Privacy Policy
Last updated: 17 May 2026
Election Management System ("the Platform", "we", "us") is a multi-tenant service that helps electoral campaigns manage voters, field teams, and election-day operations. This Privacy Policy explains what we collect, why we collect it, how it is used and shared, and the choices you have. It applies to the Platform's websites (including hamlitak.com) and its iOS and Android apps. Operator: Logatta ([email protected]).
1. Information we collect
Account information: phone number, voter card or national ID number, and a hashed password. We do not store your password in plain text. Profile information: full name, optional profile photo, optional date of birth, gender, and address (street, area, district) when you choose to provide them. Voter list data (if you are registered as a voter in a campaign): polling station assignment, voting status, contact status, family linkage, and the custom fields the operating campaign chooses to track. Some events may enable optional fields such as religion or sect; these are visible only to the campaign that uploaded them. Location data: GPS coordinates are collected (a) from delegates while they are on shift, to support attendance check-in and field-team coordination, and (b) from voters who explicitly request a ride to a polling station. We do not track location in the background outside these flows. Device and technical data: Firebase Cloud Messaging token for push notifications, app version, operating system, and device model, plus standard server logs (IP address, timestamps) used for security and troubleshooting. Usage and audit data: in-app actions such as tasks completed, voter QR scans, reports filed, and administrative changes, logged so campaigns can audit their own operations. Communications: in-app messages and outbound SMS or WhatsApp messages sent through a campaign to the recipients that campaign explicitly targets.
2. How we use your information
We use the information above to: (a) operate, secure and improve the Platform; (b) authenticate you and prevent unauthorized access; (c) deliver the features the operating campaign has enabled, including election-day coordination, voter outreach and field-team monitoring; (d) generate campaign-internal analytics for the operating campaign; (e) respond to your support requests; and (f) comply with applicable legal and election-law obligations. We do not use your data for behavioural advertising, and we do not sell it.
3. Multi-tenant isolation
Each campaign ("event") runs in its own isolated PostgreSQL schema on our infrastructure. Your data is not shared between campaigns, and queries cannot cross schemas at the database layer. If you join a new campaign, for example by accepting a different candidate's invitation, that new campaign cannot see the data held by your previous campaign. The operating campaign is the data controller for the data it uploads about its voters and delegates; Logatta acts as the data processor on the campaign's behalf.
4. Sharing with third parties
We share data only with the service providers we rely on to run the Platform, and only as needed to deliver the service: • DigitalOcean (App Platform and Spaces object storage), application hosting and user-uploaded media. https://www.digitalocean.com/legal/privacy-policy • Firebase Cloud Messaging (Google), delivery of push notifications. https://firebase.google.com/support/privacy • Sentry, crash and error monitoring, where enabled for a deployment. https://sentry.io/privacy/ We do not sell personal data, do not share it with data brokers, and do not use it for cross-context behavioural advertising. We may disclose data to comply with a valid legal request, to enforce our Terms, or to protect the rights, property, or safety of users.
5. Data retention
Account and profile data: retained while your account is active. Active campaign data (voter records, tasks, messages, reports): retained for the duration of the campaign and for 90 days after the event ends, after which it is deleted or anonymized. Audit logs: retained for 12 months for security and dispute-resolution purposes. Deleted accounts: when you request deletion we mark the account for purge and retain it for a 30-day grace window so it can be restored if requested in error; after 30 days the personal data is permanently removed. Backups are rotated on a rolling schedule and aged out within 90 days.
6. Your rights
Subject to applicable law (including the GDPR for users in the EEA, the UK GDPR, and equivalent regional laws), you may request to: access the personal data we hold about you; correct inaccurate data; delete your data; export your data in a portable format; restrict or object to certain processing; and withdraw consent where processing is based on consent. To exercise these rights, contact the campaign administrator (the data controller for your voter or delegate record) in the first instance, or reach us at [email protected]. You also have the right to lodge a complaint with your local data-protection authority.
7. Children
The Platform is not directed at children under 16 and we do not knowingly collect personal data from them. Where local election law requires the inclusion of minors in a voter roll, the operating campaign assumes responsibility for the lawful basis for that processing. If you believe a minor's data has been uploaded without an appropriate legal basis, contact [email protected] and we will investigate.
8. Security
We protect your data with industry-standard safeguards: TLS encryption in transit, encryption at rest for sensitive fields, role-based access controls within each campaign tenant, an immutable audit log of administrative actions, hashed passwords, and short-lived JWT session tokens issued by NextAuth. No internet service can be guaranteed completely secure; if we become aware of a breach that materially affects your data we will notify you and the relevant regulators as required by law.
9. International transfers
The Platform is hosted on DigitalOcean App Platform. The hosting region is configurable per campaign; by default we host events in Frankfurt (FRA1, European Union) and for certain regional events in Dubai (United Arab Emirates). Your data is processed in the region the operating campaign selects. Push notifications are delivered through Google Firebase Cloud Messaging, which may transfer the device token to Google data centres outside your region. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
10. Cookies and similar technologies
The web dashboard uses strictly necessary cookies to keep you signed in (the NextAuth session cookie) and to remember your language preference. We do not use third-party advertising or cross-site tracking cookies. The mobile apps use local device storage to cache your session and preferences; they do not use third-party tracking SDKs.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in the Platform, in our service providers, or in applicable law. When we make material changes we will update the "Last updated" date above and, where appropriate, notify you in the app or by email. Continued use of the Platform after an update means you accept the revised policy.
12. Contact us
For privacy questions, data-subject requests, or any other matter related to this policy, contact us at [email protected]. App Store and Google Play users can also reach us through the in-app support screen, or by visiting our public Support page. If you use the Platform through a specific campaign, the campaign administrator is your primary point of contact for requests relating to the data they collected.
This document is provided as a starting point and should be reviewed by qualified legal counsel before relying on it in production. Last reviewed by: pending legal review.