How Votira collects, uses, stores and protects personal data, and the rights you have under the EU General Data Protection Regulation (GDPR).
Last updated: 30 May 2026
Votira is a survey-validation platform for startups. For the personal data you provide as an account holder, Votira acts as the data controller. For survey responses you collect from your own respondents, you are the controller and Votira acts as a data processor on your behalf. You can reach our data-protection contact at privacy@votira.app. The service is reachable at https://votira.azurewebsites.net.
We deliberately collect the minimum data needed to run the service:
| Category | Data | Why |
|---|---|---|
| Account | Email, display name, password (stored only as a bcrypt hash), or OAuth provider identifier (Google / GitHub). | Create and secure your account. |
| Login history | Timestamp, IP address and an estimated location for your last 5 sign-ins. | Account-security visibility (shown only to you in Settings). |
| Survey content | Questions, settings, optional uploaded images and a custom domain you configure. | Deliver the core product. |
| Survey responses | Answers plus any respondent fields you choose to collect (name, email, company, role, location). A coarse de-duplication signal may be derived from the respondent's request. | Provide results and analytics to you, the survey owner. |
| Billing | Stripe customer identifier, subscription status and invoice metadata. Card details are handled by Stripe and never reach Votira's servers. | Process subscriptions and show your invoices. |
| Operational logs | Audit events (action, user identifier, timestamp). Sanitised to exclude passwords, tokens and other secrets. | Security, compliance and troubleshooting. |
Votira runs on Microsoft Azure. We use the following sub-processors, each engaged under appropriate data-processing terms:
| Sub-processor | Purpose |
|---|---|
| Azure App Service | Application hosting. |
| Azure Cosmos DB | Primary database for accounts, surveys, responses and subscriptions. |
| Azure Blob Storage | Uploaded survey images and data exports. |
| Azure OpenAI Service | AI-assisted survey generation. Prompts are processed within Azure and not used to train foundation models. |
| Azure Cache for Redis | Rate limiting and abuse prevention. |
| Azure Application Insights | Telemetry and audit logging. |
| Stripe | Payment processing and invoicing (PCI-DSS compliant). |
| Google & GitHub OAuth | Optional single sign-on, only if you choose it. |
| ip-api.com | Best-effort, coarse location estimate for your login-history display. Only an IP address is sent; lookups are skipped for private addresses. |
Some sub-processors may process data outside the European Economic Area. Where they do, transfers are protected by Standard Contractual Clauses or an equivalent safeguard.
Account, survey and response data is retained for as long as your account is active. Login history is capped at your 5 most recent sign-ins. When you delete your account (Settings → Danger Zone) we permanently and irreversibly erase your account, surveys, responses and uploaded files, and cancel any associated Stripe customer record. Invoice records may be retained by Stripe to meet legal/tax obligations.
HttpOnly, SameSite=Lax and Secure in production.You have the right to access, rectify, erase, restrict and port your personal data, and to object to certain processing. You can exercise most of these directly in the app:
For any request you cannot complete in-app, contact privacy@votira.app. You also have the right to lodge a complaint with your local data-protection supervisory authority.
We may update this notice as the service evolves. Material changes will be reflected here with an updated revision date.