Compliance

1. Regulatory Framework

BonAppify operates within a comprehensive regulatory framework that encompasses Canadian federal and provincial legislation, international data protection standards, and industry-specific requirements:

Personal Information Protection and Electronic Documents Act (PIPEDA) — Federal privacy legislation governing the collection, use, and disclosure of personal information in the course of commercial activities.

Quebec Act Respecting the Protection of Personal Information in the Private Sector (Law 25) — Provincial privacy legislation establishing enhanced privacy rights and obligations for organizations operating in Quebec.

Canada's Anti-Spam Legislation (CASL) — Federal legislation governing commercial electronic messages, ensuring all communications comply with consent and identification requirements.

Accessibility for Ontarians with Disabilities Act (AODA) and equivalent provincial legislation — Ensuring digital accessibility across all platforms.

2. PIPEDA Compliance

As a Canadian organization, BonAppify fully complies with the ten fair information principles established by PIPEDA:

Accountability: We have designated a Privacy Officer responsible for our compliance with privacy legislation and for receiving and responding to complaints and inquiries.

Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection.

Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information. Consent may be withdrawn at any time, subject to legal or contractual restrictions.

Limiting Collection: We collect only the personal information necessary for the identified purposes.

Limiting Use, Disclosure, and Retention: Personal information is used only for the purposes for which it was collected and is retained only as long as necessary to fulfill those purposes.

Accuracy: We take reasonable steps to ensure personal information is as accurate, complete, and up-to-date as necessary.

Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.

Openness: We make information about our policies and practices readily available.

Individual Access: Upon request, we inform individuals of the existence, use, and disclosure of their personal information and provide access to that information.

Challenging Compliance: Individuals may challenge our compliance through our Privacy Officer or the Office of the Privacy Commissioner of Canada.

3. Quebec Law 25 Compliance

BonAppify adheres to the enhanced privacy requirements of Quebec's Law 25 (An Act to Modernize Legislative Provisions as Regards the Protection of Personal Information):

Privacy Impact Assessments: We conduct privacy impact assessments for any new project or system involving personal information.

Privacy by Default: Our platform is configured with the highest level of privacy protection by default. Users must affirmatively opt in to any data sharing beyond what is necessary for service delivery.

Incident Notification: We notify the Commission d'accès à l'information du Québec and affected individuals of any confidentiality incident presenting a risk of serious harm, within the timelines prescribed by law.

Transparency: We publish a clear, plain-language privacy policy and provide individuals with information about our data practices upon request.

Right to De-indexation: We honor requests for de-indexation of personal information from our systems where technically feasible and legally required.

Data Portability: We provide personal information in a structured, commonly used technological format upon request.

4. Data Security Standards

Our security program is designed to protect the confidentiality, integrity, and availability of all data entrusted to us:

Infrastructure Security: Our platform is hosted on Microsoft Azure (Canada Central region), which maintains SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, and CSA STAR certifications.

Encryption: All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption.

Access Controls: We implement role-based access controls (RBAC), the principle of least privilege, and multi-factor authentication for administrative access.

Network Security: Our infrastructure includes firewalls, intrusion detection and prevention systems, and DDoS mitigation.

Vulnerability Management: We conduct regular vulnerability scans, penetration testing, and code reviews. Critical vulnerabilities are remediated within 24 hours of discovery.

Security Awareness: All employees complete mandatory security awareness training upon hire and annually thereafter.

5. Environmental Reporting Standards

BonAppify's sustainability metrics and carbon footprint calculations are designed to align with recognized environmental frameworks:

GHG Protocol: Our carbon footprint calculations follow the methodology of the Greenhouse Gas Protocol, the most widely used international accounting standard for greenhouse gas emissions.

UN Sustainable Development Goals (SDGs): Our platform tracks and reports progress toward all 17 UN Sustainable Development Goals, with particular emphasis on SDG 2 (Zero Hunger), SDG 12 (Responsible Consumption and Production), and SDG 13 (Climate Action).

Science Based Targets initiative (SBTi): Our tools help organizations align their waste reduction and emissions targets with the SBTi framework.

Important Note: BonAppify provides sustainability tracking and estimation tools. Our calculations are based on the data provided by users and are intended for internal management purposes. They should be independently verified before use in regulatory filings, certification applications, or public sustainability disclosures.

6. Food Safety Standards Alignment

While BonAppify is not a food safety management system, our audit framework is designed to complement and support compliance with food safety standards:

Our waste categorization and tracking features support documentation requirements relevant to food safety management systems such as HACCP (Hazard Analysis and Critical Control Points).

Our per-shift audit methodology helps identify patterns that may be relevant to food safety, including temperature abuse indicators and cross-contamination risks.

Our reporting tools generate documentation that can support food safety audits and inspections.

7. Digital Accessibility

BonAppify is committed to ensuring our platform is accessible to all users:

We design our user interfaces with accessibility in mind, following the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards.

We support keyboard navigation, screen readers, and other assistive technologies.

We continuously test and improve the accessibility of our platform.

If you encounter an accessibility barrier, please contact us at info@bettertable.com and we will work to resolve the issue promptly.

8. Continuous Improvement

Compliance is an ongoing process. We are committed to:

Regularly reviewing and updating our policies and practices to reflect changes in legislation, technology, and industry standards.

Conducting annual third-party audits of our security and privacy practices.

Maintaining open communication with regulators and industry bodies.

Promptly addressing any compliance gaps identified through internal reviews, external audits, or stakeholder feedback.

For questions about our compliance program, please contact our Compliance Officer at info@bettertable.com.