FAQs about online voting

You'll receive your access data to the online voting system and the link to your online election via email. The email will be sent by POLYAS. When you log-in to our voting system you'll be guided through the voting procedure in three easy steps.

Watch this video about how online voting with POLYAS works!

You will receive your access data and the link to your online election via email that you receive from POLYAS. Alternatively, your election organizer can transmit your access data to you by post or via Secure link. Once you have logged in to the POLYAS voting system, you can cast your vote in 5 easy steps. 

If you still have not received your access data via email or cannot find it, contact your election organizer who can then send it to you again. 

You don't need special internet skills to voting online with POLYAS. This is because our system is created to be intuitive to use and you are provided with the information on every further step. The online voting system operates like a website, so if you know how to navigate a website, then you'll be more than comfortable voting online with POLYAS.

Once logged into our voting system with your access data, you'll be guided through the process of casting your vote in five easy steps.  

You don't need special software to cast your vote online. Access to the internet and an email account is all you need to vote online with POLYAS.

POLYAS voting software (version CORE 2.2.3) meets the requirements of the international protection profile according to Common Criteria standards and was the first online voting software to be certified by the German Federal Office for Information Security.

The protection profile for secure online voting products conforms to the highest security standards upheld in fair and free elections. You can therefore rest assured that elections with POLYAS are safe and secure.

Read more about the certified online voting software POLYAS CORE 2.2.3.

A fair election in POLYAS CORE 3.0 voting system is guaranteed by use of cryptographical and mathematical methods. For example, the secrecy of the ballot is ensured by asymmetric encryption methods. After casting a vote, it is impossible to determine for whom individuals have voted in the election.

Yes, the secrecy of the ballot is protected in online elections with POLYAS.

After logging into the online voting system with POLYAS CORE 2.2.3., an anonymous token is generated for you. This token does not allow to deduce any information concerning your identity. After casting your vote using this token, your token will be deleted and the electoral roll will be notified that no new token can be generated for this access data.

That is how the electoral roll knows that you took part in the election without knowing how you voted. The digital ballot box knows that the ballot has been filled out but cannot know who filled it out. The only person who knows how you voted is you, ensuring the secrecy of the ballot is maintained.

After casting a vote, it is impossible to determine who individuals have voted for in the election: the voter’s personal data is completely anonymous and separated from the ballot, so it would be impossible to determine how voters have cast their vote.

POLYAS CORE 3.0 guarantees the secrecy of the ballot through asymmetrical encryption methods: Voters’ identity is anonymized when voting online and separated from the voting process, so that there would be no access to information concerning voters’ identity.

This is how the secrecy of your ballot is maintained using POLYAS CORE system and according to the main election principles. 

After logging into the online voting system our server will want to place cookies on your computer. This “session cookie” does not include any personal data and will not be evaluated by us - it's only there to help you to cast your vote. The cookie enables us to guarantee that you can vote online with every operating system and browser. Once you close your browser, the cookie will be automatically deleted.

We ask that you allow cookies so that you can benefit from the highest level of security while voting online. The alternative to this would be using a session-ID which still can be read by third parties. To prevent this, we use the “session cookie” to ensure the secrecy of the ballot is maintained.

Our voting system is compatible with most of the internet browsers.  The following browsers will enable a seamless utilization of POLYAS online voting system:

• Chrome
• Firefox
• Internet Explorer 
• Opera
• Safari
• Edge

Yet is important to regularly update your browser to maintain the security of your internet connection.

In this case, you might be using an outdated version of your internet browser.  Please check if any updates for this browser are available and download the latest version of your browser. 

If you are still having problems while connecting to the voting system, please contact your election organizer. 

You might have clicked on the “back” button while casting your vote. In this case, re-log in to the voting system using the instructions given in your election invitation and restart your voting. If you are still having problems while casting your vote, please contact your election organizer. 

