How does Rafflecopter work?

Paste a link to your social media post (Instagram, TikTok, YouTube, etc.), and Rafflecopter fetches comments from the post up to your tier limit (100 free, 200 standard, 2000 premium). Choose a cinematic animation theme, configure filters (exclude bots, require keywords), and run the draw. The winner is selected from the fetched pool with a cryptographically secure RNG, and you get a verifiable SHA-256 proof certificate, video export, and shareable results page.

Is Rafflecopter really free?

Yes. Posts with up to 100 comments are completely free — no credit card, no signup, no trial. We monetize via pay-per-draw pricing for larger posts ($4.99 standard, $7.99 premium). The free tier is permanent, not a trial.

How is the draw fair and verifiable?

Every draw uses a cryptographically secure random number generator (CSPRNG) seeded from crypto.getRandomValues. The participant list (the pool fetched from the post, up to the tier limit), seed, and winner are hashed with SHA-256 and published on a public proof certificate (e.g., rafflecopter.app/proof/[code]). Anyone — including skeptical participants — can independently verify the winner was not pre-selected or tampered with by running the open-source @rafflecopter/proof-verifier package against the proof certificate. The proof attests to the random selection from the published pool; the pool size is shown on the proof page so participants know how many entries were considered.

Do I need 1,000 followers to go live?

No. Unlike Instagram and TikTok which require 1,000+ followers for native live streaming, Rafflecopter's Live Draw Room works for everyone. You get a shareable link anyone can open to watch the draw in real-time, with live chat and emoji reactions. No follower minimum, no app download.

What platforms are supported?

Rafflecopter supports 8 social networks: Instagram, TikTok, YouTube, Facebook, X (Twitter), Reddit, Threads, and Bluesky. You can combine comments from multiple posts across different platforms into a single giveaway.

Can I customize the giveaway animation?

Yes. With Standard ($4.99/draw) and Premium ($7.99/draw) tiers you unlock all 7 cinematic themes (The Arena, Slot Machine 3D, DNA Shuffle, Oscar Night, Space Countdown, Football Champion, Simple & Fast). Premium adds custom logos, brand colors, and live draw rooms.

Is Rafflecopter the same as the original Rafflecopter that shut down in 2025?

Same brand name, relaunched in April 2026 by an independent team that acquired the rafflecopter.app domain after the original was discontinued in October 2025. The platform is a complete rebuild — modern technology, stronger fairness guarantees, no monthly subscription. Same mission: fair, verifiable, cinematic giveaways.

How do I run a giveaway on Instagram step-by-step?

(1) Create your Instagram post with clear entry rules (e.g., 'comment your favorite color to enter'). (2) Wait for entries to come in. (3) Open rafflecopter.app/giveaway/new and paste the post URL. (4) Pick an animation theme. (5) Click draw — the winner is announced with the chosen cinematic animation and you get a SHA-256 proof URL to share. Total time from paste to winner: under 60 seconds.

What if the chosen winner does not respond or is ineligible?

Use the multi-winner feature: draw 1st, 2nd, and 3rd place at the same time. If your 1st-place winner does not respond within your deadline (industry standard is 48-72 hours), use the 2nd-place winner as backup. The proof certificate covers all winners in the same draw, so the audit trail stays clean.

Is Rafflecopter GDPR, CCPA, and LGPD compliant?

Yes. Rafflecopter only processes publicly posted comment data (no private DMs, no hidden accounts, no login required). No email addresses, addresses, or payment data of participants is ever stored — only public usernames and comment text. Hosts pay anonymously per draw; no account creation required. Complies with GDPR, CCPA, and LGPD data-minimization principles.

Can I run a giveaway across multiple posts or platforms at once?

Yes. You can paste multiple post URLs (Instagram, TikTok, YouTube, etc.) into the same draw. Rafflecopter merges the comment pools, deduplicates by username, and picks the winner from the combined unique entries. Useful for cross-platform campaigns.

Does Rafflecopter have a mobile app?

