Privacy Policy

PolarPoll is a service operated by Win Media & Advertising d.o.o. ("we", "us", or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our survey creation and data collection platform ("the Service"). By using the Service, you consent to the practices described in this policy.

We use the information we collect to: provide, maintain, and improve the Service; process your transactions and manage your subscription; send you service-related communications (e.g., account verification, billing notifications, security alerts); respond to your support requests and inquiries; analyse usage patterns to improve user experience and develop new features; detect, prevent, and address technical issues, fraud, or abuse; and comply with legal obligations.

Your data is stored on secure servers using industry-standard encryption. We use HTTPS for all data transmission and bcrypt hashing for password storage. Access to personal data is restricted to authorised personnel only. While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

We do not sell your personal information to third parties. We share your information only with the following categories of recipients:

Hostinger International Ltd — our hosting and infrastructure provider. Your account data and survey data are stored on Hostinger servers. Hostinger may process data in the EU (Lithuania) and other locations.

Paddle.com Market Ltd — our Merchant of Record and payment processor. Paddle handles billing, subscription management, and tax compliance. As Merchant of Record, Paddle is responsible for processing your payment data and issuing receipts.

Google LLC (Google Tag Manager & Gemini API) — we use Google Tag Manager to manage analytics and tracking scripts on our website. GTM may load additional Google services (such as Google Analytics) that collect usage data including page views, session duration, and device information. Additionally, Google LLC processes AI prompts only when the AI Survey feature is explicitly invoked. Google's processing is governed by the Google Privacy Policy (https://policies.google.com/privacy).

Law enforcement or government authorities — when required by law or to protect our legal rights.

Third parties in a merger, acquisition, or sale of assets — you will be notified of any change in data practices.

Survey respondents' data is accessible only to the survey creator and is not shared with other users or third parties.

We use strictly necessary cookies to maintain your session and authentication state. These are httpOnly cookies set by the server and are not accessible via JavaScript. They are required for the Service to function and cannot be disabled.

auth-token — session cookie, expires after 15 minutes. Holds a short-lived JWT used to authenticate API requests.

refresh-token — persistent cookie, expires after 30 days. Used to silently renew your session so you stay logged in.

We also use Google Tag Manager (GTM) to load analytics and measurement scripts. GTM itself does not set cookies, but the tags it loads (such as Google Analytics) may set analytics cookies to collect anonymised usage data — including pages visited, session duration, and general device information. These cookies help us understand how the Service is used and improve the user experience.

_ga — Google Analytics, expires after 2 years. Used to distinguish unique visitors. _ga_* — Google Analytics session cookie, expires after 2 years. Used to persist session state.

You can review or change your cookie preferences at any time in Settings → Privacy & Cookies.

PolarPoll offers an AI Survey feature that generates survey questions from a text prompt you provide. When you use this feature, your prompt text is transmitted over an encrypted connection to the Google Gemini API, operated by Google LLC. Google processes the prompt to generate the survey content. We do not send any other personal data (such as your name, email, or account ID) alongside the prompt.

Google's processing of data submitted through the Gemini API is governed by the Google API Terms of Service and Google's Privacy Policy (https://policies.google.com/privacy). We recommend that you do not include sensitive personal information in AI prompts.

If you do not wish to use this third-party integration, you can create surveys manually without using the AI Survey feature.

Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; correct inaccurate or incomplete personal data; request deletion of your personal data; object to or restrict the processing of your personal data; request portability of your data in a machine-readable format; and withdraw your cookie consent at any time via Settings → Privacy & Cookies. To exercise any of these rights, please contact us at support@polarpoll.com.

We retain your account data for as long as your account is active or as needed to provide the Service. Survey data is retained until you delete it or close your account. Upon account deletion, your personal data and survey data will be permanently removed from our systems within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal disputes).

Your data is primarily stored on Hostinger infrastructure, which includes data centres in the EU (Lithuania) and potentially other regions. When data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) or adequacy decisions — in compliance with GDPR Chapter V.

When the AI Survey feature is used, prompt data is transmitted to Google LLC in the United States. Google participates in the EU-U.S. Data Privacy Framework, which provides an adequate level of protection for personal data transferred from the EEA.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact Win Media & Advertising d.o.o. at support@polarpoll.com.