Introducing Voter.Care: privacy-first digital voting
Why we're building this
Digital voting has a credibility problem. Most existing systems ask you to trust a central server that you can't inspect, operated by a company whose security processes you can't audit. The UK's current organisational ballot market is dominated by a single incumbent whose systems lack end-to-end verifiability — meaning neither voters nor scrutineers can independently confirm that votes were counted as cast.
We think that's not good enough. Not for trade union ballots, not for political party leadership elections, not even for audience polls at a live debate.
The core design principle
Everything in Voter.Care flows from one principle: no central store of personal data.
Conventional systems link your identity to your vote — they know who you are and which way you voted. They claim they keep these separate, but the link exists in a database somewhere, and you have to trust that it's never accessed or leaked.
Our approach is different. Using zero-knowledge proofs (specifically, the Semaphore protocol), voters prove they're eligible without revealing who they are. A one-way nullifier — derived from their private credential — prevents double-voting without ever storing a link between identity and vote choice.
The system can detect fraud without holding the data that would need protecting.
Two products, one engine
We're building two products:
Votercare Lite — for live events, entertainment, and lower-stakes organisational ballots. Lightweight eligibility, real-time dashboard, ZK proof verification. Fast to deploy, affordable at scale.
Votercare Max — for political parties, trade unions, and high-stakes governance. Full in-person identity proofing, threshold trustee decryption, coercion resistance, revoting, and UK Code of Practice compliance.
Both share the same cryptographic core. What differs is the identity assurance level at the front door.
Building in public
We're documenting everything: our design decisions, our threat model, the academic papers we're building on. Not as marketing — as a genuine record of what we're claiming and why. If we get something wrong, we want to know.
The code will be fully open source before any real votes go through it, and an independent third-party cryptographic review is a non-negotiable prerequisite before Votercare Max handles a real ballot.
If you're interested in what we're building — as a potential customer, a collaborator, or just a curious observer — get in touch.