Privacy Policy (STARK Ballot Simulator)
Effective Date: 2026-01-18
This policy explains how I handle information in "STARK Ballot Simulator" (the "Service") provided at stark-ballot-sim.hwatanabe.dev.
1. Nature of the Service
This Service is a proof of concept (PoC) for educational and demonstration purposes, showcasing verifiable voting using cryptographic technology.
2. Information I Collect
2.1 Information You Provide
- Vote choice (A through E)
This Service does not require you to provide personal information such as your name or email address.
2.2 Automatically Collected Information
- IP address: Temporarily used for rate limiting to prevent unauthorized access
- Access logs: Request timestamps, User-Agent, accessed URLs, error information
2.3 Information Stored on Your Device (Cookies/Local Storage)
- Session information: Vote content, commitments, verification data
- Knowledge panel: Records of the verification process (for educational display)
- Language preference: Display language selection (Japanese/English)
- Execution history: zkVM aggregation count (for rate limiting; entries older than 24 hours are removed on the next visit)
3. Purpose of Use
- Providing the Service (executing voting, aggregation, and verification flows)
- Preventing unauthorized access and spam (rate limiting)
- Troubleshooting and quality improvement
4. Data Retention Period
Server-side
| Data | Retention Period |
|---|---|
| Session/voting data | During voting: 30 min / During verification: 24 hours |
| IP address (rate limiting) | Up to 24 hours |
| Proof data (S3) | 30 days |
| API logs | 14 days |
| Audit logs (CloudTrail) | 90 days |
Browser-side
| Data | Retention Period |
|---|---|
| Session information | During voting: 30 min / During verification: 24 hours |
| Knowledge panel | Until manually deleted |
| Language preference | Until manually deleted |
| Execution history | Removed on next visit if older than 24 hours |
Execution history entries older than 24 hours are removed on the next visit (except for the knowledge panel and language preference). Data stored in your browser can be deleted through your browser settings.
5. Third-Party Services
This Service uses the following services. Your data may be transmitted to and stored by these services.
- Cloudflare: For security measures (Turnstile). Request information including IP addresses is sent to Cloudflare.
- Amazon Web Services (AWS): Infrastructure platform. Data is stored on AWS servers (Tokyo region).
I do not sell personal information to third parties.
6. Amendments
This policy may be amended as necessary. Amended content will take effect upon publication on this Service.
7. Contact
For inquiries about this policy, please contact me via GitHub Issues.