PIPEDA compliance surfaces: privacy policy, terms, cookie banner, and signup consent gates
Commit `0a864f44` adds a set of privacy-compliance UI components aimed at Canada's PIPEDA: a `/privacy` page, a `/terms` page, a cookie consent banner, and consent checkboxes on signup. All frontend, no backend dependencies.
The cookie banner (frontend/src/app/components/cookie-banner.tsx) checks localStorage.getItem("pipeda_consent") on mount, shows a fixed bottom bar with a link to /privacy and an Accept button, then stores "pipeda_consent": "true" on acceptance. It's mounted in layout.tsx so it appears app-wide. Straightforward, no external cookies library needed.
The /privacy page is 74 lines of React covering PIPEDA's ten principles by number: identifying purposes (Principle 4.2), consent (4.3), limiting collection (4.4), and so on. The copy references Canada's Personal Information Protection and Electronic Documents Act explicitly and organizes disclosures into sections for account data, application data, and third-party services. The /terms page is 46 lines covering acceptable use and the AS IS disclaimer.
The signup changes add two checkboxes: one for the privacy policy and one for terms of service, both required before form submission. Notably, the signup form still authenticates against Supabase - which is inconsistent with the login page's local-JWT swap in the same fork, but the PIPEDA surfaces themselves don't depend on the auth backend.
The legal copy would need review by anyone deploying this for real; the structure and component layout are more immediately reusable than the exact text.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?