Privacy Policy

Last updated: October 29, 2025

Introduction

The Canadian National Federation ("CNF", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

Information We Collect

Information You Provide

When you create an account through OAuth providers (Google, Microsoft, LinkedIn), we collect:

  • Email address
  • Full name
  • Profile picture
  • OAuth provider identifier

When you use our platform, you may also provide:

  • Membership information
  • Business details (name, address, phone, description, hours of operation)
  • Job postings and applications
  • Forum posts, comments, and direct messages
  • Event information and RSVPs
  • Uploaded files and images
  • Profile customizations

Automatically Collected Information

When you access our platform, we automatically collect:

  • IP address and general location information
  • Browser type and version
  • Device information
  • Usage data (pages visited, features used, time spent)
  • Session information and authentication tokens

Location Data

If you create a business listing, we collect and display the geographic coordinates of your business address to help members find local businesses. This information is publicly visible on business listings and maps.

How We Use Your Information

We use your information to:

  • Provide and maintain our platform services
  • Authenticate your account and manage sessions
  • Process membership applications and renewals
  • Enable communication between members
  • Display business listings and job postings
  • Send notifications about platform activity
  • Improve and develop new features
  • Ensure platform security and prevent fraud
  • Comply with legal obligations
  • Communicate with you about your account and our services

Information Sharing and Disclosure

Third-Party Service Providers

We share your information with the following service providers who process data on our behalf:

  • OAuth Providers (Google, Microsoft, LinkedIn): For authentication services
  • Amazon Web Services (AWS): For file storage and hosting infrastructure
  • Resend: For transactional email delivery

These providers are contractually obligated to protect your data and may only use it to provide services to us.

Public Information

The following information is publicly visible to all platform users and visitors:

  • Your name and profile picture (from OAuth)
  • Membership status (founding member badge, etc.)
  • Forum posts and comments
  • Business listings (if you create one): name, description, address, location, hours, contact information
  • Event information (if you create an event)
  • Job postings (if you create one)

Other Members

CNF members can see:

  • Your profile information
  • Your activity in forums and events
  • Direct messages you send to them

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of CNF, our members, or others.

Data Storage and Security

Your data is stored on secure servers in Canada and the United States. We implement industry-standard security measures including:

  • Encrypted connections (HTTPS/TLS) for all data transmission
  • Secure authentication using JWT tokens and OAuth 2.0
  • Access controls and role-based permissions
  • Regular security updates and monitoring
  • Encrypted backup systems

While we take reasonable precautions to protect your data, no internet transmission is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

Data Retention

We retain your information as follows:

  • Active accounts: Information is retained while your membership is active
  • Deleted accounts: Personal information is permanently deleted within 30 days of account deletion
  • Public content: Forum posts and comments may be retained for community continuity, but your name will be replaced with "Deleted User"
  • Backups: Encrypted backups are retained for 30 days for disaster recovery purposes
  • Legal obligations: Some information may be retained longer if required by law

Your Rights

Under PIPEDA, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and personal data
  • Withdraw consent: Withdraw consent for data processing (may limit platform functionality)
  • Portability: Request your data in a portable format
  • Complaint: File a complaint with the Privacy Commissioner of Canada

To exercise these rights, please contact us through the contact form.

Cookies and Tracking

We use essential cookies for authentication and session management. These cookies are necessary for the platform to function and cannot be disabled. We do not use advertising or tracking cookies.

Children's Privacy

Users Ages 13-17

We welcome young Canadians seeking career guidance and job opportunities. Users between 13 and 17 years of age may use the Platform with parental or guardian consent.

Information We Collect from Minors

For users under 18, we collect the same information as adult users through OAuth authentication. We do not knowingly collect additional personal information beyond what is necessary for Platform functionality.

Parental Rights and Controls

Parents and guardians have the right to:

  • Review all personal information collected about their child
  • Request correction or deletion of their child's information
  • Refuse to allow further collection of their child's information
  • Request termination of their child's account at any time

To exercise these rights, please contact us using the contact form with proof of guardianship.

Age-Appropriate Content

We moderate content to ensure age-appropriate experiences for all users. We prohibit adult content, excessive profanity, and material inappropriate for minors. Users who encounter inappropriate content should report it immediately.

Users Under 13

Our Platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a user is under 13, we will promptly delete their account and information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.

International Data Transfers

Your information may be transferred to and processed in the United States through our use of AWS services. We ensure appropriate safeguards are in place for cross-border data transfers.

Contact Us

For questions about this Privacy Policy or our data practices, please use the contact form.