Privacy Policy
Last updated: May 4, 2026
1. Who we are
SplitVote.io (“we”, “us”, “our”) is an online platform that presents anonymous moral-dilemma polls and displays real-time aggregated results. The site is operated by Matteo Pizzi, based in Italy. Contact: privacy@splitvote.io
2. Data we collect
We collect the minimum data necessary to operate the service:
- Anonymous vote data — when you vote without an account, we store only an anonymous aggregated counter (option A or B). Your IP address is processed temporarily for abuse prevention and rate limiting, stored only as a SHA-256 hash in short-lived rate-limit keys that are automatically deleted after a maximum of 1 hour. The raw IP address is never stored in our permanent database.
- Account data (registered users only) — if you create an account we store: your email address; a pseudonymous display name (auto-generated as “Splitvoter-XXXXXX” unless you change it); your vote history linked to your user ID; XP points, streak count, badges earned, and daily mission progress; share actions and referral link visits recorded for mission verification. Optional demographic fields you may provide: birth year, country, gender.
- Payment data (Premium users only) — if you purchase a Premium subscription or a paid name change, Stripe processes your payment. We receive only a Stripe customer ID and subscription status; we never store card numbers or full payment details.
- Analytics data — with your consent, Google Analytics 4 collects page views, session duration, and general engagement metrics via a first-party proxy on our own domain. Vercel Analytics may collect anonymised usage signals. See Section 4 for how consent controls this.
- Advertising data — with your consent, Google AdSense may use cookies to serve personalised advertisements. Without consent, only non-personalised ads may be shown (where ad serving is active).
- AI-generated content — dilemma content may be generated by AI (Anthropic Claude or OpenRouter models) and queued as drafts. All drafts are reviewed and approved by a human admin before becoming public. No user personal data is sent to AI providers beyond what is needed to generate dilemma text.
3. Legal basis for processing (GDPR)
For users in the European Economic Area (EEA) and UK:
- Legitimate interest — anonymous aggregated vote counting; IP-based rate limiting for abuse prevention (temporary hashed keys, auto-deleted after max 1 hour).
- Contract performance — providing account services to registered users (vote history, profile, gamification, Premium features).
- Consent — analytics and advertising cookies. You can withdraw consent at any time via the cookie banner or Cookie settings in the footer.
4. Google Consent Mode v2
We implement Google Consent Mode v2. All analytics and advertising consent signals are set to denied by default before you make a choice. If you deny consent, Google Analytics operates in “cookieless” mode using modelled data only. No analytics or advertising cookies are set without your explicit consent. You can change your preferences at any time using the “Cookie settings” link in the footer.
5. GA4 first-party proxy
GA4 measurement hits are relayed through a first-party endpoint on our own domain (/api/_g/g/collect). This proxy intentionally forwards the visitor's real IP address to Google in theX-Forwarded-For header so that GA4 can determine geographic region accurately. This forwarding only occurs when analytics consent has been granted; GA4 Consent Mode prevents hits from being sent before consent.
6. Third-party services (processors)
- Vercel — hosting, edge network, and Vercel Analytics (USA/global). Privacy Policy
- Supabase — authentication and user database (EU region). Privacy Policy
- Upstash Redis — real-time vote counters and rate-limit keys (EU/global edge). Privacy Policy
- Google Analytics 4 — analytics after consent (global). Privacy Policy
- Google AdSense — advertising after consent (global). Privacy Policy
- Stripe — payment processing for Premium subscriptions and paid name changes (USA/global). Privacy Policy
- Resend — transactional email delivery (USA). Privacy Policy
- Anthropic — AI dilemma generation via server-side cron (USA). No user personal data is included in generation prompts. Privacy Policy
- OpenRouter — AI dilemma draft generation via admin panel (USA). No user personal data is included in generation prompts. Privacy Policy
7. Data retention
Aggregated vote counts are retained indefinitely as they are anonymous statistical data. IP hashes used for rate limiting are automatically deleted after a maximum of 1 hour. Google Analytics data is retained for 14 months (our configured retention period). Account data (email address, display name, vote history, XP, badges) is retained until you delete your account. You can delete your account at any time from your Profile Settings page (Danger zone section). You may also contact privacy@splitvote.io for assisted deletion.
8. International transfers
Several processors listed in Section 6 may process data outside the EEA (primarily in the USA). Such transfers are covered by Standard Contractual Clauses (SCCs) included in each processor's Data Processing Agreement: Vercel, Supabase, Upstash, Google (Analytics and AdSense), Stripe, Resend, Anthropic, and OpenRouter each publish SCCs or equivalent transfer mechanisms. We rely on these mechanisms to comply with Chapter V of the GDPR.
9. Your rights (GDPR / EEA users)
You have the right to:
- Access any personal data we hold about you
- Request correction or deletion of your data
- Object to or restrict processing
- Data portability
- Withdraw consent at any time (without affecting prior processing)
- Lodge a complaint with your national Data Protection Authority (e.g. Garante Privacy in Italy)
To exercise these rights, contact privacy@splitvote.io. For anonymous voting, no personal data is held — rights are exercised via browser cookie settings or our consent banner. For account data, we will respond within 30 days.
10. California residents (CCPA / CPRA)
We do not sell personal information. If Google AdSense personalisation is enabled with your consent, sharing data with Google for targeted advertising may qualify as “sharing” under CPRA. You can opt out at any time by declining advertising cookies via Cookie settings. California residents have the right to know, delete, and opt out. To exercise these rights, contact privacy@splitvote.io.
11. Children's privacy (COPPA)
SplitVote is not directed to children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@splitvote.io and we will delete it promptly.
12. Cookies and local storage
We use a custom cookie consent banner with granular controls. Consent is stored in your browser's local storage. You can change your preferences at any time via the “Cookie settings” link in the footer.
| Name | Type | Purpose | Category | Duration |
|---|---|---|---|---|
| sv_cookie_consent | localStorage | Stores your overall consent choice | Necessary | Until cleared |
| sv_cookie_prefs | localStorage | Stores granular analytics/ads preference | Necessary | Until cleared |
| sv_voted_* | Cookie | Prevents duplicate anonymous votes per dilemma | Necessary | 1 year |
| sv_fb_* | Cookie | Prevents duplicate feedback per dilemma | Necessary | 1 year |
| lang-pref | Cookie | Language preference (EN/IT) | Preference | 12 hours |
| Supabase auth | Cookie/storage | Logged-in session management | Necessary | Session |
| _ga, _ga_* | Cookie | Google Analytics — set only after analytics consent | Analytics | Up to 14 months |
| Google ad cookies | Cookie/storage | Google AdSense — set only after advertising consent | Advertising | Provider dependent |
13. Changes to this policy
We may update this Privacy Policy periodically. Significant changes will be indicated by updating the “Last updated” date above. Continued use of the service after changes constitutes acceptance.
14. Contact
For privacy-related questions or to exercise your rights, contact: privacy@splitvote.io