Privacy Policy

Last updated: April 21, 2026

🔒 Our Privacy Promise

TinyPoll is designed with privacy first. We minimise the data we collect — we don't store personal names, phone numbers, or channel names. We do store the Slack workspace name for limited operational purposes such as identifying your installation and supporting billing. We only keep the minimum data necessary to make polling work, and we automatically delete poll data based on your plan (Free: 7 days, Pro: 30 days).

1. Information We Collect

What We Do Collect:

Slack User IDs: Anonymous identifiers from Slack (like "U1234567") to track votes and poll ownership
Slack Team IDs: Anonymous workspace identifiers (like "T1234567") for multi-workspace support
Slack Channel IDs: Anonymous channel identifiers (like "C1234567") to display polls in the correct channel
Poll Content: Poll questions and answer options that you create (including any text or content you choose to include)
Voting Data: Records of votes cast on polls
Bot Tokens: Encrypted Slack bot tokens to enable functionality (stored securely)
Basic Metadata: Poll creation time, settings (anonymous/public), and voting statistics

⚠️ Important Note About Poll Content: We collect and store the poll questions and answer options you create. If you include personal information (PII) in your poll questions or options, that is your responsibility. We will still delete all this data according to your plan's retention period (Free: 7 days, Pro: 30 days) as part of our automatic deletion policy.

What We DON'T Store:

❌ Real names or display names (accessed temporarily for non-anonymous polls but not stored)
❌ Phone numbers
❌ Profile pictures
❌ Channel names (we access Channel IDs but don't store channel names)
✅ Slack workspace names are stored for limited operational purposes, such as identifying your installation and supporting billing/customer records
❌ Message content outside of polls
❌ Personal conversations
❌ Credit card numbers or payment details (handled entirely by Stripe)

Note: We do collect your email address if you provide one during Stripe checkout for billing purposes. See the Payment and Billing section below for details.

2. How We Use Your Information

We use the limited information we collect only to:

Provide the polling service: Create polls, track votes, display results
Authenticate requests: Verify that requests are coming from Slack
Prevent duplicate voting: Ensure users can only vote once per poll (when not anonymous)
Enable poll management: Allow poll creators to edit and close their polls
Calculate billing: Determine workspace size for plan limits and subscription management
Improve the service: Website analytics to understand how people find and use our site (see Section 11)

Legal Basis for Processing (GDPR)

If you are in the EEA, UK, or Switzerland, our legal bases for processing your data are:

Contract performance: Processing necessary to provide the polling service you've requested (poll data, votes, workspace integration)
Legitimate interests: Security logging, fraud prevention, and service improvement — balanced against your privacy rights
Contract performance: Billing and subscription management for paid plans
Consent: Website analytics and support chat cookies (where required by law)

3. Data Retention and Deletion

🗑️ Automatic Data Deletion

All poll data is automatically deleted based on your plan:

Free Plan: Data deleted after 7 days
Pro Plan: Data deleted after 30 days
Enterprise Plan: Custom retention periods available

This includes poll questions, options, votes, and any associated metadata.

What Gets Deleted Based on Your Plan:

Free Plan (7 days): Poll questions, answer options, votes, voters, and most metadata
Pro Plan (30 days): Poll questions, answer options, votes, voters, and most metadata
Enterprise Plan: Custom retention periods as configured

What We Retain (For Service Operations):

Slack workspace ID (for billing and access control)
Basic usage statistics (when polls were created, how many votes cast - no content)
The Slack user ID of the poll creator (for poll management)
Bot installation records (to maintain service access)

Retention Exceptions:

Even after deletion of active poll data, we may retain certain information where required:

Billing records: Subscription and payment records retained for tax and accounting purposes (up to 7 years as required by Australian law)
Security logs: Operational and security logs retained for investigation and abuse prevention purposes
Legal compliance: Any data subject to a legal hold or required to comply with legal obligations
Archived metadata: Essential poll metadata (creation date, vote counts — no content) retained for service analytics

4. Data Sharing and Third Parties

We Do NOT:

❌ Sell your data to anyone
❌ Share data with advertisers
❌ Use data for marketing purposes
❌ Provide data to data brokers
❌ Share polls or votes outside your Slack workspace

We Only Share Data With:

Slack (Salesforce): When making API requests to display polls and manage the app (required for functionality). Slack's Privacy Policy.
AWS (Amazon): Our hosting provider (Sydney, Australia region). AWS Privacy Policy.
Stripe: Our payment processor, for handling subscription billing. Stripe processes payment details directly — TinyPoll never stores credit card numbers. Stripe's Privacy Policy.
Google: Website analytics via Google Tag Manager/Analytics (website visitors only, not Slack app users). Google's Privacy Policy.
Zoho: Customer support chat widget on our website (website visitors only). Zoho's Privacy Policy.
When Required by Law: Only if compelled by valid legal process (we will notify you if legally permitted)

For more detail on subprocessors, see our Data Processing Agreement.

