Data Privacy & Anonymity Policy for Canuckduck

1. Purpose

This policy defines how Canuckduck protects user privacy while maintaining transparency in governance. It ensures that user data is handled securely, with clear distinctions between public engagement and private identity.

2. Core Privacy Principles

  • Minimal Data Collection – Only essential information is collected to enable platform functionality.
  • Anonymity by Design – User identity, location, and voting records are separated to prevent tracking.
  • Transparency in Data Handling – Users are informed about what data is collected and how it is used.
  • No Third-Party Exploitation – User data is never sold, monetized, or shared with external entities beyond necessary operational requirements.

3. User Identity & Separation of Components

Canuckduck separates user identity into three distinct components:

  1. Wisdom (Public Contributions)
    • Represents user discussions, posts, and engagement in Pond and Flightplan.
    • Publicly visible but not linked to personally identifiable information (PII).
  2. Solidarity (User Identity & Authentication)
    • Securely stored in OpenLDAP and not publicly visible.
    • Used for login authentication and access control.
    • Never linked to voting records or public contributions.
  3. Stature (Geospatial & Issue Relevance)
    • Used to determine which local issues are relevant to a user.
    • Stored separately from both Wisdom and Solidarity.
    • Only aggregated geospatial data is used for analytics, ensuring anonymity.

4. Data Collection & Storage Policies

  • Personally Identifiable Information (PII): Only used for authentication and never exposed to other users.
  • Voting Data: Anonymous and recorded only in aggregate to maintain platform integrity.
  • Discussion Content: Publicly visible but not linked to Solidarity (identity data).
  • Survey Results: Stored as raw, downloadable text files with disclaimers about anonymous input.
  • Location Data: Used only for regional issue targeting and never stored with user identity.

5. User Rights & Data Management

  • Data Portability – Users can request a copy of their stored data.
  • Right to Be Forgotten – Users can delete their accounts, triggering removal of all Solidarity-linked data.
  • Limited Retention Policy – Non-essential logs are automatically purged after six months.

6. Security Measures

  • Encryption – All sensitive data (Solidarity & login credentials) is encrypted in transit and at rest.
  • Access Controls – Role-based permissions ensure that only authorized users can access sensitive information.
  • Anonymization Techniques – Voting, discussion, and location data are stored in separate systems to prevent correlation.
  • Regular Security Audits – Data policies are reviewed periodically to ensure compliance with best practices.

7. Compliance & Legal Considerations

  • Complies with Canadian privacy laws (PIPEDA).
  • Adheres to global best practices for data protection and anonymity.
  • Users are informed about any updates to privacy policies before changes take effect.

8. Conclusion

Canuckduck prioritizes user privacy while ensuring open governance. By separating identity components, encrypting sensitive data, and maintaining transparency in data handling, the platform provides a secure and anonymous way for users to participate in civic engagement.