Privacy policy
Last updated: July 2026 · Applies to yourmandate.uk
Mandate lets organisations put decisions to their members. Because joining a political party or campaign group — and voting within one — says something about your political opinions, the law treats the data we hold to a higher standard than most apps, and so do we. This page explains, in plain language, what we collect, why, and what we will never do with it.
What we collect
When you sign in we store your email address and a display name. When you use Mandate we record the organisations you follow, your membership requests and their outcomes, and the votes you cast — including which option you chose, which is visible only to you. Organisation admins see your email when you request membership of their organisation, and nothing else. We do not collect your location, contacts, or browsing history, and we run no advertising or analytics trackers.
Why we can hold this data
We process your data to provide the service you signed up for: running proposals and votes for organisations you choose to join. Because organisational membership and votes can reveal political opinions, we rely on your explicit consent, given when you sign in and when you choose to follow, join, or vote within an organisation. You can withdraw that consent at any time by deleting your account (below).
What we never do
We never sell your data. We never share it with advertisers, data brokers, political campaigns, or any organisation on the platform beyond what is described above. We never publish who you are, what you belong to, or how you voted.
The tamper-evident vote record
Every vote is sealed into a cryptographic record so results cannot be secretly altered — that is Mandate's core promise. The public parts of that record (receipt codes, seals, and daily public timestamps) contain no names, no emails, and no vote choices. Your receipt proves a vote exists in the record; it does not reveal who cast it.
Where your data lives
Your data is stored with Supabase (our database and sign-in provider) and served by Netlify (our hosting provider). Notification emails are delivered by Resend. These providers process data on our instructions and cannot use it for their own purposes. We keep your data only while you have an account, and only as long as the organisations you belong to need their governance records.
Your rights
You can ask us for a copy of your data, ask us to correct it, or ask us to delete your account and personal data — email privacy@yourmandate.uk and we will act within one month, usually much faster. When your account is deleted, sealed vote records remain (they are the organisation's tally, and they contain no identity), but they are no longer connected to any person. If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office at ico.org.uk. We are registered with the ICO (registration number available on request or via the public register).
Age
Mandate is intended for people aged 16 and over. Organisations are responsible for the eligibility rules of their own memberships.
Changes
If this policy changes in any meaningful way, we will note it here and, for significant changes, tell you by email. Questions are welcome at privacy@yourmandate.uk.