Anonymous voting is only meaningful if the anonymity is real. Every security decision we make starts from that premise.
When anonymous mode is enabled, individual votes are never linked to a voter's identity — not in the results view, not in the dashboard, not for administrators. Only aggregate counts are ever surfaced. Anonymity is enforced at the data layer, not just the UI.
All data transmitted to and from Chooseday is encrypted via TLS. Data stored in our database is encrypted at rest. We do not store payment card information — billing is handled entirely by Stripe, a PCI-DSS compliant payment processor.
Each workspace's decisions, votes, and results are isolated from other workspaces. A user in one organisation cannot access data belonging to another. Access controls are enforced at the database level, not just the application layer.
User sessions use industry-standard JWT-based authentication with secure, HttpOnly cookies. We do not store passwords in plain text. OAuth flows (e.g. Slack) use short-lived, single-use state tokens to prevent replay attacks.
Voters who participate via a shared link do so without creating an account. No personally identifiable information is required to cast a vote. Email addresses collected for reminders are used only for that purpose and never sold or shared.
If you believe you've found a security vulnerability in Chooseday, please email us at security@chooseday.co. We take all reports seriously and will respond promptly. We ask that you give us reasonable time to address an issue before any public disclosure.
Email us at security@chooseday.co. For general support, use our support page.