Security
KenyaPoll is designed with a security-first mindset. We protect polls from abuse, tampering, and duplicate voting using layered controls. This page outlines our security approach and what to do if you discover an issue.
Vote Integrity Controls
- Single-vote enforcement per poll (hashed identifiers).
- Session tracking for fraud analysis (without storing sensitive IDs in plain text).
- Geographic scope validation (county/constituency/ward checks).
- Optional geofencing (country/county/radius enforcement where enabled).
Platform Security Controls
- CSRF protection on sensitive actions.
- Input validation + prepared statements to reduce SQL injection risk.
- Content Security Policy (CSP) to reduce XSS and injection attacks.
- Security headers (nosniff, frame protections, referrer policy).
Admin Access
Admin access is protected by Google sign-in and creator KYC gating. Administrative functions can be restricted by role, and suspicious activity can trigger suspension.
Responsible Disclosure
If you discover a vulnerability or exploit, please report it privately with reproduction steps. Do not publicly disclose unpatched vulnerabilities.
Include: affected URL, steps to reproduce, expected behavior, screenshots if any, and impact assessment.
Security Reminder
KenyaPoll does not permit manipulation or fabrication of vote counts. If you see suspicious activity, report it via the abuse report page.