Data Processing Addendum summary
PIPEDA-aligned processing terms for merchant, shipper, and driver personal information processed through Porterchain capacity programs and operations systems.
What the DPA addresses
Executed DPAs are provided during enterprise onboarding. This summary supports security questionnaires and vendor review.
Roles & responsibilities
Porterchain acts as processor for merchant operational data and documents controller/processor roles for shipper and end-customer information.
Security measures
Encryption in transit, role-based access, audit trails, and incident notification commitments aligned to enterprise programs.
Subprocessors
Documented vendor list (authentication, payments, infrastructure, communications) with change-notice terms — see /trust/subprocessors.
Cross-border transfers
Vendor DPAs and contractual safeguards for subprocessors that may process data outside Canada, including US-based auth and payments providers.
Executed DPA on request
Procurement and security teams receive the full Data Processing Addendum with exhibit schedules during vendor onboarding. Email security@porterchain.com with your questionnaire or redline process.
Need the executed DPA?
We'll share the current DPA template and align exhibits to your enterprise program.