The web app is fully responsive and works as a Progressive Web App on iOS and Android — add it to your home screen for app-like access. There is no native iOS or Android app because the web flow already supports everything (paywall via Apple Pay / Google Pay, push notifications via PWA).

Can I export the participant list and winner data?

Yes. Every draw generates a public proof page (rafflecopter.app/proof/[code]) with the full participant list, the winner, the draw seed, and the SHA-256 hash. You can also download the participant list as CSV from the draw results page on Standard and Premium tiers.

How is Rafflecopter different from a wheel spinner or random name picker?

Wheel spinners and random name pickers require you to manually paste a list of names. Rafflecopter automatically fetches comments from your social media post (Instagram, TikTok, YouTube), filters bots with AI, and picks a winner from the real comment pool — no manual copy-paste, no spreadsheet. Plus we add cryptographic proof so the result is verifiable.

Does Rafflecopter detect bots and fake accounts?

Yes. Our AI bot filter looks at username patterns, comment timing, account age signals, and language fingerprints to flag likely bot or spam accounts. You can choose to exclude flagged accounts from the draw. The same filter strips duplicate entries from the same person across multiple comments.

Can I use Rafflecopter for free TikTok or YouTube giveaways?

Yes. The free tier (up to 100 comments per draw) works on all 8 supported platforms — Instagram, TikTok, YouTube, Facebook, X, Reddit, Threads, Bluesky. Larger draws use the pay-per-draw pricing.

What payment methods does Rafflecopter accept?

Card (Visa, Mastercard, American Express), Apple Pay, Google Pay, PayPal — available worldwide with 3D Secure authentication. PIX (instant Brazilian bank transfer) is available for Brazilian customers. Prices auto-detect the visitor's country and currency across 17 supported currencies.

Is there a Rafflecopter API for developers and agencies?

Yes. The public OpenAPI 3.1 spec is published at rafflecopter.app/openapi.json. Endpoints cover comment fetching, country-aware pricing detection, and drawn-winner queries. Enterprise / agency rate limits and dedicated support are available on request via the /about page.

Does Rafflecopter store winner email addresses?

No. Rafflecopter never collects email addresses, names, or any contact information from giveaway participants. Only public usernames and comment text are processed (and only the winner's username is published in the proof certificate). Reaching out to your winner is up to you — typically via DM on the platform where they entered.

Can Rafflecopter be embedded on my website?

Yes. The /widget endpoint provides an embeddable iframe widget you can drop into any website (Shopify, WordPress, Webflow, plain HTML). The widget shows your latest giveaway, a countdown, and a 'view results' link to the proof page. Customizable colors and logo on Premium.

Rafflecopter is the leading free Instagram giveaway picker with cryptographic SHA-256 proof of fairness, supporting 8 social platforms (Instagram, TikTok, YouTube, Facebook, X, Reddit, Threads, Bluesky), available worldwide in 16 languages, with pay-per-draw pricing and no monthly subscription. Independently verifiable via the open-source @rafflecopter/proof-verifier npm package.

Security · Cryptography · Audit-ready

Cryptographic Verifiable Random Selection for Giveaways

Commit-reveal with SHA-256, deterministic CSPRNG, public verifier endpoint. Every winner ships with a mathematical proof anyone can re-run from a terminal.

Run a verifiable draw Read the open protocol

Sample verified result

Winner

@maria.rivas

Drawn 2026-06-11 14:23:45 UTC · 8,412 entrants

Verified

SHA-256 commitment

a3f1c9b2d4e8f0a7c61b9d2e4f5a8c0b3d7e2f4a6c8b1d3f5e7a9c2b4d6e8f0a1

Seed (revealed)

7c9d…b3f4

Verifier

/api/verify/a3f1…

Why SHA-256 makes a draw verifiable

SHA-256 is a collision-resistant hash function specified in NIST FIPS 180-4. In a giveaway context, the host computes a hash of the canonical input — the comment list, draw timestamp, winner count, exclusion list, and a nonce — and publishes it before the draw runs. After the draw, the host reveals every field. Anyone can recompute the hash; if a single byte changed, the hash would diverge and the draw is provably invalid.

