Innovative AI Solutions for the Future

Miigwech AI Solutions – Terms of Sale and Use (miigCloud Line)

Effective Date: January 26, 2026
Governing Law: Ontario, Canada

These Terms of Sale and Use ("Terms") govern the purchase and use of the miigCloud Line on‑premises systems ("miigCloud Line", "Product"). By placing an order for, accepting delivery of, or using miigCloud Line, you agree to be bound by these Terms.

1. Parties and Scope

1.1 Parties

These Terms form a binding legal agreement between you ("Customer", "you", or "your") and Miigwech AI Solutions Inc. ("Miigwech", "we", "us", or "our").

1.2 Business Use

miigCloud Line is offered on a business‑to‑business basis. By purchasing the Product, you represent that you are acquiring it for organizational, institutional, or community use and that you have authority to bind that entity.

1.3 Scope of Agreement

These Terms govern:

• Sale and delivery of miigCloud Line hardware and embedded system software
• Any perpetual or bundled software licenses included with the Product
• Your use of the Product within your own environment

These Terms do not create a recurring subscription service, managed hosting service, or remote administration relationship.

1.4 Order of Precedence

If there is a conflict between documents, the following order applies:

• Any mutually executed purchase agreement or order form
• Any product‑specific addenda explicitly referencing miigCloud Line
• These Terms
• The Privacy Policy

1.5 Amendments

We may update these Terms for future purchases. The version in effect on the date of your order applies to that purchase. Material changes will not retroactively modify executed sales unless agreed in writing.

2. Definitions

For purposes of these Terms:

• "Product" means the miigCloud Line hardware appliance, including embedded system software and bundled local applications delivered by Miigwech.
• "Bundled Applications" means software shipped on the Product, such as miigFlashPaper and the sovereignty / CLOUD Act exposure monitor.
• "Customer Environment" means your physical premises, network, and infrastructure where the Product is installed.
• "Customer Content" means any data, files, configurations, or other materials that you or your users store or process on miigCloud Line.
• "Documentation" means technical and user documentation we provide relating to installation, configuration, and use of miigCloud Line.

3. Product Description and Architecture

3.1 On‑Premises Hardware and Software

miigCloud Line is a physical device installed within your environment and operated solely under your control. It provides sovereign data storage, RBAC capabilities, and the ability to host applications, static files, and web content within your own network.

3.2 No Remote Access by Miigwech

Miigwech does not maintain remote access, backdoors, or administrative accounts into your Product. Once delivered, the Product operates under your control, and we do not connect into or manage your environment.

3.3 No Telemetry or Centralized Analytics

miigCloud Line is designed without outbound telemetry to Miigwech. We do not receive usage logs, performance metrics, content, or user identifiers from your deployment.

3.4 Bundled Applications

Bundled Applications, including miigFlashPaper and the sovereignty / CLOUD Act exposure monitor, run locally on the Product within your environment. All Customer Content they process remains under your control and is not transmitted to Miigwech.

3.5 Data Sovereignty Orientation

The Product is architected to support data sovereignty by:

• Operating on hardware physically located within your chosen environment
• Avoiding reliance on U.S. cloud infrastructure and typical SaaS telemetry
• Allowing you to align deployment with OCAP® and other Indigenous data governance principles

4. Availability, Updates, and Maintenance

4.1 No Hosted Service or Uptime Commitment

miigCloud Line is not a hosted service. We do not provide uptime guarantees, service level agreements, or continuous remote monitoring.

4.2 Software Updates

We may, at our discretion, make firmware or software updates available. It is your responsibility to decide whether and when to apply updates within your environment.

4.3 Customer Responsibility for Operation

You are solely responsible for:

• Power, cooling, and physical environment
• Network configuration and connectivity
• Backups, redundancy, and disaster recovery
• Day‑to‑day operation and monitoring of the Product

4.4 No Ongoing Support Obligation

Miigwech does not provide general technical support, managed services, or ongoing administration for miigCloud Line. Any documentation or guidance we provide is for convenience and does not create a continuing duty to support or monitor your deployment.

5. Privacy, Security, and Compliance

5.1 Privacy Policy

Our Privacy Policy for miigCloud Line describes how we handle limited customer information (e.g., invoicing data). It is incorporated by reference into these Terms.

5.2 Customer as Data Controller

You are the data controller for all Customer Content and user information stored or processed on miigCloud Line in your environment. You are responsible for meeting your own legal, regulatory, and community obligations related to that data.

5.3 Security Design

We design miigCloud Line without remote backdoors and without default outbound telemetry to Miigwech. You are responsible for implementing appropriate physical, network, and application‑level security controls in your environment.

5.4 No Data Processing on Behalf of Customer

Miigwech does not process Customer Content on your behalf in the manner of a cloud service provider. Any data residency, sovereignty, or OCAP® alignment arises from how you deploy and govern the Product within your own environment.

6. Customer Obligations and Acceptable Use

6.1 Installation and Configuration

You are responsible for installing, configuring, and operating miigCloud Line in accordance with the Documentation and with applicable laws.

