Terms of Service & Privacy Notice

For users of INFORMED DISSENT (informeddissent.ca)

Effective: 2026-04-07 · Version 1.0 · Operator: INFORMED DISSENT

1. What this service is
2. What data we collect
3. How your data is stored and protected
4. Honest limits of what we can promise
5. If you log in with Facebook
6. If you participate via SMS
7. Vote evidence and court use
8. Your rights
9. Subpoena and government request policy
10. Privacy upgrade — committed publication date
11. Changes to these terms
12. Contact
13. Acceptance

1. What this service is

INFORMED DISSENT is a public, independent record of citizen consent and dissent on Canadian federal legislation. It is not affiliated with the Government of Canada, Parliament, or any political party. It exists so that ordinary Canadians can place their position on individual bills on the record, in writing, with a tamper-evident audit trail.

Your votes here have no legal force on the legislative process. They are a public petition mechanism — a way to demonstrate consent or dissent to elected representatives, courts, journalists, and historians.

2. What data we collect

We collect the minimum data needed to verify you are a real, distinct human and to record your votes. Specifically:

If you enroll via SMS

Your phone number (used to send you bills and receive your votes)
A SHA-256 hash of your phone number (used as an internal lookup key)
A masked version of your phone number (e.g. 15····57) for display on the wall of fame, only if you have voted
The timestamps of your enrollment, last activity, and each vote
Each vote you cast: which bill, which side (agree/dissent), and any optional personal-impact note

If you enroll via Facebook

Your Facebook user ID (a number, not your username)
Your name as it appears on Facebook
Your email if Facebook provides it (optional, only if you grant the permission)
The same vote and timestamp data as above

If you register with email and password

Your email address
A bcrypt hash of your password (we never see your actual password)
Your name and postal code (the postal code is used only to display regional vote breakdowns)
The same vote and timestamp data as above

Automatic data we do not collect

We do not use third-party analytics (no Google Analytics, no Facebook Pixel, no Hotjar, etc.)
We do not track you across the web
We do not sell, rent, or share your data with advertisers
Our server logs include your IP address and user agent for security/abuse purposes only, and are rotated and deleted on a 30-day cycle

3. How your data is stored and protected

Personally-identifying fields are encrypted at rest. Your phone number, email address, name, masked phone, and postal code are protected by strong authenticated encryption before being written to storage. The decryption key is held separately from the data itself. A stolen database file, backup, or snapshot is unreadable without the key.

The protections we maintain include:

Field-level encryption of all personally-identifying columns
Modern transport security (HTTPS-only, HSTS, TLS) on every connection
Hardened server access (key-based authentication only, password login disabled, restrictive firewall)
Automated abuse-protection on authentication endpoints
An append-only audit log that records every state change for accountability
Encrypted backups stored separately from the live system
Independent reviewers may inspect our source code on written request

4. Honest limits of what we can promise

Read this carefully. No system that records identifiable votes is unbreakable. By using this service you accept that some residual risk always exists, and you should make your participation decision with that in mind.

What we believe we defend against well:

Passive theft of stored data (a leaked database file, backup, or snapshot on its own is not enough to read your information)
Common automated attacks against web applications
Casual abuse, spam, and brute-force attempts

What we cannot fully promise, and where you should be realistic:

No web service — including this one — is perfectly resistant to a sufficiently well-resourced and determined attacker who specifically targets it. This is a property of the entire industry, not a flaw unique to us.
Anyone with operational control of the running infrastructure has, in principle, more access than a passive attacker. We commit to using that access only for legitimate operations and the narrow circumstances described in section 9.
If you believe a sophisticated actor — corporate, foreign, or state-level — is specifically targeting you, you should not rely on this service alone for high-stakes activity, and you should consult independent security advice.

Section 10 below describes the next major privacy upgrade we are working on, which is intended to substantially reduce these residual risks.

5. If you log in with Facebook

Facebook is a third-party tracker. When you click "Continue with Facebook" you are interacting directly with Meta's servers before our server ever sees you. Meta knows that you visited informeddissent.ca, what time, what browser, and your full Facebook identity. We have no control over what Meta does with that information.

What we receive from Facebook on a successful login:

Your numeric Facebook user ID
Your public name
Your email address (only if you grant the optional permission)

What Facebook keeps about you (and we cannot control):

That you visited this site, on which device, at what time, from what IP
Anything else Facebook normally collects under its own data policies — see facebook.com/privacy/policy

If you want stronger anonymity, do not use the Facebook login option. Use SMS or email instead.

