GC Notify terms of use
Your responsibilities
For CDS responsibilities, read GC Notify’s service level agreement.
Accept conditions, including those in our Privacy notice
We may suspend your account or service if you break these terms or misuse GC Notify. Misuse includes creating duplicate services or services incompatible with your original purpose.
Accept sending limits
We apply limits to maintain our service level objectives. To discuss these limits, contact us.
Daily limit per service:
10,000 emails
1,000 text messages
Annual limit per service (April 1 to March 31):
20 million emails
100,000 text messages
Accept risks when sending text messages
Texts are:
- Unencrypted, and have other security issues. Bad actors may be able to impersonate your service.
- At higher risk than email for delay, delivery failure, or lack of information about delivery status.
- Unreliable for phone numbers outside Canada. We cannot show delivery status for international texts.
Manage and protect personal information of your recipients
GC Notify holds information temporarily but your organization is responsible for that information.
- Communicate with recipients about incidents involving personal information. Contact your privacy office and follow their policies.
- Respond to requests under the Access to Information Act and Privacy Act or similar requests under your jurisdiction’s legislation. For support, contact us.
- Follow your jurisdiction’s legislation and policies, including for branding, language or privacy.
Get consent before sending messages
-
Follow your organization’s policies and check messages are:
(a) Within scope of the consent; for example, if recipient consented to communications about their application, or
(b) If there’s no explicit consent, consistent with the purpose for which recipient gave contact information under Privacy Act, s.7. You may be able to email or text recipients who consented to mail or phone calls. - Check phone numbers can receive texts for free or that the owner understands they may be charged.
Keep accurate contact information
- Use accurate, in-use email addresses. We may suspend your service if, in a 24 hour period, you send 10% or more of your email messages to problem addresses.
- Use accurate, in-use mobile phone numbers. Do not send to landlines.
Send information that’s unclassified or Protected A only
- Assess context to decide what degree of injury could result from release of personal information, either accidentally or by a bad actor.
- Use GC Notify for low-sensitivity personal information.
Practice continuous security and adequate maintenance of your API security
- Use a valid government email and a mobile device with a Canadian phone number to create your account and for 2-factor authentication.
- Create your GC Notify account with a work email address only you can access. Do not share inboxes, account information or passwords, even among staff.
- Follow the steps in our Security notice and report any security breach or vulnerability using the CDS process.
- Follow 11.4 and 11.6 of Amazon Web Service (AWS) Service Terms.
- Secure your API keys and follow our rules for API calls and unprocessed requests as well as callbacks. If you cannot meet our callback requirements, we’ll need to suspend callbacks for your service.