Back to Votira

Data Protection & GDPR Notice

How Votira collects, uses, stores and protects personal data, and the rights you have under the EU General Data Protection Regulation (GDPR).

Last updated: 30 May 2026

1. Who we are (Data Controller)

Votira is a survey-validation platform for startups. For the personal data you provide as an account holder, Votira acts as the data controller. For survey responses you collect from your own respondents, you are the controller and Votira acts as a data processor on your behalf. You can reach our data-protection contact at privacy@votira.app. The service is reachable at https://votira.azurewebsites.net.

2. What personal data we process

We deliberately collect the minimum data needed to run the service:

CategoryDataWhy
AccountEmail, display name, password (stored only as a bcrypt hash), or OAuth provider identifier (Google / GitHub).Create and secure your account.
Login historyTimestamp, IP address and an estimated location for your last 5 sign-ins.Account-security visibility (shown only to you in Settings).
Survey contentQuestions, settings, optional uploaded images and a custom domain you configure.Deliver the core product.
Survey responsesAnswers plus any respondent fields you choose to collect (name, email, company, role, location). A coarse de-duplication signal may be derived from the respondent's request.Provide results and analytics to you, the survey owner.
BillingStripe customer identifier, subscription status and invoice metadata. Card details are handled by Stripe and never reach Votira's servers.Process subscriptions and show your invoices.
Operational logsAudit events (action, user identifier, timestamp). Sanitised to exclude passwords, tokens and other secrets.Security, compliance and troubleshooting.

3. Legal bases for processing

4. Where your data is stored and who processes it

Votira runs on Microsoft Azure. We use the following sub-processors, each engaged under appropriate data-processing terms:

Sub-processorPurpose
Azure App ServiceApplication hosting.
Azure Cosmos DBPrimary database for accounts, surveys, responses and subscriptions.
Azure Blob StorageUploaded survey images and data exports.
Azure OpenAI ServiceAI-assisted survey generation. Prompts are processed within Azure and not used to train foundation models.
Azure Cache for RedisRate limiting and abuse prevention.
Azure Application InsightsTelemetry and audit logging.
StripePayment processing and invoicing (PCI-DSS compliant).
Google & GitHub OAuthOptional single sign-on, only if you choose it.
ip-api.comBest-effort, coarse location estimate for your login-history display. Only an IP address is sent; lookups are skipped for private addresses.

Some sub-processors may process data outside the European Economic Area. Where they do, transfers are protected by Standard Contractual Clauses or an equivalent safeguard.

5. How long we keep it

Account, survey and response data is retained for as long as your account is active. Login history is capped at your 5 most recent sign-ins. When you delete your account (Settings → Danger Zone) we permanently and irreversibly erase your account, surveys, responses and uploaded files, and cancel any associated Stripe customer record. Invoice records may be retained by Stripe to meet legal/tax obligations.

6. How we protect your data

7. Your rights under the GDPR

You have the right to access, rectify, erase, restrict and port your personal data, and to object to certain processing. You can exercise most of these directly in the app:

For any request you cannot complete in-app, contact privacy@votira.app. You also have the right to lodge a complaint with your local data-protection supervisory authority.

8. Changes to this notice

We may update this notice as the service evolves. Material changes will be reflected here with an updated revision date.