← Back to the map

Privacy Policy

Last updated: May 2026

1. Who we are

The Great British Vote (greatbritishvote.co.uk) is an independent UK political research platform. We collect voluntary voting intention data from UK residents to produce indicative, constituency-level polling statistics. We are the data controller for all personal data collected through this website.

Contact us at: privacy@greatbritishvote.co.uk

2. What data we collect

  • Postcode — used solely to identify your Westminster parliamentary constituency. Your full postcode is not stored after lookup; only the constituency code is retained.
  • Party preference — your first, second, and third choice party selections.
  • Demographic data — age range and gender (required), and ethnicity (optional).
  • Email address and password — required to create the account that holds your vote. Your email address is verified before your vote is recorded.
  • IP address — used at the moment of submission to confirm you are accessing from the UK and to detect abuse. The raw IP is never stored; only a one-way hash is retained in the audit log.

3. Why we collect it (legal basis)

We process your data on the following legal bases under UK GDPR:

  • Consent — you explicitly consent to data collection as part of the voting flow. You may withdraw consent at any time by contacting us.
  • Legitimate interests — aggregating anonymised voting intention data for public research and transparency in the political process, and protecting the integrity of the poll against automated submissions and overseas interference.

4. How we use your data

  • To display aggregate, constituency-level voting intention statistics on this website.
  • To verify your email address before your vote is recorded.
  • To weight and contextualise polling results (demographic data).
  • To notify you of changes to your constituency results through your account.

We will never use your data for political campaigning, targeted advertising, or share it with any political party, campaign, or third-party commercial organisation.

5. Security measures

We apply several technical controls to protect the integrity of the poll and the security of your data:

  • Email verification — we verify your email address before your vote is recorded. Unverified accounts are not counted in any published statistics.
  • IP geolocation — at submission time we check that your request originates from the United Kingdom. Submissions from outside the UK are rejected.
  • Cloudflare Turnstile — every submission is challenged by Cloudflare's CAPTCHA-style automated abuse prevention service to block bots.
  • One account per email — there is a strict uniqueness constraint on email addresses. Duplicate accounts are detected and removed.
  • Rate limiting — we cap repeat submissions from a single IP address to prevent stuffing attacks.
  • Encryption — TLS for data in transit, and industry-standard encryption at rest.

6. Demographic data anonymisation

Demographic data (age range, gender, ethnicity) is aggregated and anonymised before being displayed. We do not display results for any demographic group smaller than 5 respondents in a single constituency, to prevent re-identification. Individual demographic responses are never published or shared.

7. Data storage and security

All data is stored securely on servers located in the United Kingdom. We use encryption in transit (TLS) and at rest for all personal data. Access is restricted to authorised personnel only. We follow industry-standard security practices including regular security reviews.

8. Data retention

  • Constituency code and party preferences — retained for 6 months from submission, aligned to the voting cycle refresh. After 6 months, individual submission records are deleted and only aggregated statistics are kept.
  • IP address hash — retained in the audit log for up to 90 days for abuse detection, then deleted.
  • Account data (email, password hash) — retained until you delete your account or request deletion.

9. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your personal data at any time.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to data portability — request your data in a machine-readable format.
  • Right to withdraw consent — withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Right to complain — lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at privacy@greatbritishvote.co.uk. We will respond within 30 days.

10. Third-party services

We use the following third-party services to operate this site. Each receives only the data strictly necessary for its role:

  • Supabase — database hosting and email-based authentication (UK / EU data centres).
  • Cloudflare Turnstile — bot prevention CAPTCHA at the moment of account creation.
  • ipapi.co — IP-to-country lookup at submission time. We send only the requester's IP and receive only the country code.
  • postcodes.io — postcode-to-constituency lookup. We send only the postcode you enter.

11. Cookies and local storage

We use only essential session cookies necessary for the voting flow to function, plus a single entry in your browser's local storage to remember that you have submitted a vote (so the site can show you your constituency on return). We do not use advertising, tracking, or analytics cookies from third parties.

12. Changes to this policy

We may update this policy from time to time. Material changes will be notified via a prominent notice on the website. The date at the top of this page reflects the most recent revision.