Security & Architecture
Access codes and anonymity
2 min readUpdated May 6, 2026
Heads up — Access codes are for strong anonymity: the product is not built to show admins “which code matched which response.” You still get per-code limits (one response per code) where that mode applies.
Access codes let admins distribute unique codes to respondents while maintaining strong anonymity. InviziPoll is designed so a used access code cannot be tied back to a specific stored answer in the service—enforcement stays strong without turning codes into a tracking mechanism.
How access codes work (in the product)
- Each respondent receives a code (email, Slack DM, print, or another channel you choose).
- When they submit, their browser proves the code is valid in a way that doesn’t let the service pair that code with their specific answers afterward. Only the encrypted response is kept for results; the product is not built to answer “which code produced which row?” in admin tools.
- Stored answers do not include fields that link a particular code to a particular response in admin tools.
What this means for privacy
The service is not built to answer “which code belongs to which answer?” from ordinary operational data. You still get one response per code where that mode applies, without per-respondent tracking in results views.
Comparison with open links
| Feature | Open link | Access codes |
|---|---|---|
| Anonymity | Strong (encrypted responses) | Strongest (encrypted + structurally unlinkable codes) |
| One response per person | Depends on poll mode | Yes (per code), when codes are required |
| Recipient list required | No | Optional (codes can be distributed offline) |
| Offline distribution | N/A | Practical (print or export) |
Related docs
- Encryption model overview
- Slack integration (DM code delivery)