Wired into every page, action, and export. Two-factor login, strict access scoping, full audit trail, and per-country data-protection alignment. The detailed security and privacy commitments are set out in the Privacy Policy and the Data Processing Agreement; this page summarises them in plain language.
We do not endorse candidates or parties, do not publish official election results, and do not provide voting instructions. See the full mission on /about.
Authentication, authorization, audit. The first two protect access; the third proves what happened after the fact.
TOTP available on every account — Authenticator-app QR enrollment, recovery codes, and a self-serve disable path for lost factors. Passwords alone aren't enough for project access.
Interviewers see only their assigned LGA / sub-county / district / voting district. Projects are isolated from one another by design — a research firm with concurrent contracts can keep one client's data separated from the next.
Logins, approvals, exports, role changes, deletes — each logged with the actor, the timestamp, and the originating IP. The application provides no path to modify or delete audit rows, and the underlying database is operated under strict access controls.
From the field interview to the press-kit certificate, the platform records a verifiable trail. Each step carries its own integrity control.
Datasets are kept separate by design — the platform does not silently mix them. Raw live data, QC-cleared data, and official reporting data each carry visible tier badges on exports so a downstream analyst sees the validation tier of any number they read.
Each result transmission is hash-chained — every report carries the previous report's hash, and the chain is recorded on the press-kit certificate at the time of publication. A change after publication is detectable by re-computing the chain.
Amendments to a transmitted result that exceed a configured threshold require a second supervisor's approval (a quorum gate) plus a brief embargo before the change becomes visible to public aggregates. The application does not provide a single-supervisor path for those amendments.
Each active market carries its own data-protection regime. Specific deployment regions and any cross-border transfer instruments are recorded in the Data Processing Agreement (DPA) supplied with your Order Form. Default retention honours each country’s statutory minimum windows as set out in the Privacy Policy.
We can walk through the security posture in detail with your legal + IT team. No commitment required.