Skip to content

Write and publish a privacy policy before launch #218

Description

@BreakableHoodie

Summary

The app collects personal information — email addresses and phone numbers. Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), collecting personal data without a published privacy policy is a legal violation. This is a hard requirement before the app goes live.

What the policy needs to cover

  • What personal information is collected (email, phone number, trip history)
  • Why it is collected (account creation, group coordination, notifications)
  • How long it is retained
  • Whether it is shared with third parties (it shouldn't be)
  • How users can request deletion of their data
  • How to contact the data steward

Context

  • The app is Ontario-based and handles personal information of Ontario residents → PIPEDA applies
  • CivicTechWR is an unincorporated volunteer collective — clarify in Explore liabilities of making this project live #186 who is the responsible party
  • The non-affiliation disclaimer ([FEATURE] Add non-affiliation disclaimer to app #210) addresses misrepresentation of official GO Transit affiliation, but does not substitute for a privacy policy
  • The policy should be accessible from the app (footer link at minimum) before any user data is collected

References

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions