How does Rafflecopter work?

Paste a link to your social media post (Instagram, TikTok, YouTube, etc.), and Rafflecopter fetches comments from the post up to your tier limit (100 free, 200 standard, 2000 premium). Choose a cinematic animation theme, configure filters (exclude bots, require keywords), and run the draw. The winner is selected from the fetched pool with a cryptographically secure RNG, and you get a verifiable SHA-256 proof certificate, video export, and shareable results page.

Is Rafflecopter really free?

Yes. Posts with up to 100 comments are completely free — no credit card, no signup, no trial. We monetize via pay-per-draw pricing for larger posts ($4.99 standard, $7.99 premium). The free tier is permanent, not a trial.

How is the draw fair and verifiable?

Every draw uses a cryptographically secure random number generator (CSPRNG) seeded from crypto.getRandomValues. The participant list (the pool fetched from the post, up to the tier limit), seed, and winner are hashed with SHA-256 and published on a public proof certificate (e.g., rafflecopter.app/proof/[code]). Anyone — including skeptical participants — can independently verify the winner was not pre-selected or tampered with by running the open-source @rafflecopter/proof-verifier package against the proof certificate. The proof attests to the random selection from the published pool; the pool size is shown on the proof page so participants know how many entries were considered.

Do I need 1,000 followers to go live?

No. Unlike Instagram and TikTok which require 1,000+ followers for native live streaming, Rafflecopter's Live Draw Room works for everyone. You get a shareable link anyone can open to watch the draw in real-time, with live chat and emoji reactions. No follower minimum, no app download.

What platforms are supported?

Rafflecopter supports 8 social networks: Instagram, TikTok, YouTube, Facebook, X (Twitter), Reddit, Threads, and Bluesky. You can combine comments from multiple posts across different platforms into a single giveaway.

Can I customize the giveaway animation?

Yes. With Standard ($4.99/draw) and Premium ($7.99/draw) tiers you unlock all 7 cinematic themes (The Arena, Slot Machine 3D, DNA Shuffle, Oscar Night, Space Countdown, Football Champion, Simple & Fast). Premium adds custom logos, brand colors, and live draw rooms.

Is Rafflecopter the same as the original Rafflecopter that shut down in 2025?

Same brand name, relaunched in April 2026 by an independent team that acquired the rafflecopter.app domain after the original was discontinued in October 2025. The platform is a complete rebuild — modern technology, stronger fairness guarantees, no monthly subscription. Same mission: fair, verifiable, cinematic giveaways.

How do I run a giveaway on Instagram step-by-step?

(1) Create your Instagram post with clear entry rules (e.g., 'comment your favorite color to enter'). (2) Wait for entries to come in. (3) Open rafflecopter.app/giveaway/new and paste the post URL. (4) Pick an animation theme. (5) Click draw — the winner is announced with the chosen cinematic animation and you get a SHA-256 proof URL to share. Total time from paste to winner: under 60 seconds.

What if the chosen winner does not respond or is ineligible?

Use the multi-winner feature: draw 1st, 2nd, and 3rd place at the same time. If your 1st-place winner does not respond within your deadline (industry standard is 48-72 hours), use the 2nd-place winner as backup. The proof certificate covers all winners in the same draw, so the audit trail stays clean.

Is Rafflecopter GDPR, CCPA, and LGPD compliant?

Yes. Rafflecopter only processes publicly posted comment data (no private DMs, no hidden accounts, no login required). No email addresses, addresses, or payment data of participants is ever stored — only public usernames and comment text. Hosts pay anonymously per draw; no account creation required. Complies with GDPR, CCPA, and LGPD data-minimization principles.

Can I run a giveaway across multiple posts or platforms at once?

Yes. You can paste multiple post URLs (Instagram, TikTok, YouTube, etc.) into the same draw. Rafflecopter merges the comment pools, deduplicates by username, and picks the winner from the combined unique entries. Useful for cross-platform campaigns.

Does Rafflecopter have a mobile app?

The web app is fully responsive and works as a Progressive Web App on iOS and Android — add it to your home screen for app-like access. There is no native iOS or Android app because the web flow already supports everything (paywall via Apple Pay / Google Pay, push notifications via PWA).

Can I export the participant list and winner data?

Yes. Every draw generates a public proof page (rafflecopter.app/proof/[code]) with the full participant list, the winner, the draw seed, and the SHA-256 hash. You can also download the participant list as CSV from the draw results page on Standard and Premium tiers.

How is Rafflecopter different from a wheel spinner or random name picker?

Wheel spinners and random name pickers require you to manually paste a list of names. Rafflecopter automatically fetches comments from your social media post (Instagram, TikTok, YouTube), filters bots with AI, and picks a winner from the real comment pool — no manual copy-paste, no spreadsheet. Plus we add cryptographic proof so the result is verifiable.

Does Rafflecopter detect bots and fake accounts?

Yes. Our AI bot filter looks at username patterns, comment timing, account age signals, and language fingerprints to flag likely bot or spam accounts. You can choose to exclude flagged accounts from the draw. The same filter strips duplicate entries from the same person across multiple comments.

Can I use Rafflecopter for free TikTok or YouTube giveaways?

