Last Updated: May 24, 2026
Our polling engine is built around verified anonymity. Human Passport provides aggregate proof of personhood via privacy-preserving stamps; we never store your vote linked to your identity.
For full details, see 'Detailed Legal Disclosures' below.
Recognize that mathematical algorithms tracking specific vote ratios heavily cache parameters natively in our records tracking cryptographic distributions openly for analytic transparency.
IMDifferent never stores your email or phone number. Your identity is reduced to a one-way cryptographic hash the moment you sign in. Email addresses are transiently processed by our delivery partner solely for message delivery — they are never written to our records. The same applies to phone numbers used for mobile verification.
IMDifferent treats every community member as structurally anonymous by design. Our system cannot determine who voted on what, cannot link your account to any personal record, and therefore cannot send you any emails, notifications, or communications of any kind. If your account encounters an issue, we have no way to contact you — because we genuinely do not know who you are. This is not a limitation; it is the architecture.
We are legally committed to guarding your data streams permanently against extraction.
For our full legal disclosures, see Detailed Legal Disclosures below.
Published 2026-05-05
Between 2026-05-01 and 2026-05-05, IMDifferent ran an automated cold-start engagement system that added synthetic votes and engagement signals to AI-generated polls on the platform. These synthetic entries were marked in our database (is_synthetic = true) but were not visually separated from organic activity in totals, leaderboards, or sealed-poll snapshots.
What it was: a scheduled background job (running every hour at minute 20) that added approximately 700 synthetic votes per day across roughly a quarter of the AI-generated polls. Each poll received a stable random cap (40–60 synthetic votes) and a total-vote ceiling (51–80) before seeding stopped. Organic votes from real users were always processed normally and were never modified by this system.
Why we did it: cold-start engineering. New platforms with zero activity make it hard to monitor how UI patterns and aggregate counters behave under realistic load. The synthetic seed let us observe system behavior, refine display logic, and exercise sealing and graduation flows with realistic data volume. The data was tagged in our database from day one as synthetic, and the wipe was always the planned end of the cold-start phase.
Why we are disclosing it: as we move into the next phase of the platform — daily cryptographic anchoring of vote totals to a public chain — we wanted any visitor who noticed counters and consensus seals reset on 2026-05-05 to have a factual explanation rather than speculation. Real user interactions were never touched by this system; only the synthetic seed data, plus a small number of internal test votes, were in scope.
What we did about it on 2026-05-05:
What changes going forward:
What we lost in the process: a small number of internal test votes from the operator and family members on different IPs and devices. No external organic activity was lost.
The synthetic engagement system that was disabled lived at src/app/api/cron/synthetic-engage/route.ts. It was governed by a feature flag — the environment variable SYNTHETIC_VOTES_ENABLED. Its scheduled-task entry was removed from vercel.json. Records of this system's existence remain in our public commit history; we have not deleted the historical code.
— The IMDifferent team, 2026-05-05
The data controller for IMDifferent is the company operating IMDifferent.id, incorporated in the Kingdom of Saudi Arabia under an active Commercial Registration, with its registered office in Saudi Arabia. Because the controller is established in KSA, the Saudi Personal Data Protection Law (PDPL) and its Implementing Regulations are the default regulatory framework for our processing. Additional regimes — including the EU/UK GDPR for EEA/UK residents and the CCPA/CPRA for California residents — apply as overlays where the data subject's location triggers them.
We do not sell user data, do not run paid subscriptions, and do not accept advertising. Anti-fraud signals (including device fingerprints) are used solely for fraud prevention and are never repurposed.
You have the right to lodge a complaint about our handling of your data with the Saudi Data & AI Authority (SDAIA) via the National Data Governance Platform at dgp.sdaia.gov.sa. EEA/UK residents may additionally complain to their national supervisory authority; California residents to the California Attorney General.
We have not appointed an EU representative under GDPR Art. 27 or a UK representative under UK GDPR Art. 27. We will designate one if EEA/UK traffic becomes material to our operations. This decision is reviewed quarterly.
