 Poll Response Data

When respondents complete your polls, we collect their responses on your behalf. This may include:

  • Answer selections and text responses
  • Optional demographic information (if you configure your poll to collect it)
  • Submission timestamp and general location
3. How We Use Your Data

We use the information we collect for the following purposes:

3.1 Providing Services

  • Create and manage your account
  • Process and display your polls and responses
  • Generate analytics and insights from poll data
  • Enable AI-powered features like question generation

3.2 Improving Our Services

  • Analyze usage patterns to improve features
  • Debug issues and optimize performance
  • Develop new features and capabilities
  • Train AI models using anonymized, aggregated data

3.3 Communications

  • Send transactional emails (account verification, password reset)
  • Provide customer support
  • Send product updates and newsletters (with your consent)
  • Notify you of important changes to our Services or policies

3.4 Legal Bases (GDPR)

We process your data based on:

  • Contract Performance: To provide the Services you requested
  • Legitimate Interests: To improve our Services and prevent fraud
  • Legal Obligations: To comply with applicable laws
  • Consent: For marketing communications and optional features
4. Data Sharing

We do not sell your personal information. We may share your data in the following circumstances:

4.1 Service Providers

We work with trusted third-party providers who help us operate our Services:

  • Hosting: Supabase (database and authentication)
  • AI Services: Google (Gemini), Mistral, Perplexity (for AI features)
  • Analytics: Privacy-focused analytics tools
  • Payment Processing: Stripe (for subscription billing)
  • Email: Transactional email providers

These providers are contractually bound to protect your data and use it only for the services they provide to us.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Cookies & Tracking

We use cookies and similar technologies to enhance your experience:

5.1 Essential Cookies

Required for the Services to function properly (authentication, security, preferences).

5.2 Analytics Cookies

Help us understand how you use our Services to improve them.

5.3 Preference Cookies

Remember your settings and preferences (theme, language).

5.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

We respect "Do Not Track" signals and do not track users who have enabled this setting.

6. Data Retention

We retain your data for as long as necessary to provide our Services and fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active, plus 30 days after deletion
  • Poll Data: Retained while your account is active; deleted upon account closure
  • Usage Logs: Retained for up to 12 months for security and analytics
  • Payment Records: Retained for 7 years as required by tax laws
  • Support Communications: Retained for up to 3 years

You can request deletion of your data at any time through your account settings or by contacting us.

7. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with principle of least privilege
  • Authentication: Secure password hashing and optional two-factor authentication
  • Infrastructure: Hosted on secure, SOC 2 compliant cloud infrastructure
  • Monitoring: Continuous security monitoring and incident response procedures
  • Regular Audits: Periodic security assessments and penetration testing

While we strive to protect your data, no method of transmission or storage is 100% secure. Please use strong passwords and report any security concerns to us immediately.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 GDPR Rights (EU/EEA/UK)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for optional processing

8.2 CCPA Rights (California)

  • Know: Request disclosure of data collected about you
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the sale of personal information (we do not sell data)
  • Non-Discrimination: Equal service regardless of exercising privacy rights

8.3 Exercising Your Rights

To exercise these rights, please contact us at contact@pollgpt.com or use the data management features in your account settings. We will respond within 30 days (or as required by applicable law).

9. International Data Transfers

PollGPT is based in France, and our primary data processing occurs within the European Union. When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Supplementary Measures: Additional technical and organizational safeguards

Our sub-processors are listed in our Data Processing Agreement, available upon request.

10. Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately, and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

We encourage you to review this policy periodically. Your continued use of the Services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For EU residents, you have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

Terms of ServiceHelp Center