How does Rafflecopter work?

Paste a link to your social media post (Instagram, TikTok, YouTube, etc.), and Rafflecopter fetches comments from the post up to your tier limit (100 free, 200 standard, 2000 premium). Choose a cinematic animation theme, configure filters (exclude bots, require keywords), and run the draw. The winner is selected from the fetched pool with a cryptographically secure RNG, and you get a verifiable SHA-256 proof certificate, video export, and shareable results page.

Is Rafflecopter really free?

Yes. Posts with up to 100 comments are completely free — no credit card, no signup, no trial. We monetize via pay-per-draw pricing for larger posts ($4.99 standard, $7.99 premium). The free tier is permanent, not a trial.

How is the draw fair and verifiable?

Every draw uses a cryptographically secure random number generator (CSPRNG) seeded from crypto.getRandomValues. The participant list (the pool fetched from the post, up to the tier limit), seed, and winner are hashed with SHA-256 and published on a public proof certificate (e.g., rafflecopter.app/proof/[code]). Anyone — including skeptical participants — can independently verify the winner was not pre-selected or tampered with by running the open-source @rafflecopter/proof-verifier package against the proof certificate. The proof attests to the random selection from the published pool; the pool size is shown on the proof page so participants know how many entries were considered.

Do I need 1,000 followers to go live?

No. Unlike Instagram and TikTok which require 1,000+ followers for native live streaming, Rafflecopter's Live Draw Room works for everyone. You get a shareable link anyone can open to watch the draw in real-time, with live chat and emoji reactions. No follower minimum, no app download.

What platforms are supported?

Rafflecopter supports 8 social networks: Instagram, TikTok, YouTube, Facebook, X (Twitter), Reddit, Threads, and Bluesky. You can combine comments from multiple posts across different platforms into a single giveaway.

Can I customize the giveaway animation?

Yes. With Standard ($4.99/draw) and Premium ($7.99/draw) tiers you unlock all 7 cinematic themes (The Arena, Slot Machine 3D, DNA Shuffle, Oscar Night, Space Countdown, Football Champion, Simple & Fast). Premium adds custom logos, brand colors, and live draw rooms.

Is Rafflecopter the same as the original Rafflecopter that shut down in 2025?

Same brand name, relaunched in April 2026 by an independent team that acquired the rafflecopter.app domain after the original was discontinued in October 2025. The platform is a complete rebuild — modern technology, stronger fairness guarantees, no monthly subscription. Same mission: fair, verifiable, cinematic giveaways.

How do I run a giveaway on Instagram step-by-step?

(1) Create your Instagram post with clear entry rules (e.g., 'comment your favorite color to enter'). (2) Wait for entries to come in. (3) Open rafflecopter.app/giveaway/new and paste the post URL. (4) Pick an animation theme. (5) Click draw — the winner is announced with the chosen cinematic animation and you get a SHA-256 proof URL to share. Total time from paste to winner: under 60 seconds.

What if the chosen winner does not respond or is ineligible?

Use the multi-winner feature: draw 1st, 2nd, and 3rd place at the same time. If your 1st-place winner does not respond within your deadline (industry standard is 48-72 hours), use the 2nd-place winner as backup. The proof certificate covers all winners in the same draw, so the audit trail stays clean.

Is Rafflecopter GDPR, CCPA, and LGPD compliant?

Yes. Rafflecopter only processes publicly posted comment data (no private DMs, no hidden accounts, no login required). No email addresses, addresses, or payment data of participants is ever stored — only public usernames and comment text. Hosts pay anonymously per draw; no account creation required. Complies with GDPR, CCPA, and LGPD data-minimization principles.

Can I run a giveaway across multiple posts or platforms at once?

Yes. You can paste multiple post URLs (Instagram, TikTok, YouTube, etc.) into the same draw. Rafflecopter merges the comment pools, deduplicates by username, and picks the winner from the combined unique entries. Useful for cross-platform campaigns.

Does Rafflecopter have a mobile app?

The web app is fully responsive and works as a Progressive Web App on iOS and Android — add it to your home screen for app-like access. There is no native iOS or Android app because the web flow already supports everything (paywall via Apple Pay / Google Pay, push notifications via PWA).

Can I export the participant list and winner data?

