Propoodle was designed with a strong focus on personal privacy. The following axioms hold for all data entered into Propoodle:
- No data is exchanged with third parties.
- Data entered and saved on the server is used only for the purpose of providing and improving the voting service.
- All personal data entered during the life-cycle of a poll is deleted within a week after the expiration date of the poll.
Privacy vs. Security
To allow for a streamlined user-experience, Propoodle neither requires nor allows the user to login at any point.
Authentication is solely performed on the basis of personalized URLs that contain a key.
These keys are generated by randomly selecting 32 characters from an alphabet of 64 characters (allowing for repetitions).
There are approximately 6 octodecillion (a six with 57 zeros) possible keys. It is very unlikely that an attacker will be able guess an existing key in his or her lifetime. However, there is no guarantee that an attacker does not guess your key on his first attempt. Of course, the same is true for all of your passwords.
In contrast to passwords, the personalized URL used by Propoodle is not treated as a secret. It appears in your browsers address bar, is saved in your browser history and is sent in plain text in invitation e-mails. There is a risk that an attacker, who, for example, has access to your browsing history or is able to monitor your outgoing traffic, is able to access your Propoodle. In this case, the site can not guarantee the safety of your data. It is your responsibility to mitigate this risk. Handle and distribute the personalized URLs, through which access to polls on propoodle.net is granted, with care!