Privacy Policy

1. Introduction

Tamaat GIS ("Tamaat", "we", "our") is committed to protecting the confidentiality, integrity, and availability of information entrusted to us. This Privacy Policy outlines our data protection practices in connection with the Tamaat cloud-native geospatial platform, delivered as both a public PaaS environment and a privately hosted enterprise solution.

Our approach is designed to align with the principles of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada's Anti-Spam Legislation (CASL). While Tamaat has not yet completed formal compliance audits such as SOC 2 or ISO 27001, our security and governance practices are developed in anticipation of these frameworks.

2. Scope and Application

This Privacy Policy applies to all users and organizations using the Tamaat GIS platform, whether through our publicly hosted cloud infrastructure or a dedicated enterprise deployment.

For enterprise customers with private hosting arrangements, additional data handling and retention terms may be set forth in the applicable Service Agreement or Data Processing Addendum (DPA).

3. Information We Collect

Account and Organizational Information

We collect basic identifiers such as name, email address, and organizational affiliation to create and manage accounts. For enterprise clients, we may collect billing and administrative contact details as provided by your organization.

Geospatial and Project Data

You retain exclusive ownership of all geospatial datasets, spatial layers, configurations, and derived analytics created or stored within Tamaat. Processing of this data is strictly limited to supporting the platform's operational, analytical, and visualization functions.

System and Usage Information

We automatically record technical details (e.g., browser type, device identifiers, IP address, and session logs) to maintain service reliability, security monitoring, and aggregate performance analytics.

Support and Communication Records

When you contact our support team, we collect necessary information to resolve requests and improve service quality.

4. Purpose of Data Use

Your information is used to:

• Authenticate accounts and deliver platform functionality
• Perform requested analyses and data visualizations
• Ensure system resilience, monitoring, and threat detection
• Provide user support and operational updates
• Fulfill contractual and legal obligations
• Improve performance, scalability, and user experience

We may also send technical or product communications relevant to your subscription. You may opt out of optional marketing or educational updates at any time.

5. Data Protection and Security Measures

We implement layered security controls appropriate to the sensitivity of the information handled. These include:

• Encryption of data in transit (TLS/SSL) and at rest
• Role-based access control and least-privilege authorization
• Network segmentation and environment isolation between tenants
• Regular vulnerability assessments and incident monitoring

For enterprise deployments, Tamaat offers private hosting options enabling data residency and organization-specific access policies.

While we continually refine our security posture, Tamaat does not currently hold formal information security certifications; our controls are guided by recognized best practices in cloud security and PaaS architecture.

6. Data Sharing and Third-Party Processing

Tamaat does not sell or rent any customer data. Data may be shared only under the following conditions:

• Service operations: With infrastructure or analytics service providers that support platform functionality under binding confidentiality terms
• Legal obligations: Where disclosure is required by applicable law, court order, or governmental regulation
• User consent: When you explicitly authorize sharing with designated external parties or integrations

Some subprocessors may operate outside of Canada; in such cases, we require comparable privacy safeguards and contractual controls.

7. Data Retention

Personal data and geospatial content are retained only as long as necessary to fulfill service delivery or legal obligations.

Upon account termination or written deletion request, Tamaat removes data within 90 days, unless retention is required for compliance, dispute resolution, or auditing purposes.

8. Your Data Rights

You may request to:

• Access or correct your personal account information
• Export your geospatial datasets
• Request deletion of your account and associated data
• Withdraw consent for optional communications

Requests should be submitted to support@tamaat.com. We will acknowledge and respond within 30 days, subject to verification of identity and scope.

9. Cookies and Analytics

Tamaat uses cookies and analytical tools to support secure authentication, session continuity, and usage insights that inform product development. You may disable non-essential cookies through your browser settings; however, key functions may be limited.

10. Policy Updates

This Privacy Policy may be revised periodically to reflect evolving legislation, product capabilities, or organizational practices. Material changes will be communicated via email or in-platform notice prior to their effective date.

Continued use of the Tamaat platform constitutes acceptance of the updated terms.