Data security information

This document was last updated: 10 July 2026.

This page summarises the most important data security and privacy aspects of Votito.

Our privacy policy

Our privacy policy is published on the Votito privacy and cookies policy page.

Terms of usage

Our usage terms and conditions are published on the Votito terms page.

Where is your data stored?

The data you store in Votito — surveys and survey responses, idea banks, proposals, votes, comments, evidence documents and exports — is stored in Amazon Web Services in the US-East-2 region (Ohio).

The data is stored encrypted (encryption at rest) and transferred between your browser and our services using HTTPS (encryption in transit).

Technically, we implement storage using AWS DynamoDB and AWS S3 server-side encryption.

Is the data secured in transit?

Votito uses strict transport security (HSTS) to ensure that your data is private and safe. All the file transfers and web interactions are protected using HTTPS. See the details of our external transport security.

Are uploaded files stored privately?

Votito stores uploaded files (such as idea bank evidence documents) and generated exports in private storage, with all public access blocked. Every download and upload requires authentication, and uses short-lived signed URLs issued only to authenticated members of your workspace. Technically, we implement this using AWS Cognito and AWS IAM with S3 access policies and pre-signed URLs.

Who has access to your data?

Members of your workspace have access to the data in it, according to the roles and permissions you assign them. Other users do not have any access to your data, unless you explicitly share it with them.

Our internal support staff can, upon your explicit request, also have access to your data for the purpose of providing assistance. Votito is operated by Video Puppet Limited and we do not outsource support or provide access to your data to any third-parties.

How long is your data kept?

Surveys, survey responses, idea bank proposals, votes, comments and uploaded evidence documents are kept for the duration of your account, so you can revisit and analyse them at any time. They are removed when you delete them, or when your account is closed.

Short-lived operational records, such as activity feeds and notification delivery logs, expire and are deleted automatically.

You can request earlier removal by sending an email to contact@votito.com.

Votito does not claim any copyright for the user-generated content. If you had the right to use the materials that you submitted to Votito, then you fully own the rights to them, as well as to the results generated from them.

Our Terms of use only require that you give us the license to store and process your materials according to your instructions. We do not have any other rights to your material.

Is your data published anywhere?

Votito does not publish your surveys, idea banks or results anywhere without your explicit instructions. Your data is private by default.

If you explicitly choose to make an idea bank, roadmap or survey results page public, that content becomes accessible to anyone holding the sharing link. You can withdraw public access at any time.

What data processors does Votito use?

We rent data storage, communication, web hosting and computing services from Amazon Web Services and they will act as a data processor for any personal data we collect from you. You can view the privacy policy of this service provider at https://aws.amazon.com/privacy/. See their GDPR compliance page for more information related to EU General Data Protection Regulation (GDPR).

If you connect optional integrations to your workspace, we share notification content (such as new proposals, comments or survey responses) with the providers you connect:

Nothing is shared with these providers unless you explicitly connect the integration, and we do not share any other personal user information with them.

What personally identifiable information does Votito store and process?

When you sign up to Votito we collect and store your name and email address for the purpose of displaying it on your profile, contacting you with key operational notifications and authenticating your access. Signing in uses one-time codes sent to your email address; if you choose to set a password, we store it hashed and in a secure storage (AWS Cognito) for the purpose of authenticating your access.

When you sign in through a third-party login provider, we store your external user identifier, name and email address for the purpose of displaying it on your profile, contacting you with key operational notifications and authenticating you.

We also collect IP addresses from user web requests for the purpose of security auditing and protecting the service against abuse.

Survey responses, idea bank submissions, votes and comments collected through your workspace may contain personal data about your participants. Votito stores and processes that data on your behalf and according to your instructions — your organisation remains the data controller for it.

In case of suspected unauthorised usage, violation of our terms or abuse, we may store the IP addresses and email addresses related to the incident for the purpose of protecting the service and preventing future abuse.

Is Votito collecting personal data about users from any other source?

If you use a third-party login provider (such as Sign in with Google), we collect your basic profile information as outlined above.

We do not collect any other personal data from any other provider.

Which countries is the personal data stored in?

We store data in the Amazon Web Services us-east-2 data centre, located in the US.

How long does Votito store personal data for?

User information is stored for the duration of your user account, and is removed when the account expires, or when you request that we delete it.

Security audit logs, including IP addresses, are retained for up to one year. Data related to suspected fraud or abuse incidents is kept for as long as necessary to protect the service and prevent future abuse.

Is Votito making automated decisions about users (including profiling)?

We use your profile and subscription information to decide on the level of service we can provide.

Other than for this purpose, Votito is not making any other automated decisions about users.

Has any personal data been disclosed inadvertently in the past, or as a result of a security or privacy breach?

We are not aware of any security or privacy breaches related to data stored by Votito.

Does Votito keep data backups?

We keep continuous point-in-time backups of the key user databases, and versioned copies of uploaded files, inside AWS as outlined above.

How to get a copy of your personal data stored by Votito?

Please send an email to contact@votito.com.

How to request the removal of your information from Votito?

Please send an email to contact@votito.com.