As you do not have to download any software to be able to vote with POLYAS, you will not have any problem with the operating system of your computer or smartphone. All the existing operating systems for computers, laptops, smartphones and tablets are supported. The only thing that is important is that you have the latest version of your browser installed on your device. The following browsers are supported by POLYAS: 

• Firefox 
• Internet Explorer 
• Chrome
• Opera
• Safari

If you have cast more votes than it is allowed by the election rules, the voting system will notify you about it. Then you will have a chance to either change or confirm your vote. If you still confirm your vote, it will be counted according to the election rules as invalid. 

Once you have logged in to the voting system and have been inactive for the past 15 minutes, the automatic log out activates to maintain the security of your voting. Your selection is not saved in the system if you have exceeded the time limit.  In this case, re-log in to the voting system within the given time period for the election and cast your vote again. 

Your vote is not saved in the system if you cancel or interrupt your voting. In this case, re-log in to the voting system within the given time period for the election and cast your vote again.

Get informed in our help center or ask for service using our request form - We're here to make online elections a reality for you!

No external software is required to use POLYAS. POLYAS works as a purely Internet-based application.

The voter only needs an Internet connection and an email account. Online voting works regardless of the operating system (Windows, MAC OS, Linux) and regardless of the browser (Firefox, Safari, etc.) or the device used (PC, tablet or smartphone): online voting is available to anyone, anywhere.

Furthermore, the election manager can easily set up an online election without additional software. You can create ballots, the electoral roll and additional information for the election within the space of 10 minutes. Click here to see how online voting works with POLYAS.

To conduct your first online election with POLYAS, all you need is a free account with us.

You'll then have the following options once in the POLYAS Configurator:

• Create your ballot online, with practical templates for various elections
• Select the number of available votes on the ballot, according to your election rules
• Upload the electoral roll as an Excel-file
• Test your online election with up to five test voters
• Select the election period and decide when your voters should receive their invitations for election 
• Seal the election 
• During the election: view voter turnout in real time
• After the election: download the election results as a PDF-file

Test POLYAS for free now in your first online election!

The high level of user-friendliness of POLYAS' Online Voting system makes it very easy for even inexperienced Internet users to vote online. Voting is carried out in five steps - at every step we have included easy-to-understand explanations and help texts to make the voting experience as simple as possible.

Read more about the features of POLYAS Online Voting.

Eligible voters receive all the necessary data concerning the election (e.g. URL of the voting system) through the dispatch method you have chosen.  Using this data, your eligible voters can access the voting system and start casting their vote. In the second step of the voting process, the access data is automatically anonymized. 

The ballot is then displayed to the voters, and they can cast their vote with the click of a mouse. The completed ballot will appear again for confirmation before the vote is officially cast. If the voter clicks on “Cast binding vote” button again, voting is completed and cannot be changed anyhow.  

Click here to see how online voting works from the perspective of the election organizer.

In the POLYAS online voting system, voters log in to the election system using two credentials they receive via email from POLYAS: a voter ID and a one-time password.

Whilst the voter ID is taken directly from the electoral roll, the password is created automatically through secure algorithms. When logging into the online voting system, a POLYAS CORE 2.2.3 software generates a token used by the voters to cast their votes. Since the access data is separated from the voting process, no information about the voter’s identity can be accessed. Once voters have cast their votes, the information about it is displayed in the electoral roll. Voters then see a “has voted” notification in the electoral roll. After the voting is completed, no other token can be generated and no other votes can be cast. The electoral roll then recognizes that the person took part in the election, however because of the spatial and systemic separation of the electoral roll and the ballot box, how individual voters have voted is untraceable. This ensures that the secrecy of the ballot is maintained and democratic electoral principles are upheld.

POLYAS CORE 3.0 software ensures anonymous voting exactly the same way as the abovementioned POLYAS CORE 2.2.3.:  a key pair consisting of one private key and one public key is generated. The ballot is encrypted with the public key and can be decrypted using the private key only. After casting a vote, it is impossible to determine for whom individuals have voted in the election: the voter’s personal data is fully anonymous and separated from the ballot, so it would be impossible to determine how voters have cast their vote.

Read more about secure authentication.

POLYAS authenticates voters based on multiple identification elements. A frequently used method of identification utilizes a voter ID and a password: the voter is approved by combining a personal identification number, for example a membership or employee number, and a password generated by the system which is known only to the individual voter.