Payment and Billing Data:

If you subscribe to a paid plan, we store:

Your Stripe customer ID (to link your workspace to your subscription)
Subscription status and billing period
Billing email address (if provided during checkout)

We do not store credit card numbers, CVVs, or other payment card details. All payment processing is handled by Stripe, a PCI Level 1 certified payment processor.

Admin Identification:

For billing notifications and grace period alerts, we identify workspace administrators using the Slack users.list API (via our existing users:read permission). Admin status is not stored — it is checked in real time when notifications need to be sent.

5. Security

We implement industry-standard security measures:

Encryption: All data is encrypted at rest and in transit
Access Controls: Strict access controls and authentication
Infrastructure Security: Built on AWS with enterprise-grade security
Request Verification: All Slack requests are cryptographically verified
Minimal Permissions: We only request the minimum Slack permissions needed

6. Your Rights

You have the right to:

Access: Request information about data we have about your workspace
Deletion: Request deletion of your active service data (we'll process requests within 30 days)
Correction: Request correction of any inaccurate data
Restriction: Request that we restrict processing of your data in certain circumstances
Objection: Object to processing based on legitimate interests
Uninstall: Remove TinyPoll from your Slack workspace at any time
Data Portability: Request a copy of your poll data before automatic deletion
Complaint: Lodge a complaint with your local data protection authority (e.g., the OAIC in Australia, or your EEA/UK supervisory authority)

To exercise any of these rights, contact us at privacy@tinypoll.io. We aim to respond within 30 days.

Note on deletion: If you request deletion, we delete active service data (polls, votes, settings) within 30 days. Uninstalling TinyPoll removes it from your Slack workspace, but does not by itself constitute a separate deletion request. Data is otherwise handled in accordance with our retention practices, and some data may be retained where required by law or for legitimate purposes — see the Retention Exceptions in Section 3.

7. Children's Privacy

TinyPoll is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

8. International Users and Data Transfers

TinyPoll is hosted on AWS infrastructure in Australia (ap-southeast-2, Sydney). If you are using TinyPoll from outside Australia, your data will be transferred to and processed in Australia.

Some of our subprocessors are located in the United States. For transfers from the EEA, UK, or Switzerland, we rely on our subprocessors' own transfer mechanisms (e.g., EU-US Data Privacy Framework, Standard Contractual Clauses) as applicable.

For more detail, see our Data Processing Agreement.

Controller and Processor Roles

Under data protection law, your organisation (the Slack workspace administrator) is the data controller for Personal Data processed through TinyPoll's polling service. TinyPoll acts as a data processor on your behalf.

For data we process for our own purposes (billing, website analytics, account management), TinyPoll is an independent data controller as described in this Privacy Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date
For significant changes, sending a notification in Slack workspaces using TinyPoll

10. Slack-Specific Information

Slack Permissions We Request:

TinyPoll requests the following OAuth scopes when installed. Each is explained below:

commands: To enable the /tinypoll slash command
chat:write: To post poll messages to channels where TinyPoll is invited
chat:write.public: To post polls to public channels without needing an invite
channels:read: To determine which channel a poll should be posted in
groups:read: To support polls in private channels
im:write: To send direct messages for billing notifications and upgrade prompts
team:read: To determine workspace size for plan limits and billing
users:read: To display user names for non-anonymous polls and to identify workspace administrators for billing notifications

How We Use the Bot Token:

The bot token allows TinyPoll to interact with your Slack workspace. We use it only to:

Post poll messages to channels
Update poll results in real-time
Retrieve user display names for non-anonymous polls (when enabled)
Verify that requests are coming from your workspace
Send direct messages for billing and account notifications

11. Website Analytics and Tracking

Our website (tinypoll.io) uses the following third-party services. These apply only to website visitors — the Slack app itself does not use cookies or tracking.

Google Tag Manager / Google Analytics

We use Google Analytics to understand how visitors find and use our website (page views, traffic sources, button clicks). Google may collect your IP address (anonymised), pages visited, browser type, and referral source. See Google's Privacy Policy.

Zoho SalesIQ

We use Zoho SalesIQ to provide live chat support on our website. If you start a chat, Zoho may collect the messages you send and any information you voluntarily provide. See Zoho's Privacy Policy.

For full details on cookies and how to manage them, see our Cookie Policy.

Questions or Concerns?

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@tinypoll.io

Response time: We aim to respond within 30 days