DPA

Data Processing Addendum summary

PIPEDA-aligned processing terms for merchant, shipper, and driver personal information processed through Porterchain capacity programs and operations systems.

Coverage

What the DPA addresses

Executed DPAs are provided during enterprise onboarding. This summary supports security questionnaires and vendor review.

Roles & responsibilities

Porterchain acts as processor for merchant operational data and documents controller/processor roles for shipper and end-customer information.

Security measures

Encryption in transit, role-based access, audit trails, and incident notification commitments aligned to enterprise programs.

Subprocessors

Documented vendor list (authentication, payments, infrastructure, communications) with change-notice terms — see /trust/subprocessors.

Cross-border transfers

Vendor DPAs and contractual safeguards for subprocessors that may process data outside Canada, including US-based auth and payments providers.

Executed DPA on request

Procurement and security teams receive the full Data Processing Addendum with exhibit schedules during vendor onboarding. Email security@porterchain.com with your questionnaire or redline process.

Need the executed DPA?

We'll share the current DPA template and align exhibits to your enterprise program.