International Data Transfers

Cross-border data transfers, adequacy decisions, standard contractual clauses, and regional compliance.

Last updated: February 28, 2026

1. Where Your Data Is Processed

Remote-Works is headquartered in Canada. Your personal information may be transferred to and processed in countries outside your country of residence, including:

  • Canada: Our primary operations and data processing
  • United States: Cloud infrastructure, payment processing, and certain service providers
  • European Union / EEA: Service providers and infrastructure for European users
  • Other Jurisdictions: Where our third-party service providers maintain infrastructure

These countries may have data protection laws that differ from your country of residence. We take appropriate measures to ensure your data receives adequate protection regardless of where it is processed.

2. Transfer Safeguards

2.1 Adequacy Decisions

Canada has been recognized by the European Commission as providing an adequate level of data protection (for private-sector organizations subject to PIPEDA). Transfers from the EU/EEA to Canada under PIPEDA are permitted without additional safeguards.

2.2 Standard Contractual Clauses (SCCs)

For transfers to countries without an adequacy decision (such as the United States), we use Standard Contractual Clauses approved by the European Commission to ensure appropriate data protection safeguards. These clauses are incorporated into our agreements with service providers and data processors.

2.3 Additional Safeguards

Where appropriate, we implement supplementary measures including:

  • Encryption of data in transit and at rest
  • Pseudonymization and data minimization
  • Access controls and audit trails
  • Contractual restrictions on data processing and disclosure
  • Regular assessments of the legal framework in recipient countries

3. Regional Data Processing

3.1 Canadian Users

For Canadian users, data is primarily processed in Canada. Some data may be transferred to the United States through our cloud infrastructure and service providers, protected by contractual safeguards consistent with PIPEDA requirements.

3.2 European Users (EU/EEA/UK/Switzerland)

For European users, transfers outside the EU/EEA are protected by:

  • Adequacy decisions (for transfers to Canada)
  • Standard Contractual Clauses (for transfers to the United States and other countries)
  • Your explicit consent where required

You may obtain a copy of the safeguards we use for international transfers by contacting gdpr@remote-works.io.

3.3 US Users

For US users, data may be processed in both the United States and Canada. California residents have additional rights under CCPA/CPRA as described in our Data Rights policy.

3.4 Other Regions

For users in other regions, we comply with applicable local data protection laws regarding international transfers. If your country requires specific transfer mechanisms, please contact us and we will work to ensure appropriate safeguards are in place.

4. Third-Party Sub-Processors

Our key service providers that may process data internationally include:

  • Cloud Infrastructure: Enterprise-grade hosting with data centers in multiple regions
  • Authentication Services: Firebase Authentication (Google) — US-based with global infrastructure
  • Payment Processing: Stripe (US/Global), PayPal (US/Global)
  • Email Services: Transactional and marketing email providers
  • Analytics: Usage analytics and performance monitoring providers
  • AI Services: Machine learning and AI processing providers

All sub-processors are bound by data processing agreements that include appropriate data protection obligations and transfer safeguards.

5. Your Consent

By using the Platform, you acknowledge and consent to the transfer of your personal information to Canada and other countries as described in this policy. If specific consent is required by applicable law for certain types of transfers, we will obtain it before the transfer occurs.