Privacy & Compliance Policy

What We Collect and Why

Oxford-Metro Analytics is built on a strict privacy-first architecture. When you submit a vote or poll response on this platform, the following data points are processed:

• IP address: Immediately one-way hashed using SHA-256 with a server-side secret. The raw IP address is never written to our database.
• Browser fingerprint: A numeric hash derived from publicly available browser signals (user-agent, screen size, language, timezone). Used only for duplicate detection — the raw signals are not stored.
• Anonymous cookie ID: A randomly generated UUID stored in a secure, HTTP-only cookie. This identifier allows us to prevent duplicate submissions without identifying you as an individual.
• Geopolitical zone: Selected by you voluntarily when submitting a vote. Used only for regional aggregate analysis.
• Timestamp: The date and time of submission, used for rate limiting and audit trail purposes.
• Candidate or option selected: Your vote choice, stored against your anonymous identifiers only.

What We Never Collect

• Your name
• Your email address (unless voluntarily submitted for the notification token form)
• Your phone number (unless voluntarily submitted for notification purposes)
• Your precise location or GPS coordinates
• Your raw IP address
• Any third-party account information

Data Retention

Anonymized vote records are retained for a maximum of 24 months post-election cycle for audit and historical analysis purposes, then permanently deleted. Notification token submissions (email/phone for the prediction vault alert) are retained only until the prediction vault opens, then purged.

Third-Party Sharing

Oxford-Metro Analytics does not sell, license, or transfer individual response data to any third party. Aggregated, anonymized statistical outputs (e.g. “32% of North West respondents selected Candidate X”) may be published publicly or licensed to research institutions under CC BY 4.0.

Your Rights

Because we do not link your vote to any personally identifiable information, we cannot identify or retrieve your specific submission upon request. This is by design — anonymization is our primary privacy protection. If you submitted a notification token (email/phone), you may request deletion by emailing privacy@oxfordmetroanalytics.com.

Regulatory Compliance

Our data collection and processing infrastructure is designed to be fully compliant with the Nigerian Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act 2023, and meets GDPR adequacy standards for user anonymity.

Cookies

We set one first-party cookie: oma_vid, a 30-day anonymous voter identifier. This cookie contains only a randomly generated UUID — no personal data. It is used exclusively to prevent duplicate vote submissions. No third-party tracking cookies, advertising pixels, or analytics services are deployed on this platform.

🔒 Your response is anonymous and used only for aggregated public research. Oxford-Metro Analytics does not publish individual responses or sell personal data.

Privacy contact: privacy@oxfordmetroanalytics.com