Click here for more information about the high standard of security at POLYAS.

The voter logs on with the ID and password combination. The voter can log into the online voting system with the ID and password combination any number of times - but can only cast one valid vote. Voting in the POLYAS CORE 2.2.3. online voting system requires that the voter has a token. Once the vote has been cast the token is deleted - thus preventing voters from casting unauthorized additional votes. 

In POLYAS CORE 3.0 voters can also vote only once. As soon as a voter has cast their vote, it is marked in the electoral roll and the voter cannot log in to the voting system again.

You can simply log in to the online voting manager search for the voter’s credentials in the electoral roll and send them again via email. 

For security reason, it is not possible to manually create a new password. This is necessary to avoid unauthorized additional votes.

For security reasons, the components of POLYAS' online voting system are stored in various German data centers. We also make regular back-ups of the elections to ensure a permanent, safe and secure vote. 

The POLYAS online voting system is hosted on the Open Telekom Cloud since it provides the storage of all data in parallel using two data centers of identical construction as TwinCore. In this way, even in the event of a failure on one side, access to the data in the other data center is possible without interruption, which guarantees permanent data availability (availability of 99.999 percent).

After you have created, configured and started your election, the election is "sealed" by the system.  Once an election is sealed, all security parameters are activated and the data is distributed to the ballot box, the electoral roll, the validator and the election administrator. Each sub-system is individually protected and they only communicate through encryption.

Once an election is "sealed" it is backed up and can no longer be edited.

Yes, you can create several ballots for one election.

Yes, but only to individual voters. It's not possible to send all emails again. 

The ballot box in POLYAS online voting system CORE 2.2.3 gets a clear, unique checksum (64-figure hexadecimal number). If any changes are made to the file, the checksum changes. The checksum can be verified with a verification tool.

POLYAS CORE 3.0 offers your eligible voters various options for verifying the correct course of the election and the correct vote count.

The universal verification offers the election organizer a possibility to use an open source verification tool to check whether all the processes of the election as well as the counting went on with integrity. In addition, POLYAS online voting system is protected against Brute Force and DDoS attacks by restricting access attempts to the systems per unit of time and by distributing the system on separate servers in order to avoid a Single Point of Failure.

Learn more about verification at POLYAS!

You can initiate an electronic recount at any time since the ballots are also stored for a certain period of time for archiving, even when voting online. Personal data can also be deleted earlier upon your request. You can use the POLYAS CORE 2.2.3. verification tool to double-check the results of your online election.

You can check your online voting process in POLYAS CORE 3.0 the same way as in POLYAS CORE 2.2.3 using a verification tool that is available to you. You can check whether all the processes of online voting and vote counting went correctly. Verifiability in POLYAS CORE 3.0 is enabled by cryptography methods: zero-knowledge proofs make the mixing process, decryption and counting of the ballots traceable while maintaining the secrecy of the electoral process.

Get informed in our help center or ask for service using our request form - We're here to make online elections a reality for you!

POLYAS voting software (version CORE 2.2.3) meets the requirements of the international protection profile according to Common Criteria standards and was the first online voting software to be certified by the German Federal Office for Information Security.

The protection profile for secure online voting products conforms to the highest security standards upheld in fair and free elections. You can therefore rest assured that elections with POLYAS are safe and secure.

Read more about the certified online voting software POLYAS CORE 2.2.3.

A fair election in POLYAS CORE 3.0 voting system is also guaranteed by use of cryptographical and mathematical methods. 

POLYAS CORE 3.0 online voting software protects your voting data according to European General Data Protection Regulation by restricting access to both election and voters’ data, applying high-quality security measures for data processing and performing backups on a regular basis. A high-performance security concept ensures the availability of a secure online voting system. In addition, the POLYAS CORE 3.0 offers election officers and eligible voters an opportunity to use independent verification tools to check whether the correctness of the online voting process.

We have established appropriate safety measures with our hosting partner, for example with regards to redundant hard disks, backups, fire safety, access control and interruption-free power supply.

More about POLYAS system architecture. 

