StrataVoter StrataVoter

How StrataVoter keeps votes fully anonymous

In plain terms: the system tracks that a unit voted, but stores the ballot choice in a separate record with no unit identifier. That means there is no direct lookup from a unit to a selected candidate.

Simple explanation

  1. Each eligible unit gets a one-time voting link.
  2. When a vote is submitted, the link is marked “used” for quorum tracking.
  3. The vote itself is written to an anonymous ballot table that does not contain unit number or owner identity.
  4. A temporary receipt mapping exists only for audit reproducibility and expires under the retention policy.

Anonymous voting data-separation diagram

This flow shows how participation visibility is kept separate from ballot secrecy.

Diagram of StrataVoter anonymous voting data separation flow
Participation records and ballot records are separated by design; temporary receipt mapping is retained only for audit reproducibility.

Technical model

Data store Contains Does not contain
unit_tokens Unit number, token hash, voted timestamp Ballot choice
ballots Choice index(es), timestamp, ballot hash Unit number or owner identity
vote_receipts Temporary token-to-ballot linkage for reproducibility Permanent identity-to-vote mapping

Compliance and retention

StrataVoter retention is configurable per election (default 90 days) and deletes election data after closure + configured retention window.

All vote records are stored anonymously by design, with encryption at rest and encryption in transit (TLS), using controls designed to align with strict PIPEDA and GDPR expectations for protecting personal information.

“For a record described in paragraph 10 of subsection 55 (1) of the Act, at least 90 days following the date of the meeting ...” — O. Reg. 48/01, s.13.1(2), para.3

Privacy standards for PII (Canada, USA, Europe)

Region Reference standard Quoted requirement focus
Canada PIPEDA, Schedule 1 (Principle 4.7 Safeguards) Organizations must protect personal information with safeguards appropriate to the sensitivity of the information.
USA FTC Safeguards Rule (16 CFR Part 314) Covered organizations must develop, implement, and maintain a comprehensive information security program with administrative, technical, and physical safeguards.
Europe GDPR Art. 5(1)(f) and Art. 32 Personal data must be processed with appropriate security, including protection against unauthorized processing and use of technical measures such as encryption.

Compliance obligations vary by deployment context and customer configuration.

Back to commercial overview