InviziPoll
Get StartedSign In
All docs
Security & ArchitectureSecurity reviewers, IT, workspace admins

Encryption model overview

2 min readUpdated May 6, 2026

Cryptographic building blocks

Cryptography runs in your browser using well-established algorithms and reviewed libraries. In practice you will see:

  • Classical public-key and symmetric encryption for older polls and key wrapping.
  • Strong symmetric encryption for payloads and wrapped key material.
  • Password-based key derivation when you protect backups with a password.
  • Post-quantum hybrid protection for polls and responses on the newer key version. See Post-quantum cryptography.

Passkeys can protect key material without typing a password when your authenticator supports it.

Account: collaboration key and backup

  • Each admin has a collaboration keypair. The public half is registered with the server; the private key stays in the browser or in a password- or passkey-protected backup.
  • Cross-device backup uses a versioned file format with password- or passkey-protected contents. Sensitive key material stays in protected browser storage on your devices—not in simple, easy-to-scrape website storage.

Folder and poll keys

  • Folder keys are symmetric keys used to wrap other keys. Each authorized collaborator receives their own wrapped copy; the server stores only ciphertext.
  • Polls in shared folders store the poll private key wrapped by the folder key, so collaborators unwrap in sequence without the server seeing plaintext keys.
  • Enterprise-style workspaces may add an organization master key layer so designated owners can maintain continuity. Only wrapped material is stored server-side.

Poll keys and versions

Published polls include the public key material respondents need so answers are encrypted with the correct algorithm set (classical versus post-quantum hybrid).

Respondent encryption

Classical key version

The respondent browser encrypts the answer payload with a symmetric key, then protects that key using the poll’s published classical public key. InviziPoll stores a single encrypted package it cannot read without the poll’s private key.

Post-quantum hybrid key version

The respondent browser uses the poll’s published hybrid public key to establish a shared secret, then encrypts the payload with strong symmetric encryption. InviziPoll stores encrypted content it cannot turn back into answers without the poll’s private key.

What the server stores per response

Responses are stored as opaque encrypted blobs associated with the poll. The platform does not retain per-response timestamps, ordering metadata, or plaintext—supporting aggregate-only analytics and anonymity guarantees.

When results are available, authorized admins receive encrypted submissions in an order that does not reflect when each person responded—so a simple list view does not reveal timing or sequence.

Workspace recovery file

Downloadable recovery files use a versioned envelope: public metadata (workspace name and timestamp), an integrity check over the inner backup, and a nested password-protected backup. Details: Recovery, emergency kit, and device handoff.

Where to go next