The block checksum is used to avoid tampering with votes in the ballot box. Each 30 votes create a block. The votes are arranged randomly so that the time when each vote was cast cannot be deduced. Through the block a SHA-256-checksum is created. The checksum will be entered into the electoral roll. Starting with the second block, the previous checksum will be included. If a vote is tampered with, the block checksum and all following checksums will not match.

POLYAS CORE 3.0 offers methods for individual verification that allows you to check the correctness of the online election. Verifiability in POLYAS CORE 3.0 is enabled by cryptography methods: zero-knowledge proofs make the mixing process, decryption and counting of the ballot papers traceable while maintaining the secrecy of the electoral process.

Read more about verifying the election result!

The host checks every 30 minutes if more votes have been cast in an election. As soon as this is the case, a backup of the whole election system is created and copied to another data center. 

Yes, the electoral roll and votes already in the ballot box are on separate servers at POLYAS. This way we ensure that democratic electoral principles are upheld and the secrecy of the ballot is protected.

Read more about the secrecy of the ballot at POLYAS!

Yes. Voting is done through an encrypted connection (HTTPS). For this, POLYAS uses a SSL-server-certificate by D-Trust GmbH.

Additionally, POLYAS online voting system CORE 3.0 encrypts votes on the respective voter’s mobile voting device.

No. POLYAS works with reliable and certified servers of Open Telekom Cloud (OTC) which provide the highest security level. All the servers used by us are operated in the European Union.

Yes. The web server, which makes the application available, is reached via internet and is placed behind a firewall in a DMZ (demilitarized zone = network with secured technical controlled access to the connected computers) and is therefore protected against attacks from the internet. 

Yes, the IP addresses are saved by the operating system as part of the TCP connection in kernel and also made available in the application servers running on them. However, tracking of neither click flow nor user behavior takes place. The IP addresses are kept in memory to ensure that only a certain number of requests per IP address and time period is possible. This is used to protect against Brute Force attacks. The IP addresses are not saved for a later evaluation.

First of all, POLYAS stops so-called Brute-Force-attacks by limiting the number of tries per time unit and IP-address of the client.

Moreover, POLYAS' online voting system has a 24/7-monitoring and alert system, which contacts POLYAS employees via SMS. We identify security breaches in the system through regular hacker tests (penetration tests) and security audits - any breach results in the system shutting down. 

Get informed in our help center or ask for service using our request form - We're here to make online elections a reality for you!

Address, name, email address, membership number or the login name, which is used by the voter in the intranet of the election organizer, is processed in an online election. 

When creating your election, you can choose to include authentication via SecureLink. No personal data is used to log on to the voting system. In addition, no personal data is saved in the electoral roll. It's also possible that the client runs the electoral roll themselves to avoid the risk of personal data being saved by third parties.

Learn more about secure authentication with SecureLink! 

No, by using the SecureLink authentication with anonymized user-IDs (e.g. a mapping-table on the website of the election organizer can be used), no personal data is used to log on to the online voting system. Furthermore, no personal data is saved in the electoral roll.

Learn how authentication using SecureLink works!

Get information about intranet-connection via SecureLink from our election experts!

Yes > if personal data of your voters is saved at POLYAS.

No > if you as the election organizer operate the electoral roll yourself or if a SecureLink authentication with an anonymized ID is used.

If you as our client wish to sign a data processing agreement then we are obliged to do so.

Let our voting experts advise you now! 

Yes, you can find the data processing agreement attached on our Terms and Conditions page.

A claim can only arise if you as election organizer signed a data processing agreement with us.

The voter data is archived / blocked after the election and the number of authorized persons with access to it is reduced.  As no (special) law or individual statute or (electoral) order stipulates a special retention period, we will retain voter data according to the general statute of limitations for three years, beginning with the end of the year in which the election took place.

Yes, because POLYAS works with personal data, we are obliged to have a data protection officer according  §37 EU General Data Protection Regulation (GDPR).

POLYAS' data protection officer is:

Simone Rosenthal, ISiCO Datenschutz GmbH, Am Hamburger Bahnhof 4, 10557 Berlin, Germany

Get informed in our help center or ask for service using our request form - We're here to make online elections a reality for you!