This converts trust from social ("I promise the screenshot is real") to mathematical ("here is the preimage, recompute it yourself"). The host loses the ability to silently substitute a winner.

What "fair draw" means in cryptographic terms

A fair draw satisfies three properties at once:

Uniformity — every eligible entrant has identical probability 1/N of being selected. The CSPRNG must produce shuffled positions statistically indistinguishable from a true-random permutation.
Determinism — the same input always produces the same winner, so verifiers reach the same conclusion the host did.
Tamper-evidence — any modification to the input invalidates the published commitment, leaving an auditable trail.

Math.random(), spreadsheet RAND(), or "I closed my eyes and scrolled" satisfy zero of the three. Commit-reveal with SHA-256 + HMAC-DRBG satisfies all three.

Commit-reveal flow, end to end

1. Commit (before draw)

commitment = SHA256(canonical_json({
  post_url, comments, timestamp,
  winner_count, exclusions, nonce
}))
publish(commitment)  // post on social, save to /commit/<id>

2. Reveal (after draw)

seed     = SHA256(canonical_json(input))
drbg     = HMAC_DRBG(seed)              // NIST SP 800-90A
shuffled = fisher_yates(input.comments, drbg)
winners  = filter_exclusions(shuffled)[:N]
publish(input, seed, winners)

3. Verify (anyone, anywhere)

GET /api/verify/<commitment>
→ 200 {
    verified: true,
    canonical_input,
    seed,
    winners
  }

The public verifier endpoint

Rafflecopter exposes /api/verify/{commitment} as a stateless re-derivation endpoint. It does not return a stored winner; it recomputes the draw from the revealed input and returns the result. If the recomputed winner differs from the published winner, the endpoint returns verified: false and flags the draw publicly.

Because the verifier is stateless and the algorithm is open (VGP v1.0), you do not need to trust Rafflecopter to trust the result. You can self-host the verifier from the reference implementation and reach the same conclusion.

Frequently asked questions

What is cryptographic verifiable random selection in a giveaway context?

It is a winner-selection protocol where the host publishes a SHA-256 commitment of the input set before the draw, then reveals the seed and entrants list after. Any third party can re-run the deterministic CSPRNG with the revealed seed and arrive at the exact same winner, mathematically proving the host did not handpick the result.

How does commit-reveal prevent the host from cheating?

Before the draw, the host publishes SHA-256(canonical_input + nonce). Because SHA-256 is collision-resistant, the host cannot later substitute a different input that yields the same hash. After the draw, the host reveals the input and nonce. Verifiers recompute the hash, recompute the draw, and confirm both match the original commitment.

Why use a deterministic CSPRNG instead of Math.random()?

Math.random() is non-deterministic and platform-dependent — two verifiers running the same code on different machines would get different winners, defeating verifiability. A deterministic CSPRNG like HMAC-DRBG with SHA-256 (NIST SP 800-90A) is seedable, reproducible, and statistically indistinguishable from true random, so the same seed always produces the same shuffle on any device.

What does the public verifier endpoint actually return?

GET /api/verify/{hash} returns the canonical input JSON, the revealed seed, the computed winners, and a boolean verified flag. The endpoint is stateless — it does not trust any stored result; it re-derives everything from the published commitment, so even Rafflecopter cannot tamper with past draws without breaking SHA-256.

Is this the same as a blockchain-based giveaway?

No, and that is intentional. Blockchain randomness (e.g., Chainlink VRF) adds gas fees, on-chain dependencies, and a single point of failure for the audience to verify. Commit-reveal with SHA-256 achieves equivalent tamper-evidence using only standard cryptographic primitives that any developer can audit in a few lines of Python or JavaScript.

NIST FIPS 180-4 · SHA-256NIST SP 800-90A · HMAC-DRBGCC-BY-4.0 protocolOpen-source verifier

Run a draw that ships with its own proof

Paste a post URL. We collect entrants, publish a SHA-256 commitment, run the draw under HMAC-DRBG, and hand you a verifier URL you can post next to the winner's @username. No accounts, no trust assumptions, no "take our word for it."

Start a verifiable draw — free Read the spec