Online Voting – FAQ & Security

• Each eligible member receives a unique, one‑time voting link (token).
• The token is used only to check that you are allowed to vote and that you vote only once.
• Your actual choices are stored separately from the token – no report shows who voted for whom.
• During result viewing we only see totals and counts, not individual identities.

So the system can enforce “one person, one vote” without revealing how any individual voted.

Server & Database Security

• Dedicated web server hosted in Singapore for good performance and low latency.
• Database (MariaDB) runs on localhost only – the database port is not publicly accessible.
• Only the application server can talk to the database; there is no direct external access.
• Access to both server and database is restricted and monitored.

Data Encryption

• SSL certificate installed – all traffic uses HTTPS.
• Data in transit is fully encrypted, so your vote cannot be intercepted on the network.
• Industry‑standard encryption protocols are used throughout.

• Emails are sent from a dedicated mail server with proper authentication records (SPF, DKIM, DMARC).
• Using a self‑hosted SMTP server helps prevent security codes and voting links from leaking into third‑party systems.
• Email systems can verify that the message really came from the association and was not spoofed.

Always check that the email is from our official address before clicking any voting link.

• Each member gets a unique, one‑time voting link which automatically expires after use.
• Links work only for approved recipients – they cannot be reused or forwarded to give extra votes.
• Responses are stored in a secured database and cannot be edited after submission.
• Results are visible only to authorized admins and normally only after the poll is closed.
• All activity can be audited using LimeSurvey’s logs and exports for full transparency.

• Open‑source platform – the code is public and can be inspected by anyone.
• Receives regular security updates from the LimeSurvey project.
• Used by major international organizations for sensitive and confidential data collection.
• Follows standard web‑security best practices (input validation, CSRF protection, permission system, etc.).

• Raw results and exports are restricted to the election admins appointed by the association.
• During the mock election demo we can share the screen so members can see exactly how results are generated.
• Only aggregated counts (how many votes each option received) are shared with the community.

• Give residents a chance to practice online voting before the real elections.
• Allow everyone to see the complete flow – email, link, voting pages, confirmation, and result viewing.
• Collect feedback about usability, clarity, and trust so we can improve before the official vote.

Please participate in the mock election and share any feedback or suggestions with the election team.