Live · Roster sync
Talk to a human Brand book hello@theunionhub.com
Data processing addendum

The instruction set the union gives us, and the obligations we accept in return.

A standalone Data Processing Addendum that forms part of the Terms of Service. The union is the controller; we are the processor. This page tells you, in writing, what we will and will not do with personal information on the union's behalf.

Effective2026-05-09 OperatorJit Singh, sole proprietor FrameworksPIPEDA · GDPR-aligned

Definitions

Capitalised terms not defined here have the meaning given in the Terms of Service.

Personal InformationAny information about an identifiable individual, as that term is used in PIPEDA, including data we receive about a member of the Customer.
ProcessingAny operation performed on Personal Information — collection, storage, retrieval, disclosure, deletion, and so on.
ControllerThe Customer. The party that determines why and how Personal Information is processed.
ProcessorThe Operator. The party that processes Personal Information on the Controller's behalf.
Sub-processorA third party engaged by the Processor that processes Personal Information in connection with the Service.
Personal Information BreachA confirmed unauthorized access to, disclosure of, alteration of, or loss of Personal Information.

Scope & roles

This Addendum applies to all Personal Information the Operator processes on behalf of the Customer in connection with the Service. The Customer is the Controller. The Operator is the Processor. Each party will comply with the privacy laws applicable to its role, including PIPEDA, the Freedom of Information and Protection of Privacy Act (Ontario) where relevant, and, where applicable to the Customer, the GDPR or UK GDPR.

Nature, purpose & duration of processing

Subject matterProvision of the Service: real-time digital membership records, the digital member card, the verifier, the roster, and the audit log.
NatureHosted, cloud-based processing of Personal Information by automated means.
PurposeTo enable the Customer to maintain a system of record for who is a member, and to allow legitimate third parties to verify a given member's status.
DurationThe term of the Terms of Service, plus the wind-down windows in Return & deletion.

Data subjects & data types

Categories of data subjectsMembers of the Customer; Customer administrators and officers who use the Service; persons who use the verifier (only IP-derived geographic indicator and timestamp).
Categories of Personal InformationInternal member identifier (UUID); name; union name and local; membership status; effective dates; optional photo; verification events; administrative actions; technical logs.
Sensitive categoriesThe Service is not designed to process special-category data (health, biometric, religion, sexuality, criminal history). The Customer agrees not to upload such data and acknowledges that membership in a labour organization may itself be politically sensitive in certain jurisdictions.

Customer instructions

The Operator processes Personal Information only on the Customer's documented instructions, except where required by law. The Customer's documented instructions consist of:

  • The Terms of Service;
  • This Addendum;
  • Configuration choices the Customer makes in the Service; and
  • Written instructions delivered through the administrator email of record.

If the Operator believes a Customer instruction violates applicable privacy law, it will inform the Customer promptly and may decline to act on the instruction until the parties reach agreement.

Confidentiality

The Operator ensures that any individual authorized to process Personal Information — currently the Operator alone, and any contractor specifically engaged on the project — is bound by a written obligation of confidentiality and is trained on the requirements of this Addendum. We will keep an internal record of who has had access to Customer Personal Information and the dates of access, available to the Customer on reasonable request.

Security measures

The Operator implements and maintains appropriate technical and organizational measures to protect Personal Information against unauthorized or unlawful processing and against accidental loss, destruction, or damage. The full description is on the Security page; the headline measures are:

  • TLS 1.2+ for all data in transit;
  • Encryption at rest in the database;
  • Row-level security so that, even using the public anon key, a client can read at most one record by exact ID;
  • Append-only audit log on every read and write;
  • Least-privilege access for administrative and operator credentials;
  • Multi-factor authentication on all human-accessible administrative consoles;
  • Automated daily backups with restore drills at least quarterly.

Sub-processors

The Customer authorizes the Operator to engage Sub-processors to assist in providing the Service. The current list, as of the effective date of this page, is:

Sub-processorPurpose & location
Supabase, Inc.Database, authentication, REST API. Project hosted in US-East. Canadian region available on request.
Bluehost (Newfold Digital)Static web hosting for the marketing pages, card, and verifier. United States.
Google Fonts (CDN)Delivery of typefaces. Receives request metadata at page load. No Personal Information is intentionally sent.

The Operator will give the Customer at least thirty (30) days' written notice of any new Sub-processor or material change to an existing one. The Customer may object to the change on reasonable privacy grounds, in which case the parties will work in good faith to find an alternative; if none is workable, the Customer may terminate the affected portion of the Service without penalty.

International transfers

Where Personal Information is transferred from Canada (or another jurisdiction with localization rules) to a country without a recognized adequacy framework, the Operator relies on:

  • Standard contractual clauses or equivalent in its agreements with Sub-processors;
  • Encryption in transit and at rest;
  • The Customer's authorization in this Addendum.

The Customer may at any time require the Operator to migrate the project to a Canadian-only Supabase region. The Operator will plan and complete the migration within a reasonable window — typically less than thirty (30) days — at no additional cost to the Customer for the first such request in any given year.

Data subject rights

The Operator will assist the Customer to respond to requests from members and other data subjects to exercise their rights of access, correction, withdrawal of consent, deletion, and portability, by:

  • Providing technical means in the Service to fulfill the request directly where possible;
  • Producing a machine-readable export of a single member's record on request, within five (5) business days;
  • Performing deletion of a record on instruction within five (5) business days, subject to legal hold;
  • Forwarding to the Customer any request received directly by the Operator, without responding to it on the merits.

Breach notification

The Operator will notify the Customer of a confirmed Personal Information Breach without undue delay, and in any case within seventy-two (72) hours of becoming aware of it. The notice will include, to the extent then known:

  • The nature of the breach, including the categories and approximate number of data subjects and records affected;
  • The likely consequences;
  • The measures taken or proposed to address the breach and to mitigate adverse effects;
  • The name and contact of the Operator's privacy point of contact (currently privacy@theunionhub.com).

The Operator will provide the Customer with reasonable assistance to comply with its own notification obligations to regulators and data subjects, including the OPC and provincial commissioners.

Audits & assessments

The Operator will, on reasonable written notice and not more than once per twelve-month period (except after a Personal Information Breach):

  • Make available to the Customer information necessary to demonstrate compliance with this Addendum;
  • Allow for and contribute to audits, including inspections, conducted by the Customer or an auditor it appoints. Audits will be scheduled at mutually convenient times, conducted under reasonable confidentiality, and limited to information relevant to the Customer's data.

The Operator will share, at no charge, the most recent SOC 2 or equivalent reports from material Sub-processors as soon as it is permitted to do so.

Return & deletion

On termination of the Terms of Service, or earlier on Customer instruction:

  • Within thirty (30) days, the Operator will deliver a complete machine-readable export of the Customer's Personal Information;
  • Within sixty (60) days of termination, the Operator will delete Customer Personal Information from production systems;
  • Within ninety (90) days, the Operator will delete Customer Personal Information from backups in the ordinary course of backup rotation, and certify the deletion to the Customer in writing.

Where the Operator is required by law to retain specific records, it will keep them in a controlled, segregated environment and process them only as the law requires.

Liability & order of precedence

Liability under this Addendum is governed by the limitation-of-liability provisions of the Terms of Service, except that liability for breaches of confidentiality, breach notification obligations, and wilful misconduct is not capped.

If a conflict arises between this Addendum, the Terms of Service, and an order form, the order of precedence is: (1) the order form, (2) this Addendum, (3) the Terms of Service, (4) the Privacy notice.