Privacy Impact Assessment — Act Now Button LLC
Prepared by: Raymond Chooi
Date: March 15, 2026
Regulation: Quebec Law 25, PIPEDA
1. Project Description
Act Now is a campaign infrastructure platform connecting creators, charities, and sponsors to drive verified impact actions. The platform processes personal information of supporters (who take actions), creators (who distribute campaigns), charities (who run campaigns), and sponsors (who fund campaigns).
2. Personal Information Inventory
| Data Category | Data Elements | Source | Purpose | Storage Location |
|---|---|---|---|---|
| Supporter (Donation) | Anonymized ID, campaign ID, creator attribution ID, amount, Stripe reference, timestamp, IP hash | Action form + Stripe | Verification, allocation, audit | Supabase (Postgres) |
| Supporter (Petition/Signup) | Email, name (optional), campaign ID, creator attribution ID, timestamp, IP hash | Action form | Verification, allocation | Supabase; email purged 30 days post-verification |
| Supporter (Event) | Name, campaign ID, creator attribution ID, timestamp | Action form | Manual verification, allocation | Supabase |
| Creator | Name, email, profile info, attribution history, compensation records | Registration | Account management, attribution, compensation | Supabase + Stripe |
| Charity | Organization name, registration number, contact info, Stripe account | Registration + Stripe | Account management, campaign hosting, donations | Supabase + Stripe |
| Sponsor | Business name, contact info, funding history, charge records | Registration + Stripe | Account management, funding, charges | Supabase + Stripe |
| All visitors | Browser type, pages visited, timestamps, diagnostic data | Automatic (PostHog, Sentry) | Analytics, error monitoring | PostHog, Sentry |
3. Privacy Risk Assessment
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Unauthorized access to supporter PII | Low | High | Supabase RLS, encryption at rest and in transit, service-role-only access to sensitive tables |
| Email retention beyond necessity | Medium | Medium | Automated 30-day purge job with data_retention_log audit trail |
| IP address identification | Low | Medium | Only hashed IPs stored; hashing is irreversible |
| Third-party data breach (Stripe, PostHog, Sentry) | Low | High | All providers maintain SOC 2 compliance; minimize data shared |
| Charity misuse of supporter emails | Medium | Medium | Consent collected at point of action; charity accepts responsibility via third-party agreement |
| Cross-border data transfer | Medium | Medium | Supabase hosted in compliant region; Stripe processes in compliant jurisdictions |
4. Data Minimization Measures
- Only data necessary for verification, attribution, and financial audit is collected
- No raw IP addresses stored (hashed only)
- Supporter emails purged 30 days after petition/signup verification
- Anonymized records retained 7 years for CRA audit requirements only
- No behavioral profiling or advertising use of supporter data
5. Consent Mechanisms
- Account registration: Express consent collected with clear disclosure of data use
- Supporter actions: Required information-sharing checkbox for non-donation actions; disclosure text for donations
- Charity updates opt-in: Optional, unchecked by default, with charity description and privacy policy link
- Marketing emails: Express consent required at sign-up; CASL-compliant unsubscribe in every message
6. Data Subject Rights Implementation
- Access, correction, deletion, and portability requests via privacy@actnowbutton.com
- 30-day response SLA
- Deletion requests anonymize records (remove PII) but retain anonymized action records for financial audit
- French-language privacy disclosures available
7. Incident Response Reference
See separate Incident Response Plan document.
8. Review Schedule
This PIA will be reviewed:
- Annually
- When new data processing activities are introduced
- When significant platform changes affect personal information handling