PIPEDA (Personal Information Protection and Electronic Documents Act) is Canada’s privacy law that applies to all organizations in the private sector. It outlines how personal information should be collected, used, and disclosed. PIPEDA requires businesses to ensure that when collecting and handling personal data in commercial activities, they adhere to privacy protection principles, including obtaining explicit consent, securing the data, and notifying individuals in the event of a data breach. It is one of Canada’s core privacy laws, designed to balance individual privacy with business operations. Québec Law 25 (formerly known as Bill 64) is a revision of Quebec’s privacy laws, which supplements and strengthens PIPEDA, particularly aimed at enhancing the protection of personal data. This law requires businesses to implement stricter data protection measures, provide transparent privacy policies, and conduct more thorough reviews of data handling practices. It also strengthens the rights of data subjects, such as the right to access and delete data, and mandates that businesses notify regulatory authorities and affected individuals promptly in the event of a data breach. This law plays a more significant local role within Canada’s legal framework. The 10 PIPEDA principles grant individuals rights, ensuring they know why their personal information is being collected, how it will be used, to whom it will be disclosed, and their right to access or correct their personal information. Tuya has undergone TrustArc’s audit process to verify that its privacy protection framework meets a mature and comprehensive level, ensuring the adequate protection of customer and user personal data.