Privacy contact: privacy@imdifferent.id
We process your personal data on the following bases recognized by PDPL, with the corresponding GDPR basis shown in parentheses as an overlay for EEA/UK residents:
We process the following categories of data:
We never store raw IP addresses, raw email addresses, raw phone numbers, or raw device identifiers. All inputs are hashed before durable storage.
| Data category | Retention period |
|---|---|
| Vote records (poll outcomes, hashes) | Retained for the lifetime of the poll record |
| IP reputation events (per-vote audit log) | Retained only as long as needed for fraud detection, then automatically deleted. |
| IP reputation aggregates (counters, scores) | Retained while the IP's reputation signal remains relevant to anti-fraud, then deleted automatically. |
| Device fingerprint (imdiff_device_id in localStorage) | Retained while needed to detect repeated voting from the same device, then deleted. |
| Secured Link tokens | Short-lived (token TTL), then deleted |
| Behavioral signals | Retained with vote records |
| Server logs | Retained as long as needed for operational debugging and security monitoring, then automatically deleted. |
| Admin overrides (allowlist/blocklist) | Retained until manually revoked, then archived for security audit purposes only. |
When retention criteria are no longer met, data is permanently deleted via automated retention processes.
We rely on the following categories of third-party processors. Each operates under a written data-processing agreement. A list of specific sub-processors is available on request to privacy@imdifferent.id.
| Service category | Data sent | Jurisdiction |
|---|---|---|
| Bot-detection challenge | Browser fingerprint, IP, challenge token | Global (third-party CDN network) |
| Content delivery, DDoS protection | IP, request metadata | Global (third-party CDN network) |
| Application hosting | Request data necessary to serve responses | US |
| Real-time counters, queues, deduplication | Hashes, counters | US |
| Durable storage | Hashed identifiers, vote records, reputation data | US |
| Secured Link email delivery | Email address (transient, not stored after delivery) | US |
| Mobile verification (SMS OTP) | Phone number (transient, not stored after delivery) | US |
| ASN classification | IP address (transient, not stored) | EU |
| Real-time vote count broadcasting | Aggregate vote counts only (no personal data) | US |
Most of the third-party processors we rely on (listed in Section E) operate outside the Kingdom of Saudi Arabia. Transferring personal data outside KSA is permitted under PDPL Article 29 and its Implementing Regulation on Personal Data Transfers Outside the Kingdom (August 2024) when the processing serves a permitted purpose, is limited to what is strictly necessary, and is protected by an appropriate safeguard.
Our approach: we transfer only hashed identifiers and operational metadata, never plaintext identifiers (see Section C); we apply data minimization to every transfer; and we are establishing SDAIA-published Standard Contractual Clauses (SCCs) and Transfer Risk Assessments with each non-KSA processor as part of our PDPL compliance program. For EEA/UK residents, we additionally rely on the European Commission's SCCs (2021) as already incorporated in our processors' published DPAs.
A copy of our processor list, executed SCCs, and Transfer Risk Assessments is available on request to privacy@imdifferent.id.
To prevent fraudulent voting and protect poll integrity, we generate a one-way cryptographic hash of your device's hardware-only technical characteristics: screen resolution, color depth, timezone offset, browser canvas rendering, and GPU identifier. We deliberately exclude User-Agent, language, and CPU core count so that switching browsers on the same physical device does not bypass fraud detection. The hash is stored in your browser's localStorage as imdiff_hwid and is also computed server-side as part of your hardwareIdHash.
Why we do this: to detect and block coordinated voting fraud, including attempts where a single individual votes multiple times under different identities or IP addresses.
Legal basis: processing under our legitimate interests in fraud prevention, recognized as a lawful basis under PDPL and under GDPR Art. 6(1)(f) for EEA/UK residents. A Legitimate Interest Assessment (LIA) is on file and available on request.
Retention: fingerprints are retained while needed for fraud detection. When that need lapses, they are automatically deleted.
Your rights: you may object to this processing at any time by emailing privacy@imdifferent.id. If you object, your access to anonymous voting may be restricted; verified voting (with mobile or email sign-in) remains available as an alternative.
No marketing or analytics use: these fingerprints are used solely for fraud prevention. They are never used for advertising, profiling, or analytics. They are never shared with advertisers or data brokers.