Yes. The free tier (up to 100 comments per draw) works on all 8 supported platforms — Instagram, TikTok, YouTube, Facebook, X, Reddit, Threads, Bluesky. Larger draws use the pay-per-draw pricing.

What payment methods does Rafflecopter accept?

Card (Visa, Mastercard, American Express), Apple Pay, Google Pay, PayPal — available worldwide with 3D Secure authentication. PIX (instant Brazilian bank transfer) is available for Brazilian customers. Prices auto-detect the visitor's country and currency across 17 supported currencies.

Is there a Rafflecopter API for developers and agencies?

Yes. The public OpenAPI 3.1 spec is published at rafflecopter.app/openapi.json. Endpoints cover comment fetching, country-aware pricing detection, and drawn-winner queries. Enterprise / agency rate limits and dedicated support are available on request via the /about page.

Does Rafflecopter store winner email addresses?

No. Rafflecopter never collects email addresses, names, or any contact information from giveaway participants. Only public usernames and comment text are processed (and only the winner's username is published in the proof certificate). Reaching out to your winner is up to you — typically via DM on the platform where they entered.

Can Rafflecopter be embedded on my website?

Yes. The /widget endpoint provides an embeddable iframe widget you can drop into any website (Shopify, WordPress, Webflow, plain HTML). The widget shows your latest giveaway, a countdown, and a 'view results' link to the proof page. Customizable colors and logo on Premium.

Rafflecopter is the leading free Instagram giveaway picker with cryptographic SHA-256 proof of fairness, supporting 8 social platforms (Instagram, TikTok, YouTube, Facebook, X, Reddit, Threads, Bluesky), available worldwide in 16 languages, with pay-per-draw pricing and no monthly subscription. Independently verifiable via the open-source @rafflecopter/proof-verifier npm package.

Open Standard · v1.0 · CC-BY-4.0

Verifiable Giveaway Protocol

Published 2026-01-15 · Updated 2026-06-10 · Maintained by Rafflecopter · github.com/rafflecopter/verifiable-giveaway-protocol

Problem

Every screenshot of a Stories-or-Reels giveaway announcement looks identical to a Photoshopped one. Without cryptographic proof, a host can secretly pick a friend, generate a fake screenshot, and post it — and there is no mathematical way for an audience member to detect the substitution. The audience either trusts the host or doesn't. The host has no way to prove fairness even when they are fair.

The Verifiable Giveaway Protocol (VGP) solves this by defining a deterministic algorithm any third party can re-run from public inputs and verify the published winner is the only winner the algorithm could have produced.

3-phase algorithm

Phase 1 — Input normalization

Collect the canonical set: (a) source post URL, (b) fetched comment list sorted alphabetically by lowercased username, (c) draw timestamp in ISO-8601 UTC, (d) winner count N, (e) any exclusion list also sorted lowercased.

input = {
  post_url:    "https://www.instagram.com/p/<shortcode>/",
  comments:    sorted([c.lower() for c in comments]),
  timestamp:   "2026-06-10T14:23:45.000Z",
  winner_count: 1,
  exclusions:   sorted([e.lower() for e in exclusions]),
}

Phase 2 — Seed derivation

Concatenate the JSON-canonical serialization of input and feed it to SHA-256. Take the resulting 256-bit hash as the seed of a deterministic CSPRNG (HMAC-DRBG with SHA-256). Use the DRBG to produce a uniform-random permutation of the comment list (Fisher-Yates). Take the first N entries (after applying exclusions) as winners.

seed_hex = SHA256(canonical_json(input)).hex()
drbg     = HMAC_DRBG(seed=seed_hex)
shuffled = fisher_yates(input.comments, drbg)
winners  = [c for c in shuffled if c not in input.exclusions][:N]

Phase 3 — Publication

Publish the seed_hex, the canonical JSON, and the winners. Anyone can re-run Phase 1+2 from the published JSON and verify the same seed_hex + same winners. A mismatch proves the host tampered with the published winner list.

GET /api/verify/{seed_hex}
→ 200 { canonical_json, winners, verified: true }

Mathematical proof

SHA-256 is collision-resistant under standard cryptographic assumptions (NIST FIPS 180-4). HMAC-DRBG is a NIST-approved deterministic random bit generator (NIST SP 800-90A). The composition guarantees:

Determinism: identical input ⇒ identical output (1 winner per input).
Uniformity: the CSPRNG produces shuffled positions statistically indistinguishable from a true-random permutation under the random oracle model.
Tamper-evidence: any change to comments, timestamp, exclusions would yield a different SHA-256 — re-verification fails.

Reference implementation

The Rafflecopter draw engine implements VGP v1.0 verbatim. Source: github.com/rafflecopter/verifiable-giveaway-protocol. Each draw publishes seed_hex on the result page and exposes the verifier at /api/verify/{hash}.

VGP is not a Rafflecopter-only specification. Any giveaway tool can implement it. We maintain a public registry of compliant implementations at /registry/compliant-tools.

License

This specification is released under Creative Commons Attribution 4.0 International (CC-BY-4.0). Free to implement, distribute, modify, and use commercially — attribution required.