Compliance
Statutes, frameworks, and standards PostingPal aligns to. Items marked GAC Edition refer to the dedicated Canadian deployment, delivered before any Protected B data is loaded.
Met In progress Roadmap
| Framework | Scope | Notes | |
|---|---|---|---|
| PIPEDA | Privacy — private sector | Privacy notice, access, correction, self-serve deletion, breach-notification commitment. | |
| Official Languages Act | EN/FR bilingual | UI, emails, and public pages available in English and French. Ongoing parity for every new view. | |
| Accessible Canada Act — WCAG 2.1 AA | Web accessibility | Semantic HTML, contrast, keyboard navigation, ARIA labels. Conformance audit scheduled before pilot. | |
| ITSG-33 (Annex 3A) | GC security controls | SSP/TRA/PIA mapped for GAC Edition, delivered with a sponsoring security authority before any Protected B pilot. | |
| Protected B | GC security category | GAC Edition target. Canadian-region data, enforced MFA, Canadian-hosted AI. | |
| SOC 2 Type 1 | Service controls | Planned in parallel with GAC Edition. | |
| OAuth 2.0 / OIDC | Federated auth | Google and Apple today; SAML 2.0 GC SSO and PKI on roadmap. | |
| TLS 1.2+ / AES-256 | Encryption | In transit and at rest, including photo storage and backups. | |
| Row-Level Security (RLS) | Authorization | Per-inventory isolation enforced by Postgres. | |
| Append-only audit log | Traceability | Invitations, member changes, deletions, exports. Downloadable as CSV. | |
| PCI DSS Level 1 (Stripe) | Payments | No card data on our servers. |
More detail: /security · /privacy · /vendor
Last updated May 15, 2026.