Privacy Policy

Voter's Manifesto (votersmanifesto.in) is a non-partisan, non-profit civic platform that tracks and publishes Indian election manifesto data. We are not affiliated with any political party, government body, election commission, or commercial advertiser.

For all privacy-related queries, contact us at: votersmanifesto@gmail.com

2a. All Visitors (not logged in)

• An anonymous session ID — a random UUID generated and stored in your browser's localStorage. It is not linked to your identity in any way.
• Pages visited and actions performed (e.g. viewing a state page, upvoting a demand).
• Browser type (user agent string) — used to understand device types, not for fingerprinting.

2b. Registered Users

• Email address and display name — provided by you at sign-up.
• All visitor data listed above, linked to your account where possible.
• Public demands you post — these are visible to all site visitors.
• Upvotes you cast on demands — recorded against your session ID.

2c. Google Sign-In Users

• If you sign in with Google, we receive your email address and name from Google as part of the OAuth process. We do not receive your Google password or any other Google account data.

2d. What We Do NOT Collect

• Passwords (handled securely by Supabase Auth — only a secure hash is stored)
• Payment or financial information
• Precise location data
• Data from children under 18 — this platform is intended for adult voters only
• Sensitive personal data (Aadhaar, PAN, phone number, biometrics)

• Activity logs — automatically and permanently deleted after 30 days via a scheduled database job running daily at 2am IST.
• Account data (email, name) — retained while your account is active. Deleted within 30 days of an account deletion request.
• Public demands — retained until you delete them or request account deletion.
• Session IDs — stored in your browser localStorage until you clear it. Deleted from our database after 30 days with the activity logs.

We use the following trusted third-party services to operate the platform:

• Supabase (supabase.com) — database and authentication. Hosted in Singapore (ap-southeast-1 region). Supabase Privacy Policy
• Vercel (vercel.com) — web hosting and deployment. Servers in the United States. Vercel Privacy Policy
• Google OAuth — if you choose to sign in with Google, your email and name are passed to us from Google. Governed by Google's Privacy Policy.
• HaveIBeenPwned API (haveibeenpwned.com) — during sign-up, the first 5 characters of a SHA-1 hash of your password are sent to check if it has appeared in known data breaches. Your full password is never sent.

We do not sell, rent, trade, or share your personal data with advertisers, political parties, data brokers, or any other third party for commercial purposes.

We use localStorage (not traditional cookies) to store the following on your device:

• vm_session_id — anonymous session UUID for activity tracking and upvoting
• vm_cookie_consent — your tracking preference (accepted / declined)
• vm_theme — your dark/light theme preference

No advertising cookies or third-party tracking pixels are used. You can clear localStorage at any time through your browser settings. Declining consent via the banner disables all activity logging while you browse.

As a data principal under India's Digital Personal Data Protection Act 2023, you have the right to:

• Access — know what personal data we hold about you
• Correction — update your name or email via account settings
• Erasure (Right to be Forgotten) — delete your account and all associated personal data
• Withdraw Consent — decline or withdraw tracking consent via the cookie banner at any time
• Grievance Redressal — raise a complaint with us; we will respond within 48 hours as required by DPDPA 2023
• Nominate — nominate another person to exercise these rights on your behalf in the event of your death or incapacity

To exercise any right or request account deletion, email us at votersmanifesto@gmail.com with the subject "Privacy Request".

• All data is stored in Supabase with Row Level Security (RLS) enforced at the database level — users can only access their own data
• All connections use HTTPS/TLS encryption — enforced via HSTS headers
• Passwords are never stored in plaintext — Supabase Auth stores only a bcrypt hash
• Activity logs are only accessible to the site administrator
• HTTP security headers are set on every response: CSP, X-Frame-Options, X-Content-Type-Options, Permissions-Policy and more
• Passwords are checked against the HaveIBeenPwned database on sign-up using k-Anonymity (your password is never transmitted)

Voter's Manifesto is intended for use by adults aged 18 and above — India's legal voting age. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us immediately at votersmanifesto@gmail.com and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes affecting your rights, we will notify registered users by email at least 7 days before the change takes effect.

Continued use of the platform after any changes constitutes your acceptance of the updated policy.

As required under applicable Indian law, you may contact our Grievance Officer for any privacy-related complaints or requests:

Voter's Manifesto

votersmanifesto@gmail.com

We aim to acknowledge all complaints within 48 hours and resolve them within 30 days.