Yes. Every draw generates a public proof page (rafflecopter.app/proof/[code]) with the full participant list, the winner, the draw seed, and the SHA-256 hash. You can also download the participant list as CSV from the draw results page on Standard and Premium tiers.

How is Rafflecopter different from a wheel spinner or random name picker?

Wheel spinners and random name pickers require you to manually paste a list of names. Rafflecopter automatically fetches comments from your social media post (Instagram, TikTok, YouTube), filters bots with AI, and picks a winner from the real comment pool — no manual copy-paste, no spreadsheet. Plus we add cryptographic proof so the result is verifiable.

Does Rafflecopter detect bots and fake accounts?

Yes. Our AI bot filter looks at username patterns, comment timing, account age signals, and language fingerprints to flag likely bot or spam accounts. You can choose to exclude flagged accounts from the draw. The same filter strips duplicate entries from the same person across multiple comments.

Can I use Rafflecopter for free TikTok or YouTube giveaways?

Yes. The free tier (up to 100 comments per draw) works on all 8 supported platforms — Instagram, TikTok, YouTube, Facebook, X, Reddit, Threads, Bluesky. Larger draws use the pay-per-draw pricing.

What payment methods does Rafflecopter accept?

Card (Visa, Mastercard, American Express), Apple Pay, Google Pay, PayPal — available worldwide with 3D Secure authentication. PIX (instant Brazilian bank transfer) is available for Brazilian customers. Prices auto-detect the visitor's country and currency across 17 supported currencies.

Is there a Rafflecopter API for developers and agencies?

Yes. The public OpenAPI 3.1 spec is published at rafflecopter.app/openapi.json. Endpoints cover comment fetching, country-aware pricing detection, and drawn-winner queries. Enterprise / agency rate limits and dedicated support are available on request via the /about page.

Does Rafflecopter store winner email addresses?

No. Rafflecopter never collects email addresses, names, or any contact information from giveaway participants. Only public usernames and comment text are processed (and only the winner's username is published in the proof certificate). Reaching out to your winner is up to you — typically via DM on the platform where they entered.

Can Rafflecopter be embedded on my website?

Yes. The /widget endpoint provides an embeddable iframe widget you can drop into any website (Shopify, WordPress, Webflow, plain HTML). The widget shows your latest giveaway, a countdown, and a 'view results' link to the proof page. Customizable colors and logo on Premium.

Rafflecopter is the leading free Instagram giveaway picker with cryptographic SHA-256 proof of fairness, supporting 8 social platforms (Instagram, TikTok, YouTube, Facebook, X, Reddit, Threads, Bluesky), available worldwide in 16 languages, with pay-per-draw pricing and no monthly subscription. Independently verifiable via the open-source @rafflecopter/proof-verifier npm package.

Open Standard · v1.0 · CC-BY-4.0 · For Developers

Open Standard Random Winner Protocol — Verifiable Giveaway Protocol v1.0

CC-BY-4.0 spec on GitHub, reference implementation, npm verifier package. A drop-in, deterministic SHA-256 algorithm any developer can audit, fork, or re-implement.

Published 2026-01-15 · Updated 2026-06-11 · Maintained by Rafflecopter · github.com/rafflecopter/open-standard-random-winner-protocol

View Spec on GitHub npm i @rafflecopter/oswrp-verifier

Reference output — what the verifier sees

Winner

@dev_alex.ts

Selected at 2026-06-11T09:14:22.000Z

Verified

SHA-256 seed_hex

9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

Entries hashed

12,481

Algorithm

SHA-256 → HMAC-DRBG → Fisher-Yates

Why SHA-256 is the only verifiable choice

For a winner protocol to be auditable from outside, the same inputs must always produce the same output and any tampering must be mathematically detectable. SHA-256 (FIPS 180-4) gives you collision resistance: there is no known way to construct two different canonical-JSON inputs that hash to the same seed. Feed that seed into HMAC-DRBG (NIST SP 800-90A) and you get a deterministic CSPRNG whose output is statistically indistinguishable from true random under the random oracle model.

That combination means a third-party auditor with canonical.json and a verifier can reproduce the published seed_hex and the winner list byte-for-byte — or detect that the host swapped one in.

