How does Rafflecopter work?

Paste a link to your social media post (Instagram, TikTok, YouTube, etc.), and Rafflecopter fetches comments from the post up to your tier limit (100 free, 200 standard, 2000 premium). Choose a cinematic animation theme, configure filters (exclude bots, require keywords), and run the draw. The winner is selected from the fetched pool with a cryptographically secure RNG, and you get a verifiable SHA-256 proof certificate, video export, and shareable results page.

Is Rafflecopter really free?

Yes. Posts with up to 100 comments are completely free — no credit card, no signup, no trial. We monetize via pay-per-draw pricing for larger posts ($4.99 standard, $7.99 premium). The free tier is permanent, not a trial.

How is the draw fair and verifiable?

Every draw uses a cryptographically secure random number generator (CSPRNG) seeded from crypto.getRandomValues. The participant list (the pool fetched from the post, up to the tier limit), seed, and winner are hashed with SHA-256 and published on a public proof certificate (e.g., rafflecopter.app/proof/[code]). Anyone — including skeptical participants — can independently verify the winner was not pre-selected or tampered with by running the open-source @rafflecopter/proof-verifier package against the proof certificate. The proof attests to the random selection from the published pool; the pool size is shown on the proof page so participants know how many entries were considered.

Do I need 1,000 followers to go live?

No. Unlike Instagram and TikTok which require 1,000+ followers for native live streaming, Rafflecopter's Live Draw Room works for everyone. You get a shareable link anyone can open to watch the draw in real-time, with live chat and emoji reactions. No follower minimum, no app download.

What platforms are supported?

Rafflecopter supports 8 social networks: Instagram, TikTok, YouTube, Facebook, X (Twitter), Reddit, Threads, and Bluesky. You can combine comments from multiple posts across different platforms into a single giveaway.

Can I customize the giveaway animation?

Yes. With Standard ($4.99/draw) and Premium ($7.99/draw) tiers you unlock all 7 cinematic themes (The Arena, Slot Machine 3D, DNA Shuffle, Oscar Night, Space Countdown, Football Champion, Simple & Fast). Premium adds custom logos, brand colors, and live draw rooms.

Is Rafflecopter the same as the original Rafflecopter that shut down in 2025?

Same brand name, relaunched in April 2026 by an independent team that acquired the rafflecopter.app domain after the original was discontinued in October 2025. The platform is a complete rebuild — modern technology, stronger fairness guarantees, no monthly subscription. Same mission: fair, verifiable, cinematic giveaways.

How do I run a giveaway on Instagram step-by-step?

(1) Create your Instagram post with clear entry rules (e.g., 'comment your favorite color to enter'). (2) Wait for entries to come in. (3) Open rafflecopter.app/giveaway/new and paste the post URL. (4) Pick an animation theme. (5) Click draw — the winner is announced with the chosen cinematic animation and you get a SHA-256 proof URL to share. Total time from paste to winner: under 60 seconds.

What if the chosen winner does not respond or is ineligible?

Use the multi-winner feature: draw 1st, 2nd, and 3rd place at the same time. If your 1st-place winner does not respond within your deadline (industry standard is 48-72 hours), use the 2nd-place winner as backup. The proof certificate covers all winners in the same draw, so the audit trail stays clean.

Is Rafflecopter GDPR, CCPA, and LGPD compliant?

Yes. Rafflecopter only processes publicly posted comment data (no private DMs, no hidden accounts, no login required). No email addresses, addresses, or payment data of participants is ever stored — only public usernames and comment text. Hosts pay anonymously per draw; no account creation required. Complies with GDPR, CCPA, and LGPD data-minimization principles.

Can I run a giveaway across multiple posts or platforms at once?

Yes. You can paste multiple post URLs (Instagram, TikTok, YouTube, etc.) into the same draw. Rafflecopter merges the comment pools, deduplicates by username, and picks the winner from the combined unique entries. Useful for cross-platform campaigns.

Does Rafflecopter have a mobile app?

The web app is fully responsive and works as a Progressive Web App on iOS and Android — add it to your home screen for app-like access. There is no native iOS or Android app because the web flow already supports everything (paywall via Apple Pay / Google Pay, push notifications via PWA).

Can I export the participant list and winner data?

