Privacy Policy

Last updated: 28 June 2026

1. Who We Are

Ballot Buddy (“we”, “us”, “our”) is an independent, non-partisan voter information service based in the United Kingdom. We are not affiliated with any political party, campaign, or government body.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller for personal data processed through this website.

2. What Data We Collect and Why

2.1 Postcodes (Location Data)

When you enter your postcode to find local elections, that postcode is transmitted to our server and forwarded to the Democracy Club Voting Information API to retrieve the relevant election data. Your postcode is processed in memory only and is never stored in any database or log file. Once the API response is returned to your browser, all server-side processing of your postcode ceases.

Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) — providing the core service you have requested. We have balanced this interest against your rights and determined that data minimisation (immediate discard) adequately protects your privacy.

2.2 Quiz Answers (Political Opinions)

Your answers to the Policy Matchmaker quiz reflect your political opinions. Under UK GDPR Article 9, political opinions are classified as special category data, which attracts a higher level of protection.

To enable the multi-page quiz flow without requiring an account, your answers are stored in an httpOnly browser cookie (vm_quiz_answers) for up to seven days. This cookie is set with SameSite=Lax and is accessible only to this website. Your answers are neverassociated with your name, email address, IP address, or any other identifying information. They are never shared with third parties. You can delete them at any time by clearing your cookies or selecting “Retake the quiz”, which erases the cookie immediately.

Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) for the temporary technical necessity of maintaining quiz state between page loads, combined with explicit consent under Article 9(2)(a) for the processing of special category data. You provide this consent by choosing to complete the quiz.

2.3 Cookie Consent Preferences

When you interact with our cookie consent banner, your preference (accept/reject) is saved to your browser's localStorage. This is an essential technical necessity to remember your choice and avoid re-showing the banner on every page visit.

2.4 Server Logs

Our web host may retain standard server access logs (IP address, requested URL, timestamp, HTTP status code) for up to 30 days for security and operational purposes. These logs do not contain postcodes or quiz data.

3. How We Use Your Data

• To retrieve and display your local election information (postcode, in-memory only)
• To calculate and display your party alignment results (quiz answers, browser-only)
• To remember your cookie preferences (localStorage)
• To maintain the security and performance of our service (server logs)

We do not use your data for advertising, profiling, targeting, or sale to third parties. We do not use political opinion data for any purpose beyond displaying your quiz results to you.

4. Sharing Your Data

We share data only in the following limited circumstances:

• Democracy Club: Your postcode is forwarded to the Democracy Club Voting Information API to retrieve election data. Democracy Club is a registered UK charity. You can review their privacy policy at democracyclub.org.uk/privacy.
• Web hosting provider: Our hosting infrastructure processes requests as part of normal service delivery. Server logs are retained for up to 30 days.
• Legal obligation: We may disclose data if required by law, court order, or regulatory authority.

5. Data Retention

• Postcodes: Not retained. Discarded immediately after API call.
• Quiz answers: Retained in your browser's localStorage until you delete them or clear your browser data.
• Cookie preferences: Retained in your browser's localStorage for up to 12 months, at which point you will be asked again.
• Server logs: Retained for up to 30 days then automatically deleted.

6. Your Rights Under UK GDPR

You have the following rights:

• Right of access: To request a copy of any personal data we hold about you.
• Right to erasure: To request deletion of your personal data. For browser-stored data, you can exercise this yourself immediately by clearing your browser storage.
• Right to rectification: To correct inaccurate data.
• Right to restriction: To restrict how we process your data.
• Right to object: To object to processing based on legitimate interests.
• Right to data portability: To receive your data in a machine-readable format.

As the vast majority of data is held in your own browser, you are already in direct control of most rights. To exercise any right relating to server-side data, please contact us at the address below.

7. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Changes to This Policy

We may update this policy from time to time. Where changes are material, we will display a notice on the website and update the “Last updated” date above. Continued use of the service after changes constitutes acceptance of the updated policy.

9. Contact Us

For any data protection enquiries, please contact us via the details published on our website.