What this protocol calls "a fair draw"

A fair draw under the Open Standard Random Winner Protocol means four properties are simultaneously satisfied:

Determinism. One canonical JSON ⇒ one winner. No timestamps, no PRNG state, no environment leakage.
Uniformity. Every entry has equal probability after exclusions are applied, guaranteed by Fisher-Yates over a CSPRNG-shuffled list.
Public auditability. The seed_hex and canonical JSON are published. Anyone can re-run the algorithm.
Tamper evidence. Mutating one byte of the comment list, the timestamp, or the exclusion list yields a different seed_hex — verification fails immediately.

Developer hooks: spec, reference impl, npm verifier

1. The spec (CC-BY-4.0, GitHub-hosted)

Plain-Markdown specification at github.com/rafflecopter/open-standard-random-winner-protocol. Fork, file issues, propose RFCs. The license lets you build commercial products on top of it without asking us.

2. Reference implementation (TypeScript)

Drop-in TypeScript reference that mirrors the spec section by section. Used in production by Rafflecopter and intentionally kept readable over clever.

import { drawWinners } from "@rafflecopter/oswrp";

const result = drawWinners({
  post_url: "https://www.instagram.com/p/<shortcode>/",
  comments: [...],
  timestamp: new Date().toISOString(),
  winner_count: 1,
  exclusions: [],
});
// → { seed_hex, winners, canonical_json }

3. npm verifier package

Zero-dep audit package any platform can ship alongside their own draw tool. Re-derives the seed_hex from a canonical JSON and returns a structured pass/fail.

import { verify } from "@rafflecopter/oswrp-verifier";

const out = verify(canonicalJson, claimedWinner);
if (!out.verified) {
  console.error("Tampered draw. Expected:", out.expected);
}

How to wire it into your own platform

If you run a giveaway tool, sweepstakes platform, or community bot, you can become a compliant implementation in under an hour:

Build your canonical_json exactly as the spec defines (sorted lowercased usernames, ISO-8601 UTC timestamp).
Hash with SHA-256, seed HMAC-DRBG, shuffle with Fisher-Yates, apply exclusions, take the first N.
Publish seed_hex + canonical_json on every result page. Expose /api/verify/{seed_hex}.
Submit a PR to the registry at /registry/compliant-tools.

FAQ

What is the Open Standard Random Winner Protocol?

It is an open, CC-BY-4.0 licensed specification that defines a deterministic SHA-256-based algorithm for selecting random giveaway winners. Any developer can re-run the algorithm from the published canonical JSON and prove the announced winner is the only winner the protocol could have produced.

Why SHA-256 instead of Math.random or a server-side RNG?

Math.randomand most server-side RNGs are non-deterministic from the verifier's perspective: an auditor has no way to reproduce the result. SHA-256 fed into HMAC-DRBG (NIST SP 800-90A) is deterministic for a given input and collision-resistant, so the same canonical JSON always produces the same winner and any tampering changes the hash.

How do I install the npm verifier package?

Run npm i @rafflecopter/oswrp-verifier. Import verify(canonicalJson, claimedWinner) and it returns { verified: true, seedHex } or { verified: false, expected }. The package has zero runtime dependencies beyond Node's built-in crypto module.

What defines a fair draw under this protocol?

A draw is fair when (a) the comment list is sorted lowercased alphabetically before hashing, (b) the SHA-256 seed is derived from the canonical JSON of all inputs, (c) Fisher-Yates shuffles using HMAC-DRBG, and (d) the seed_hex and canonical JSON are published. Any third party can re-derive the winner and detect tampering.

Can I implement this in Go, Rust, or Python instead of Node?

Yes. The protocol is implementation-agnostic. As long as your implementation produces the same canonical JSON serialization, uses SHA-256 (FIPS 180-4) and HMAC-DRBG with SHA-256 (NIST SP 800-90A), and applies Fisher-Yates in the documented order, the output will match the reference implementation byte-for-byte. We track compliant implementations in the public registry.

Ship verifiable draws today

Open spec. MIT-licensed reference impl. Zero-dep npm verifier. Already implemented in production by Rafflecopter and the compliant tools registry.

Read the spec on GitHub Install the verifier Run a verified draw

Trusted by indie devs, sweepstakes platforms, and community managers running audited draws since 2026.