6. If you participate via SMS

SMS messages are sent and received via Twilio. By texting our number (+1 518-632-7511) you are authorizing:

Twilio to deliver and receive your messages on our behalf, subject to Twilio's privacy policy
Your mobile carrier to bill you at standard message and data rates (we do not bill you for anything)
Us to record the message body, timestamp, and your phone number in our database, where the phone number is stored encrypted as described above

SMS commands you can use:

DISSENT — enroll
NEXT — get the next 3 bills to vote on
MISSED — review bills you skipped
STATUS — see your enrollment and vote count
HELP — full command list
STOP — opt out (CRTC compliant, always works)

We are subject to Canadian Radio-television and Telecommunications Commission (CRTC) anti-spam rules. STOP always works, immediately and irrevocably.

7. Vote evidence and court use

Every vote, enrollment, and account change is recorded in an append-only audit_log table. Each entry includes a tamper-evident timestamp, the action performed, and a reference to the user (by hashed ID) who performed it. No row in this table is ever deleted or modified after creation. This is what makes the system useful as evidence: we can show a court, journalist, or historian that a specific number of distinct verified humans expressed a specific position on a specific bill on a specific date.

We may publish aggregate vote tallies (e.g. "2,431 enrolled voters dissented from Bill C-63") at any time. We will never publish individual vote records linked to identifiable users without that user's explicit, written, per-publication consent.

8. Your rights

You have the right to:

Access a copy of your stored data — email us at the address in section 12
Correct any data we hold about you
Delete your account and all associated personal data — text STOP via SMS or email us. Your votes can be either deleted entirely, or kept in anonymized form for the historical tally — your choice
Withdraw consent at any time, for any reason, without penalty
File a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca

These rights flow from Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Provincial residents in Quebec have additional rights under Law 25.

9. Subpoena and government request policy

If we receive a court order, search warrant, or other legally binding government request for user data, we will:

Independently verify the document is genuine and lawfully issued in Canada
Consult legal counsel before complying
Challenge the request in court if it appears overbroad, defective, or politically motivated
If forced to comply, provide only the specific data named in the order, no more
Notify the affected user(s) before complying, unless we are legally prohibited from doing so
Publish a transparency report annually listing the number of requests received and how they were resolved

We receive zero requests so far. We will say so publicly when that changes (a "warrant canary").

10. Privacy upgrade — committed publication date

By no later than April 30, 2026, INFORMED DISSENT will publish a complete written design and threat model for a substantially stronger voting protocol — one in which the system itself is structurally unable to link a specific vote to a specific identity. The published design will be open for independent review by cryptographers and civil-liberties researchers before any user data is migrated to it.

What we are committing to by April 30, 2026:

A written design document and threat model, published in plain language
An identified open-source cryptographic library, with the rationale for selecting it
An invitation to independent reviewers to break the design before any production code is shipped

What we are not committing to by that date:

A production cutover. Shipping a half-built privacy system is worse than shipping no privacy system. The cutover happens only after the design has survived independent adversarial review and the implementation has been audited.

The cryptographic primitives we are studying are well-established — used by university elections, civil-society voting platforms, and academic research groups for over a decade. We are not inventing new cryptography. We are committing to do the careful, reviewed work of integrating it correctly, on a schedule that puts safety ahead of speed.

Until the upgrade ships, the system operates under the constraints described in section 4.

11. Changes to these terms

We will post any changes to this page with an updated effective date. For changes that materially expand what data we collect or how it is used, we will additionally notify all enrolled users by SMS or email at least 14 days before the change takes effect. You can always view the current version at https://informeddissent.ca/terms.

12. Contact

For privacy questions, data access requests, deletion requests, or to report a security issue, email: privacy@informeddissent.ca

For general inquiries: info@informeddissent.ca

13. Acceptance

By enrolling via SMS, logging in via Facebook, or creating a web account, you confirm that:

You have read this document in full
You understand the threat model in section 4 and accept the residual risks until the April 30, 2026 upgrade
You are at least 18 years of age, or have permission from a parent or guardian
You will use the service in good faith, casting only your own votes, only once per bill
The operator may suspend or remove accounts engaged in spam, fraud, or abuse

This document is intentionally written in plain language. It is not a substitute for legal advice. If you have concerns about participating, please consult a lawyer or refrain from enrolling.