Security & Data Integrity
Design against manipulation from the start.
Any civic platform that claims to count public priorities must expect spam, bots, duplicates, impersonation, and coordinated manipulation.
Current v2 defenses
- Honeypot fields on all public forms.
- Cloudflare Turnstile support with required server-side validation when configured.
- Server-side length, email, consent, and content validation.
- Rate limiting by hashed IP + form type.
- Duplicate detection by hashed email + recent window.
- Security event logging without storing plain IP addresses.
- Pending moderation by default.
Future hardening
- Independent code review.
- Public methodology snapshots.
- Signed audit exports.
- Research advisory board.
- Optional identity verification for higher-confidence samples.
- Formal privacy and data retention policy.
Security & Integrity Commitment
Count & Deliver recognizes that trustworthy civic infrastructure must protect against spam, manipulation, and abuse. Our system combines verification procedures, automated abuse prevention, duplicate detection, moderation review, and transparent publication standards.
Security is an ongoing responsibility. As technology evolves, our protections will continue to improve with guidance from independent experts and public scrutiny.