Law 25 Compliance Disclosure — SENTINEL OS
Version 1.0 — Last updated: May 11, 2026 Master document: French version (legal authority in Quebec). This English version is a courtesy translation.
Preamble
This disclosure is published by SENTINEL OS ("the enterprise", "we") to fulfil its obligations as a private-sector enterprise (entreprise) under the Act respecting the protection of personal information in the private sector (CQLR, c. P-39.1), as modernized by the Act to modernize legislative provisions as regards the protection of personal information ("Law 25", assented to on September 22, 2021).
This document is separate from our general Privacy Policy. Its sole purpose is to detail Quebec-specific obligations and serves as the priority reference for any Quebec resident and for the Commission d'accès à l'information du Québec.
If there is any discrepancy between the French and English versions, the French version prevails.
1. Identification of the Person in Charge (s. 3.1)
| Name | Yaovi Houndenou |
| Title | Founder and Person in Charge of the Protection of Personal Information |
| privacy@sentinel-os.ca | |
| Postal address | [SENTINEL OS — head office postal address, Montreal, Quebec, Canada — to be completed before public launch] |
| Correspondence language | French (default) or English, at the choice of the data subject |
The Person in Charge is the official contact for any request for access, rectification, withdrawal of consent, portability, cessation of dissemination, or any complaint prior to recourse to the Commission.
2. Exhaustive List of Personal Information Collected
2.1 Waitlist (public site)
Full name; business email; role; affiliated company; fleet size (declared range); optional free-form message.
2.2 SaaS user account
Identifiers (email, hashed password, auth tokens); language/notification preferences; connection IP, device type, auth log.
2.3 Transport operational data
VINs (treated as personal information when linkable to an identified or identifiable driver); GPS positions in service; photographs; voice recordings of the in-cab voice copilot.
2.4 Payment data
Tokenized via Stripe (we never store the full card number); billing details; transaction history.
2.5 Customer communication
Email, SMS, telephony exchanges (Twilio); generated voice synthesis (ElevenLabs).
2.6 Cookies
See section 11.
3. Purposes of Collection (s. 8, as amended)
| Category | Primary purpose |
|---|---|
| Waitlist | Assess commercial interest, select pilot partners, communicate launch |
| User account | Authentication, access security, service delivery |
| VIN, GPS, photos | Logistics service contract performance |
| Payment | Invoicing, tax compliance |
| Voice | Driver copilot (when activated) |
| Cookies | Audience measurement, security, preferences |
No use for other purposes without separate free, informed and specific consent.
4. Basis for Communication and Processing
- Free, informed and specific consent (s. 14)
- Contractual necessity — operational data
- Serious and legitimate commercial interest (s. 12, para. 1) — security, fraud prevention, logging
- Legal obligation — tax records, authority orders
Consent may be withdrawn at any time (section 9).
5. Retention and Destruction (s. 23)
| Category | Retention | Action at term |
|---|---|---|
| Waitlist (no conversion) | 18 months | Automatic destruction |
| Active user account | Duration of contract | — |
| Inactive user account | 24 months without login | 60-day notice, then destruction |
| Authentication logs | 12 months | Automatic destruction |
| Operational (VIN, GPS, photos) | 7 years after delivery | Destruction (tax + evidence) |
| Voice recordings | 90 days after transcription | Destruction; anonymized transcript only with separate consent |
| Payment data | 7 years (Canadian accounting/tax) | Destruction |
| Confidentiality incidents register | 5 years | Mandatory (s. 3.8) |
Anonymization-vs-destruction: anonymization preferred where technically irreversible, per the 2024 Criteria for the Anonymization of Personal Information.
6. Communication to Third Parties (Sub-processors)
| Sub-processor | Location | Information | Purpose |
|---|---|---|---|
| Vercel | USA | Technical browsing data, front-end hosting | Hosting |
| Supabase | USA (configurable regions) | Account, operational, logs | DB / auth |
| Resend | USA | Email content | Transactional email |
| Sentry | USA | Technical error data | Error monitoring |
| Stripe | USA / Canada | Payment, billing details | Payment processing |
| Anthropic | USA | Text (transcripts, requests) | AI |
| Twilio | USA | Phone numbers, SMS/voice content | Communications |
| ElevenLabs | USA | Text to synthesize | Voice synthesis |
Each sub-processor is bound by a contract imposing protections equivalent to those required by Law 25 (adapted SCCs, confidentiality, use restrictions, incident-notification).