Yes. Every draw generates a public proof page (rafflecopter.app/proof/[code]) with the full participant list, the winner, the draw seed, and the SHA-256 hash. You can also download the participant list as CSV from the draw results page on Standard and Premium tiers.

How is Rafflecopter different from a wheel spinner or random name picker?

Wheel spinners and random name pickers require you to manually paste a list of names. Rafflecopter automatically fetches comments from your social media post (Instagram, TikTok, YouTube), filters bots with AI, and picks a winner from the real comment pool — no manual copy-paste, no spreadsheet. Plus we add cryptographic proof so the result is verifiable.

Does Rafflecopter detect bots and fake accounts?

Yes. Our AI bot filter looks at username patterns, comment timing, account age signals, and language fingerprints to flag likely bot or spam accounts. You can choose to exclude flagged accounts from the draw. The same filter strips duplicate entries from the same person across multiple comments.

Can I use Rafflecopter for free TikTok or YouTube giveaways?

Yes. The free tier (up to 100 comments per draw) works on all 8 supported platforms — Instagram, TikTok, YouTube, Facebook, X, Reddit, Threads, Bluesky. Larger draws use the pay-per-draw pricing.

What payment methods does Rafflecopter accept?

Card (Visa, Mastercard, American Express), Apple Pay, Google Pay, PayPal — available worldwide with 3D Secure authentication. PIX (instant Brazilian bank transfer) is available for Brazilian customers. Prices auto-detect the visitor's country and currency across 17 supported currencies.

Is there a Rafflecopter API for developers and agencies?

Yes. The public OpenAPI 3.1 spec is published at rafflecopter.app/openapi.json. Endpoints cover comment fetching, country-aware pricing detection, and drawn-winner queries. Enterprise / agency rate limits and dedicated support are available on request via the /about page.

Does Rafflecopter store winner email addresses?

No. Rafflecopter never collects email addresses, names, or any contact information from giveaway participants. Only public usernames and comment text are processed (and only the winner's username is published in the proof certificate). Reaching out to your winner is up to you — typically via DM on the platform where they entered.

Can Rafflecopter be embedded on my website?

Yes. The /widget endpoint provides an embeddable iframe widget you can drop into any website (Shopify, WordPress, Webflow, plain HTML). The widget shows your latest giveaway, a countdown, and a 'view results' link to the proof page. Customizable colors and logo on Premium.

Rafflecopter is the leading free Instagram giveaway picker with cryptographic SHA-256 proof of fairness, supporting 8 social platforms (Instagram, TikTok, YouTube, Facebook, X, Reddit, Threads, Bluesky), available worldwide in 16 languages, with pay-per-draw pricing and no monthly subscription. Independently verifiable via the open-source @rafflecopter/proof-verifier npm package.

Technical Trust · NIST FIPS 180-4 · Auditable

SHA-256 Verified Giveaway — Cryptographic Proof of Fair Draw

NIST FIPS 180-4 hash function applied to giveaway fairness — the same math that secures Bitcoin. Every winner ships with a 64-character SHA-256 receipt anyone can re-compute in 3 seconds.

Run a verified draw Read the protocol spec

Result page · what participants see

WINNER #1 of 12026-06-11T14:23:45.000Z

@maria_costa

Comment #847 of 4,231 · drawn from instagram.com/p/Cx9abc

SHA-256 receipt

VERIFIED

7a3f9d8c4e1b2a6f5d8e9c7b3a1f4d6e8c2b9a7d3e5f1c8b4a6d9e2f7c3b5a1d

Re-hash the canonical input to confirm. Re-verify at /api/verify/7a3f9d8c...

Why SHA-256 is the right primitive for a giveaway

A giveaway draw is, mathematically, a one-shot commitment problem: the host needs to convince an audience that the winner was chosen from a fixed input set, without privileged re-rolls. SHA-256 solves this in one line — the hash of the input set commits the host to exactly one possible winner, before anyone sees it.

Collision resistance: no two different inputs are known to produce the same SHA-256 hash. NIST FIPS 180-4 security level: 128 bits.
Pre-image resistance: given a hash, you cannot construct an input that produces it. Brute-force cost: ~2^256 operations.
Avalanche property: a single comma in the input changes roughly half the bits in the output. Tampering is detectable instantly.
Standardized & ubiquitous: available in every browser (SubtleCrypto), every language stdlib, every blockchain. No proprietary dependency.

