Customer Data and account credentials are stored in Canada. A small, named set of third-party processors handles narrow flows — payment processing, address autocomplete, edge caching — and is fully disclosed below.
Where data lives shapes who can compel access to it, who oversees how it's handled, and how voters perceive the campaigns asking for it.
When voter and donor data is held in Canada, it is governed by Canadian law. There is less ambiguity about which court has jurisdiction, less risk of conflicting legal obligations, and a clearer path to respond to government data requests.
Voters share personal information with campaigns — addresses, political opinions, donation history. Storing it in Canada signals that your campaign takes data stewardship seriously.
Federal and provincial privacy commissioners increasingly scrutinise cross-border data transfers. Keeping personal information in Canada simplifies compliance with PIPEDA, Quebec's Law 25, and provincial PIPA acts.
Political-campaign data reflects the democratic engagement of Canadian citizens. Keeping it within Canadian borders is a matter of democratic sovereignty as much as legal compliance.
The honest map of every system that touches your data.
Two of these are headquartered in Canada-region infrastructure; three are US-headquartered companies handling narrowly-scoped data flows. We disclose them rather than hide them.
Application hosting and primary database
Bulk and transactional email delivery
AWS is a US company; the ca-central-1 region keeps the email content on Canadian soil
Subscription billing and donation payment processing
Card data is collected directly by Stripe, never stored on our servers
Address autocomplete on address fields
Only the free-form address text typed by a user is sent — no account ID or other personal data
DNS and CDN for static assets
Routes traffic to our Canadian servers; does not store Customer Data
Stripe and Mapbox are US-headquartered companies. Where we engage them, the data flow is narrow and disclosed. Replacing them with Canadian alternatives is on the roadmap; our priority is correctness today, not maximum theoretical purity, and we prefer to be honest about it rather than gloss over the reality. AWS is a US company, but the AWS Canada (Central) region keeps email content on Canadian soil.
Federal, provincial, and Quebec-specific. We design for the strictest applicable law in any campaign's jurisdiction.
Canada's federal private-sector privacy law. RidingDesk is designed around its ten fair-information principles, with mandatory breach notification per s.10.1.
Quebec's modernised privacy law, with strict requirements for privacy impact assessments, consent, and breach notification. Our practices are designed around Law 25 for campaigns operating in Quebec.
Alberta's substantially similar legislation. Our access, correction, and consent mechanisms align with PIPA Alberta requirements.
BC's privacy legislation for provincially regulated organisations. Our consent, access, and security safeguards align with PIPA BC.
For campaigns interacting with Ontario government data, our access and disclosure controls map to FIPPA expectations.
The platform supports campaign workflows; your official agent and party headquarters remain authoritative for filings.
Elections Canada provides the official voters list to registered political parties. RidingDesk imports that list into your campaign and applies access controls and audit logging on top. Disposal at the end of the campaign cycle is the campaign’s responsibility under the Canada Elections Act.
Donation records are stored with audit trails and retained for at least seven years to support post-campaign Elections Canada filings and Income Tax Act record-keeping requirements.
Registered political parties must publish and comply with a privacy policy under Elections Canada’s 2019 amendments. RidingDesk supports your campaign’s compliance with consent capture, an audit log, and a data-export tool. Publishing your campaign’s privacy policy remains something your campaign or party does directly with Elections Canada.
We’re happy to walk through the data-flow map with prospective customers, compliance leads, and privacy lawyers.