We use the following client-side storage mechanisms:
| Mechanism | Purpose | Strictly necessary? | Consent required? |
|---|---|---|---|
| Session cookies | Sign-in session, vote receipts | Yes | No |
| imdiff_device_id (localStorage) | Anti-fraud device fingerprint | Yes (fraud prevention) | No (legitimate interest) |
| Imdifferent_voted_* (cookie) | Prevent double-voting on the same poll | Yes | No |
| Optional analytics (if added) | Aggregate usage metrics | No | Yes |
Strictly-necessary mechanisms run automatically. Optional mechanisms (analytics, if any) are gated behind your consent via the cookie banner.
Under the Saudi Personal Data Protection Law (PDPL), you have the following rights with respect to your personal data:
EEA/UK residents (GDPR / UK GDPR): in addition to the PDPL rights above, you have the right to restrict processing, the right to object to processing carried out under our legitimate interests (including device fingerprinting), the right to withdraw consent where consent is the basis, and the right to lodge a complaint with your national supervisory authority.
California residents (CCPA / CPRA): the right to know, the right to delete, the right to correct, the right to opt-out of sale or sharing (we do not sell or share data), the right to limit the use of sensitive personal information, and the right to non-discrimination.
To exercise any right, contact privacy@imdifferent.id. We will respond within 30 days under PDPL and GDPR, and within 45 days under CCPA. The first request in any 12-month period is free of charge.
Important: because we operate on hashed identifiers and have no plaintext personal data, fulfilling some requests requires you to prove possession of the original identifier (e.g., the email address used at sign-in) so we can compute the hash and locate the data.
IMDifferent is not directed at children. We do not knowingly collect data from minors. In the Kingdom of Saudi Arabia, the age of majority for data-processing consent is 18 — guardian consent is required below that. In the European Economic Area, GDPR Art. 8 sets the threshold at 16 (Member States may lower to 13). In the United States, COPPA applies below 13. We apply the strictest standard applicable to the data subject's location.
If you believe a minor has provided us with data, contact privacy@imdifferent.id and we will delete the data promptly.
If we become aware of a personal data breach that affects you, we will respond on the following timeline:
Notification to SDAIA: under PDPL Article 20, we will notify the Saudi Data & AI Authority within 72 hours of becoming aware of the breach, via the National Data Governance Platform.
Notification to affected data subjects: if the breach is likely to result in serious harm to your personal data or your rights, we will notify you directly without undue delay. The notification will describe what happened, what data was involved, what steps we are taking, and what you can do.
EEA/UK residents: we will additionally notify the competent supervisory authority within 72 hours per GDPR Art. 33 and you directly without undue delay per Art. 34 where the breach is likely to result in a high risk to your rights and freedoms.
To report a suspected breach to us: email privacy@imdifferent.id with the word "BREACH" in the subject line. We monitor this inbox continuously, including outside business hours.
The values we store next to each vote are unique to that one poll. The same person voting on two different polls produces different stored values — whether you verified with a phone number, with World ID, with Human Passport, or with Coinbase. None of these stored values can be linked across polls to reconstruct your voting history.
IMDifferent publishes Merkle roots of sealed vote batches to the Base blockchain. This section explains what is published, what remains private, and how you can verify the process.
Each Merkle root is a cryptographic summary of a batch of votes. The root itself does not reveal individual votes, voter identities, or poll choices. It serves as a tamper-evident commitment: anyone can verify that a specific vote was included in a batch without accessing any other vote in that batch.
Voter IP addresses, device fingerprints, emails, and other personally identifiable information are stored only as one-way hashes in our database — never plain-text — and are never included in on-chain data. The Merkle root is also a one-way hash, so the on-chain data cannot be reversed to reconstruct votes or identify voters.
For multi-select ballots — those where you can pick more than one option — every selection you cast is committed independently. A ballot with N selections produces N distinct entries in that day's Merkle tree, each verifying on its own against the same on-chain root. None of those entries reveals your identity or the values of your other selections.
For technical details, see the independent verification guide and the transparency hub.
We may update this policy to reflect changes in our practices or legal requirements. When we do: the 'Last updated' date at the top will change, material changes will be communicated via a prominent notice on the platform for at least 30 days, and the previous version will be archived and available on request.