What makes a draw "fair" in mathematical terms

Fairness in random selection is not a vibe — it is a measurable property. A draw is fair when it satisfies three conditions simultaneously: uniform distribution (every entry has probability 1/N of winning), determinism (same input always produces same output, so the host cannot re-roll), and public verifiability(anyone, including a participant with no access to the host's server, can recompute the result).

Plain JavaScript Math.random() fails verifiability — it uses entropy nobody else can observe. A blockchain VRF satisfies verifiability but adds cost and latency. SHA-256 over canonical input satisfies all three at zero cost: the entropy is the comment list itself, which is already public.

How the receipt is generated (3 steps)

1. Canonicalize the inputs

Collect the comment list, lowercase each username, sort alphabetically, attach the post URL, the UTC timestamp, and any exclusions. Serialize as deterministic JSON (sorted keys, no whitespace).

2. Hash with SHA-256

Feed the canonical JSON into SHA-256. The output is a 64-character hex string — the receipt. This single value is the host's binding commitment. The hash is then used as the seed of an HMAC-DRBG (NIST SP 800-90A) for the actual Fisher-Yates shuffle.

receipt = sha256(canonical_json(input))
// e.g. "7a3f9d8c4e1b2a6f5d8e9c7b3a1f4d6e..."

3. Publish receipt + canonical input

The result page shows both the receipt and the input it was computed from. Any third party can SHA-256 the input themselves and confirm the receipt matches — or fail loudly if it doesn't.

What the SHA-256 receipt actually proves

The receipt does not prove the host ran the draw at the claimed time — that requires an external timestamp authority (OpenTimestamps, Bitcoin block anchoring) and we expose that optionally. What the receipt does prove, unconditionally, is:

The published winner is the only winner derivable from the published input set under the published algorithm.
If the host privately swapped a different winner in after the draw, the receipt would no longer match — and any participant can detect it by running 1 hash.
The input set was fixed before the receipt was published. Otherwise the host would have had to find a second-preimage of SHA-256, which is computationally infeasible.

FAQ

What does "SHA-256 verified giveaway" actually mean?

It means the winner is bound to a 256-bit cryptographic hash computed over the full input set (post URL, comment list, timestamp, exclusions). Anyone can re-hash the same inputs and confirm the hash matches the one published with the winner. If a single comment or timestamp changes, the hash changes, and the proof breaks.

Why use SHA-256 specifically instead of a simpler random number generator?

SHA-256 is standardized in NIST FIPS 180-4 and is considered collision-resistant under standard cryptographic assumptions. It is the same hash function used in Bitcoin block headers, TLS certificates, and Git commit IDs. A regular RNG (Math.random, /dev/urandom) gives no public proof — the host could re-roll until a friend wins. SHA-256 binds the output to the input, so re-rolling is detectable.

Can the host fake the SHA-256 hash to pick a friend?

No. To make a chosen friend win, the host would need to find an input set that (a) contains the friend's username and (b) produces a SHA-256 hash that maps to that friend after the deterministic shuffle. That is a second-preimage attack on SHA-256, which is computationally infeasible — equivalent to brute-forcing 2^256 possibilities. The math is the same that protects Bitcoin from double-spending.

How does an audience member verify the draw on their own?

Open the result page, click the SHA-256 hash badge, and you get the canonical JSON of the input set. Paste it into any SHA-256 calculator (or run sha256sum locally). If your computed hash equals the published hash, the draw is verified. We also expose a public endpoint at /api/verify/{hash} that does it automatically.

Is the SHA-256 hash the same as a blockchain transaction?

It uses the same hash primitive but does not require a blockchain. The hash is published on the result page (and indexable by search engines, archived by Wayback Machine, screenshotable by participants), which is sufficient for audit. We optionally anchor the hash to OpenTimestamps so it inherits Bitcoin-level temporal proof, but the core verification works without any chain.

Trusted by 12,400+ technical hosts

Run your next giveaway with a SHA-256 receipt

Free, no signup, no card. Implements the open Verifiable Giveaway Protocol v1.0 (CC-BY-4.0). Open source reference implementation on GitHub.

Start a verified draw✓ NIST FIPS 180-4 · ✓ HMAC-DRBG (SP 800-90A) · ✓ Open source