🗳️Poll City← Legal Centre
Campaign Customers

Campaign Data & Voter List Addendum

Effective date: May 28, 2026  ·  This addendum forms part of the Poll City Terms of Service

This addendum clarifies the responsibilities of campaign customers when importing, uploading, and using voter data, supporter lists, and other contact data through Poll City. It supplements (and does not replace) the main Terms of Service.

Contents

  1. 1. Overview
  2. 2. Customer's Legal Authority
  3. 3. Permitted Purposes
  4. 4. Prohibited Uses
  5. 5. Poll City's Role as Data Processor
  6. 6. Import Source Labelling & Audit Trail
  7. 7. Compliance Controls Provided
  8. 8. Contact

1. Overview

Canadian political campaigns receive voter lists as a standard part of campaign infrastructure. Federal candidates receive the National Register of Electors. Provincial candidates receive voter information from their provincial elections authority. Municipal candidates receive voters’ lists under the applicable Municipal Elections Act.

Poll City is designed to supercharge what campaigns can do with this data — organizing canvassing, tracking voter contact, coordinating GOTV, and building supporter relationships — while ensuring that campaigns meet their obligations under elections law and applicable privacy legislation.

The campaign customer is the data controller for all voter and supporter data they import into Poll City. Poll City is the data processor, handling data only as instructed by the campaign. The campaign is responsible for the legal basis of its data collection and use.

2. Customer’s Legal Authority

By importing any data into Poll City, the campaign customer represents and warrants that:

  • They have the legal right to upload, store, and use the data for campaign purposes under applicable elections law and privacy legislation, including (as applicable):
    • Canada Elections Act (federal voter lists)
    • Ontario Municipal Elections Act or applicable provincial legislation (municipal/provincial voters’ lists)
    • Personal Information Protection and Electronic Documents Act (PIPEDA)
    • Canada’s Anti-Spam Legislation (CASL) for any communication use
  • Data collected through campaign websites, events, or volunteer sign-ups was collected with appropriate disclosure, and with CASL-compliant consent for any email or SMS communications.
  • Voter list data received from an elections authority is being used only for the purposes permitted by the authority that issued it (typically: direct voter contact for the campaign).
  • The campaign has authority to process data on behalf of any third parties whose information is included in an import (for example, supporter data collected by a predecessor campaign).

3. Permitted Purposes

Voter and supporter data imported into Poll City may be used for:

  • Canvassing and direct voter contact in support of the campaign
  • GOTV planning, walk list generation, and Election Day operations
  • Campaign communications (email, SMS) to individuals who have consented to receive them under CASL
  • Volunteer recruitment and coordination
  • Donation solicitation in compliance with applicable campaign finance law
  • Internal campaign analytics and reporting
  • Merging with other campaign data sources held by the same campaign

4. Prohibited Uses

The following uses of imported data are prohibited and may result in immediate account suspension and referral to applicable authorities:

  • Selling or commercially exploiting voter data: Voter list data received from an elections authority may not be used for commercial purposes or transferred to any third party for non-campaign use.
  • Voter suppression: Using contact data to discourage eligible voters from voting, spread misinformation about voting procedures, or intimidate voters.
  • CASL non-compliant messaging: Sending bulk emails or SMS messages to individuals who have not provided CASL-compliant express or implied consent.
  • Cross-campaign data sharing: Using data from one campaign for the benefit of a different campaign without the explicit consent of the individuals in question.
  • Retention beyond permitted period: Retaining voters’ list data beyond the period permitted by the issuing elections authority — typically until after the election to which the list pertains.
  • Unauthorized sub-processing: Sharing access to imported data with third parties not covered by these terms and the applicable elections authority’s restrictions.

5. Poll City’s Role as Data Processor

Poll City acts as a data processor (or “service provider” in PIPEDA terminology) on behalf of the campaign. This means:

  • Poll City processes imported data only for the purpose of providing the Campaign OS platform services the customer has subscribed to.
  • Poll City does not sell, rent, use for advertising, or otherwise commercialise campaign data beyond the scope of service delivery.
  • Poll City stores data on secure infrastructure (Railway PostgreSQL, hosted in Canada or the United States with contractual protections) and applies appropriate security controls.
  • Poll City may process data through sub-processors (for example, Twilio for SMS, Anthropic for AI assistance) — these are listed in the Privacy Policy. Sub-processors are bound by appropriate data processing terms.
  • Upon account termination, the campaign has 90 days to export data. After that period, data is deleted from active systems subject to legal retention requirements for financial records.

6. Import Source Labelling & Audit Trail

Poll City’s import system requires campaigns to declare the source of each imported dataset before completing an import. Source categories include:

  • Ontario Electoral voters’ list
  • Elections Canada National Register
  • Own supporter / sign-up data collected by the campaign
  • Prior campaign data
  • Volunteer list
  • Donor list
  • Event attendee list
  • Mixed sources

Source declarations are stored in an immutable audit log linked to each import. This provides an evidentiary record that can demonstrate compliance with elections authority requirements and CASL consent tracking.

Each import record includes: the importing user, timestamp, IP address, declared source type, and the acknowledged version of this addendum.

7. Compliance Controls Provided by Poll City

Poll City provides the following compliance controls to help campaigns meet their obligations:

  • Unsubscribe / Do Not Contact: Every bulk email or SMS message includes a legally compliant unsubscribe mechanism. Unsubscribe requests are processed automatically and permanently suppressed from future sends.
  • CASL consent records: The platform maintains a consent ledger per contact, recording the type, channel, source, and date of consent for campaign communications.
  • SMS STOP handling: STOP, STOPALL, and equivalent opt-out keywords are automatically processed and suppress future SMS messages to that number.
  • Email bounce and complaint handling: Hard bounces and spam complaints are automatically suppressed from future sends.
  • Deceased contact suppression: Contacts marked as deceased are automatically excluded from communications.
  • Data export: Campaigns can export all their data at any time via Import/Export in the platform settings.
  • Compliance dashboard: A real-time view of consent statistics, opt-out rates, and data source breakdown for each campaign.

These controls support compliance but do not guarantee it. The campaign remains responsible for understanding and following all applicable elections laws and privacy legislation.

8. Contact

Questions about this addendum, data processing practices, or compliance controls should be directed to:

Poll City — Legal

Email: legal@poll.city

Privacy Officer: privacy@poll.city

This addendum may be updated from time to time to reflect changes in law or platform capabilities. Material changes will be communicated to campaign customers with at least 14 days notice before taking effect. Continued use of the import feature after the effective date constitutes acceptance of the updated addendum.

© 2026 Poll City. All rights reserved.
Terms of ServicePrivacy PolicyLegal Centre