7. Communication Outside Quebec (s. 17)
A Privacy Impact Assessment is conducted prior to any communication to a US-located sub-processor.
Criteria evaluated
- Nature of the information — variable sensitivity
- Purpose — strictly tied to the contracted service
- Protection measures — TLS 1.3, AES-256, RBAC, logging, SCCs, SOC 2 / ISO 27001
- Applicable legal regime — acknowledged as not materially equivalent on every point; compensated by reinforced contractual undertakings
Conclusion
Communication is authorized because contractual, technical, and organizational measures provide a level of protection equivalent to that required in Quebec, per s. 17. The assessment is documented, dated, kept by the Person in Charge, and updated annually or upon substantial change.
8. Automated Decisions (s. 12.1)
Identified
- Bid suggestions on vehicles
- Margin predictions and profitability alerts
- Dispatch routing and A/B/C options
- Driver reputation scoring
Rights
- Be informed of the information used, the principal factors, parameters, and consequences
- Submit observations to an employee able to review
- Request rectification of the information used
- Human review by the Person in Charge or delegate, within 30 days
Send requests to privacy@sentinel-os.ca with subject "Automated decision — s. 12.1".
9. Rights of Data Subjects
| Right | Basis | Mechanism |
|---|---|---|
| Access | s. 27 | Copy of personal information held |
| Rectification | s. 28 | Correction, completion, removal |
| Withdrawal of consent | s. 14 | Prospective effect |
| Portability | s. 27, para. 3 (since Sept 22, 2024) | Structured, commonly used format |
| Cessation of dissemination, de-indexing | s. 28.1 (since Sept 22, 2023) | Subject to conditions |
| Objection to automated decision | s. 12.1 | See section 8 |
| Complaint | s. 32 | First to Person in Charge |
How to exercise rights
- Channel: privacy@sentinel-os.ca or postal mail
- Identity: reasonable proof required
- Response deadline: 30 days from receipt
- Cost: free, unless manifestly abusive
- Refusal: justified in writing with available recourse
10. Confidentiality Incidents (ss. 3.5–3.8)
- Detection and containment — automated Sentry and Supabase alerts
- Risk assessment within 72 hours
- Notification to the Commission if risk of serious harm
- Notification to data subjects if risk of serious harm
- Incident register kept for 5 years (mandatory under s. 3.8)
11. Solicitation and Cookies
11.1 Commercial solicitation
No waitlist information is sold. Commercial messages include an unsubscribe mechanism.
11.2 Cookies
| Cookie | Type | Purpose | Duration | Consent |
|---|---|---|---|---|
| `sentinel_session` | Strictly necessary | Authentication | Session | Not required |
| `sentinel_lang` | Preference | Language | 12 months | Not required |
| `_vercel_analytics` | Anonymized audience | Statistics | 24 hours | Required |
| `sentinel_marketing` | Marketing | Conversion tracking | 90 days | Required |
Refusal is as easy as acceptance, per Commission guidance.
12. Biometrics and Digital Identity
The enterprise does not currently collect biometric characteristics within the meaning of CQLR c. C-1.1, ss. 44–45. The voice copilot transcribes voice content and does not perform voice-print identification. Any future biometric function would require prior declaration to the Commission, express separate consent, and a policy update.
13. Minors
Service not directed at persons under 16. No intentional collection from minors under 14. If discovered, destroyed without delay.
14. Complaint to the Commission d'accès à l'information du Québec
| Quebec City address | 525, boulevard René-Lévesque Est, suite 2.36, Quebec City, Quebec G1R 5S9 |
| Montreal address | 2045 Stanley Street, suite 900, Montreal, Quebec H3A 2V4 |
| Phone | 418 528-7741 — toll-free 1 888 528-7741 |
| Web form | https://www.cai.gouv.qc.ca |
| cai.communications@cai.gouv.qc.ca |
It is recommended, though not mandatory, to first submit the request internally to the Person in Charge.
15. Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | May 11, 2026 | Initial publication (preparation for Q3 2026 pilot) |
Reviewed at least annually and upon any substantial change. Material changes are notified by email and persistent banner for 30 days.
Document approved by the Person in Charge of the Protection of Personal Information — Yaovi Houndenou, May 11, 2026.