Privacy Regulations Reference
Last updated on July 1, 2021
European Union General Data Protection Regulation (GDPR)
Code Bards is a Canadian company and our data infrastructure is currently based in Canada. That means if you are in another country in the world and you use our products, your data are transferred to Canada. The EU has stronger privacy laws than Canada and a core tenet of the GDPR is that if you transfer any personal data of EU residents out of the EU, you must protect it to the same level as guaranteed under EU law. There are two factors to this:
- The practices that businesses take handling personal data; and
- The laws of the countries where you transfer the EU personal data to
Practices we have at Code Bards
We are serious about treating our customers fairly, about your control of your data, your right to privacy, and the security measures we put in place to protect your data, regardless of where you are in the world.
- We never have and never will sell customer data.
- We don’t run ads for other services in our products.
- We limit the data we collect: if we don’t need it, we don’t ask for it.
- We put a lot of security measures into place including in-transit encryption and encryption at-rest.
- When you email us at firstname.lastname@example.org, someone will get back to you. You are always speaking with a human! No bots.
We do work with sub-processors. We've listed links to our current sub-processors at the end of this page. With each vendor, we assess their commitment to privacy.
Last but not least, we know privacy regulations are constantly evolving. We root for stronger consumer privacy laws! We stay aware of relevant changes in the regulatory landscape.
Relevant Canadian laws
Canada has the Personal Information Protection and Electronic Documents Act (PIPEDA) which is similar to GDPR, to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions.
Data processing addendum
We haven't incorporated a Data Processing Addendum (DPA) yet to our Terms of Service. If you believe we should have one for your specific case, talk to us about it.
If you are a Data Controller under GDPR (i.e a business working with personal data of EU residents), we encourage you to take stock of your personal data flows and vendors too. The European Data Protection Board issued a draft set of guidelines on November 11, 2020 with specific recommendations for EU-based businesses transferring personal data out of the EU.
Personal Information Protection and Electronic Documents Act (PIPEDA)
The purpose of the PIPEDA is to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.
That means when we process data you provide, we do so solely for the purpose you signed up for. Our business model is simple: we charge a recurring subscription fee to our customers. We do not sell personal information or use your data for any other commercial purposes unless with your explicit permission.
Code Bards uses third party subprocessors, such as cloud computing providers, to provide our services. We also use other software as a company that are not part of providing our services but may collect your personal information for other purposes, such as our emailing software for customer support.
You can see which subprocessors we use by viewing the following linked list: