RidingDesk is built on Canadian infrastructure, governed by Canadian law, and designed for Canadian campaigns. Every byte of your campaign data — voter records, communications, analytics, and backups — resides exclusively within Canadian borders.
Political campaign data is among the most sensitive information in a democracy. Where it is stored determines who can access it and under what laws.
When your data is stored in Canada, it is governed exclusively by Canadian law. There is no ambiguity about which jurisdiction applies, no risk of conflicting legal obligations, and no possibility of foreign government access through extraterritorial legislation.
Voters entrust campaigns with personal information — their addresses, political opinions, donation history, and contact preferences. Storing this data in Canada demonstrates respect for that trust and signals your campaign takes data stewardship seriously.
Federal and provincial privacy commissioners increasingly scrutinize cross-border data transfers. By keeping data in Canada, your campaign avoids the complex and evolving regulatory landscape around international data flows.
Political campaign data is uniquely sensitive — it reflects the democratic engagement of Canadian citizens. Keeping this data within Canadian borders is a matter of democratic sovereignty and national security.
Every component of the RidingDesk platform runs within AWS's Canadian region, with no exceptions.
US-based campaign platforms expose your data to American surveillance laws. Here is how RidingDesk differs.
The US Clarifying Lawful Overseas Use of Data (CLOUD) Act allows American law enforcement to compel US-based technology companies to provide data stored on servers regardless of whether the data is stored in the US or on foreign soil. Similarly, the USA PATRIOT Act grants broad surveillance authority. If your campaign data is stored by a US-headquartered company — even on Canadian servers — it may be subject to these laws. RidingDesk is a Canadian company, hosted entirely in Canada, with no US parent entity or legal obligation to comply with American data demands.
Canada's patchwork of federal and provincial privacy legislation creates complex requirements. RidingDesk handles the compliance so you can focus on your campaign.
Canada's federal private-sector privacy law governs how organizations collect, use, and disclose personal information in the course of commercial activity. RidingDesk implements all 10 fair information principles.
Alberta's substantially similar legislation sets out rules for how private-sector organizations collect, use, and disclose personal information. Our controls satisfy PIPA requirements for Alberta-based campaigns.
BC's privacy legislation applies to provincially regulated organizations. RidingDesk provides the consent mechanisms, access rights, and security safeguards required under BC PIPA.
Quebec's modernized privacy law (Law 25) introduces strict requirements for privacy impact assessments, consent, and data breach notification. RidingDesk is fully compliant with Law 25 provisions.
For campaigns that interact with Ontario government data, our platform meets the collection, use, and disclosure requirements under FIPPA.
Political parties and campaigns have specific obligations under the Canada Elections Act regarding voter data.
Elections Canada provides the official voters list to registered political parties. RidingDesk provides the secure infrastructure to manage this data in compliance with the Canada Elections Act, including proper access controls, usage logging, and disposal procedures after the mandated retention period.
Donation and contribution data must be retained and protected according to Elections Canada requirements and Canada Revenue Agency guidelines. RidingDesk stores these records with encryption, strict access controls, and the audit trail necessary for regulatory compliance.
Since 2019, registered political parties must publish and comply with a privacy policy that meets Elections Canada standards. RidingDesk helps campaigns maintain compliance by providing built-in consent management, data subject access tools, and transparent data processing records.
Your campaign cannot afford downtime, and your data cannot afford to be lost. Our backup and disaster recovery infrastructure is entirely within Canada.
Every 6h
Automated full backups
30 Days
Backup retention period
< 4h
Recovery time objective
All backups are encrypted (AES-256) and stored in AWS ca-central-1
Backups are replicated across multiple Availability Zones within Montreal
Point-in-time recovery available for the last 30 days
Disaster recovery procedures tested quarterly
No backup data is ever transferred outside of Canada
Backups are logically isolated per campaign with separate encryption keys
We provide comprehensive Data Processing Agreements (DPAs) that clearly define how we handle your campaign data. Our DPAs are governed by Canadian law and include explicit guarantees about data residency, sub-processor disclosure, and breach notification obligations.
Clearly defined purposes and data categories
Full transparency on all sub-processors (all Canadian or with Canadian data guarantees)
Export your data at any time; certified deletion upon contract end
Contractual right to audit our data handling practices
Our Privacy Officer is available to discuss data handling practices, provide documentation, or prepare a custom Data Processing Agreement for your campaign.
Last updated: March 2026