Live · Roster sync
Talk to a human Brand book hello@theunionhub.com
Privacy notice

What we collect, why, and what you can ask us to do about it.

The Union Hub is the system of record for who is a member, right now. That is sensitive information. This page tells you, in plain language, exactly how we handle it under Canadian privacy law — and the rights you have over it.

Effective2026-05-09 OperatorJit Singh, sole proprietor Governing lawPIPEDA · Ontario, Canada

Who we are

The Union Hub is operated by Jit Singh, a sole proprietor based in Toronto, Ontario, Canada. In this notice, we call ourselves The Union Hub, we, or us. The legal entity responsible for the personal information we handle is the named individual operator above.

We act as a service provider (a "processor" in international terms) for the unions and labour organizations who hire us. The union itself remains the controller of its members' personal information. This page describes our practices; the union's own privacy policy governs the broader employment and membership relationship.

Scope

This notice covers personal information processed in connection with:

  • The Union Hub website at theunionhub.com and any subdomains;
  • The digital member card (/card.html) and the verification screen (/verify.html);
  • The roster, audit log, and any administrative tools we provide to the union;
  • Email and other correspondence sent to addresses ending in @theunionhub.com.

It does not cover information you give directly to your union outside the platform, third-party sites we link to, or services hosted by other operators.

What we collect

Information your union provides about you

When a union onboards a member onto the platform, it shares a minimum dataset that we hold in our members table:

FieldPurpose
Internal ID (UUID)Stable, opaque identifier used in the URL of the live card and verifier. Cannot be reversed to a person without database access.
Full nameDisplay on the card and the verify screen.
Union name & localSo a third party can verify the member belongs to the right local.
Membership statusOne of active, inactive, or suspended. This is the core fact the platform exists to communicate.
Effective datesWhen the current status began and, where applicable, when it ends.
Optional photoIf the union supplies one, it appears on the card. We do not require it.

Information generated by use of the service

  • Verification events. Each time the verify screen is opened for a member ID, we record a row in the audit log capturing the timestamp, the member ID consulted, the result returned, and a coarse network indicator (city/region as inferred from IP, never the raw IP retained beyond 30 days).
  • Administrative actions. When a union admin changes a status, exports data, or invites another admin, we log the actor, the action, and the timestamp.
  • Technical logs. Standard web-server logs (request URL, status code, user agent) retained for 30 days for security and abuse prevention.

Information you give us directly

If you email us, fill in a contact form, or sign up for a pilot, we keep what you sent until the conversation is reasonably closed plus one year — or longer if a contract requires it.

What we do not collect: we do not ask for your social insurance number, date of birth, home address, payroll data, or banking information. We do not require an account, app, or password from members. The card and the verifier work over a plain web link.

How we use it

We use personal information only for the purposes the union hired us for, and the narrow set of operational reasons that follow from that:

  • To operate the service: render the digital card, run verifications, sync roster updates, and produce the audit log.
  • To keep the service safe: detect and respond to abuse, brute-force probing of member IDs, and unauthorized scraping.
  • To meet legal and contractual obligations: respond to subpoenas served on us, comply with our agreements with the union, and meet record-keeping rules.
  • To improve the service: aggregate, de-identified statistics about how often verifications happen and how quickly the system responds. We never use member personal information to train external AI models.

We do not use personal information for advertising, profiling for marketing purposes, or sale to data brokers. We have never received a request to.

Who we share it with

We disclose personal information only in these specific circumstances:

  • To the union that holds the relationship with you. The union is the controller; the data is theirs.
  • To service providers under written contract. See the current list under Authorized sub-processors. They process data only as instructed and only for the operation of the platform.
  • To legitimate verifiers. When someone follows the public verify link /verify.html?id=…, they receive only the four fields necessary to confirm membership: name, union name, status, and the date that status was last refreshed. They do not see your photo, history, or any other field.
  • When required by law. Court order, subpoena, or other binding legal process. We will tell the union before disclosing whenever the law lets us.
  • In connection with a sale or transition of the operator. If the operator transitions to an incorporated entity or a successor, we will give unions notice and the right to terminate before any personal information moves.

We do not sell, rent, or trade personal information. Full stop.

International transfers

Our database runs on Supabase, which currently hosts our project in the US-East region. That means personal information leaves Canada in the ordinary course of operation. PIPEDA permits cross-border processing where the operator uses contractual and technical means to provide a comparable level of protection.

We rely on Supabase's Data Processing Addendum and the standard contractual clauses contained in it. Information at rest is encrypted; information in transit uses TLS. Member rows are protected by row-level security so that even an authenticated client can only retrieve a single record by exact ID.

If a union requires Canadian-only residency, we can move the project to a Canadian region on request — there is no architectural barrier, only a one-time migration window. Tell us at privacy@theunionhub.com.

Retention

Active member recordFor as long as the union maintains the relationship with the member.
Inactive / suspended recordUp to seven (7) years after the relationship ends, to align with Ontario labour-relations and financial record-keeping practices, then deleted.
Audit log entriesSeven (7) years, then archived to write-once storage and eventually destroyed in line with the union's instructions.
Web-server & technical logs30 days, then deleted.
Email correspondenceThe duration of the conversation plus one year, unless contractually required for longer.

A union can instruct us to delete a member earlier than the schedule above; we will honour the request unless we are legally prohibited from doing so (for example, an open inquiry).

Your rights

As a person whose information we hold, PIPEDA gives you the right to:

  • Know what personal information we have about you, why we have it, and who we have shared it with;
  • Access a copy of that information in a usable format, free of charge or at minimal cost;
  • Correct information you believe is wrong or out of date;
  • Withdraw consent for our processing, subject to legal or contractual restrictions and on reasonable notice;
  • Complain to us, to your union, or directly to the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of these rights, the fastest route is your union — they hold the relationship with you. You can also write to us directly at privacy@theunionhub.com. We respond within thirty (30) days. If we cannot meet that window, we will tell you why and give you a date by which we will.

Security

The short version of how we protect personal information is on the Security page. The shorter version: TLS in transit, encryption at rest, row-level security on every read, audit log on every write, and a single small operator who knows every system end to end.

If you believe your information has been mishandled or exposed, write to security@theunionhub.com. We commit to acknowledging the report within one business day.

Cookies & analytics

The marketing pages of theunionhub.com set no tracking cookies, run no third-party analytics, and embed no social-media pixels. The fonts on this page are loaded from Google Fonts, which receives a record of the request; we do not pass any personal information to that request.

The card and the verifier set a single technical cookie to prevent a verification result from being cached after you close the browser. It expires when you close the tab.

If we ever add product analytics, we will (a) update this page before turning them on, (b) prefer privacy-respecting options that do not transfer data outside Canada, and (c) honour Do Not Track and Global Privacy Control signals.

Children

The platform is not directed at people under sixteen (16) and we do not knowingly collect information from them. If a union admits members under that age, we expect the union's onboarding process to obtain appropriate consent from a parent or guardian.

Changes

If we make a material change to how we handle personal information, we will:

  • Update the effective date at the top of this page;
  • Tell every union admin by email at least thirty (30) days before the change takes effect;
  • Keep prior versions linked from the bottom of this page so you can compare.

Contact us

For privacy-specific questions, complaints, or requests:

For everything else, see contact.html.