6.2 Lawful Use

You will use the Product only for lawful purposes and in compliance with:

• Applicable laws and regulations
• Community and organizational governance requirements
• Third‑party rights (including privacy and intellectual property)

6.3 Prohibited Activities

You agree not to:

• Use the Product to store or distribute illegal content
• Deploy the Product in ways that violate export, sanctions, or other applicable restrictions
• Introduce malicious code intended to disrupt, damage, or gain unauthorized access to systems
• Use the Product as part of any system intended for unlawful surveillance or rights violations

6.4 Customer Content Responsibility

You represent and warrant that:

• You have all necessary rights to store and process Customer Content on miigCloud Line
• Customer Content and your use of the Product do not violate applicable laws or third‑party rights
• You will obtain and maintain any required consents and notices for individuals whose data you manage

7. Intellectual Property

7.1 Miigwech IP

miigCloud Line's embedded software, firmware, Documentation, and any designs or configurations we provide are owned by Miigwech or its licensors and protected by applicable intellectual property laws. No ownership rights are transferred; you receive only the limited rights expressly granted in these Terms.

7.2 License to Embedded Software and Bundled Applications

Subject to these Terms and full payment of applicable fees, Miigwech grants you a limited, non‑exclusive, non‑transferable license to use the embedded software and Bundled Applications on the Product for your internal purposes, for as long as you own the associated hardware, unless earlier terminated under these Terms.

7.3 Customer Content

You retain all rights to Customer Content. Miigwech does not claim ownership of Customer Content and does not use it, except as may be strictly necessary if you explicitly and separately request diagnostic assistance and provide relevant excerpts.

7.4 Feedback

If you provide suggestions, feedback, or ideas about miigCloud Line, we may use them without restriction or obligation to you.

8. Fees, Payment, and Taxes

8.1 Pricing and Payment Terms

Prices and payment terms are specified in your quotation, invoice, or purchase agreement. Amounts are payable in the currency indicated on the invoice, typically Canadian Dollars (CAD), unless otherwise agreed.

8.2 Invoicing and Payment

Payment is due in accordance with the terms stated on the invoice. If no terms are stated, payment is due within thirty (30) days of invoice date.

8.3 Taxes

Prices are exclusive of applicable taxes (including GST, HST, PST, or similar). You are responsible for all such taxes, duties, and charges, other than taxes on Miigwech's net income.

8.4 Late Payments

We may charge interest on overdue amounts at the lesser of 1.5% per month or the maximum rate permitted by law, and may delay shipment of additional Products until payment is received.

8.5 No Refunds

Except where required by law or expressly stated in writing, all sales are final and non‑refundable.

9. Title, Risk of Loss, and Delivery

9.1 Transfer of Title

Title to the hardware component of the Product passes to you upon full payment and delivery, subject to the license restrictions on embedded software and Bundled Applications.

9.2 Risk of Loss

Risk of loss or damage to the Product passes to you upon delivery to the carrier or, where applicable, upon physical handover to you or your designated recipient.

9.3 Inspection and Claims

You should inspect the Product promptly upon receipt and notify us within a reasonable period if there is visible shipping damage or material defects apparent on delivery.

10. Warranties and Disclaimers

10.1 Limited Hardware Warranty (if provided)

If a written limited hardware warranty is provided with the Product or in your purchase agreement, that warranty will govern hardware defects for the specified period and scope.

10.2 No Implied Service Warranty

miigCloud Line is a hardware and on‑premises software product, not a hosted service. We make no warranties regarding uptime, continuous availability, or performance of your environment.

10.3 "AS IS" Disclaimer

EXCEPT TO THE EXTENT EXPRESSLY SET OUT IN ANY WRITTEN WARRANTY PROVIDED WITH THE PRODUCT OR IN A SIGNED AGREEMENT, THE PRODUCT (INCLUDING EMBEDDED SOFTWARE AND BUNDLED APPLICATIONS) IS PROVIDED "AS IS" AND "AS AVAILABLE". TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON‑INFRINGEMENT.

10.4 No Professional Advice

Any outputs, indicators, or metrics displayed by Bundled Applications (including sovereignty or exposure indicators) are informational tools. They are not legal, compliance, or professional advice, and you remain responsible for obtaining appropriate professional guidance where required.

11. Limitation of Liability

11.1 Liability Caps

TO THE MAXIMUM EXTENT PERMITTED BY LAW, MIIGWECH'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO A PRODUCT PURCHASE OR THESE TERMS SHALL NOT EXCEED THE AMOUNT YOU PAID TO MIIGWECH FOR THE SPECIFIC MIIGCLOUD LINE UNIT GIVING RISE TO THE CLAIM.

11.2 Exclusion of Certain Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, MIIGWECH SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL, OR COST OF SUBSTITUTE EQUIPMENT OR SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.3 Exceptions

Nothing in these Terms excludes or limits liability where such exclusion or limitation is prohibited by applicable law, including liability for gross negligence, willful misconduct, or death or personal injury caused by negligence.

11.4 Basis of the Bargain

You acknowledge that these limitations and exclusions of liability are an essential basis of the bargain and that we would not be able to supply miigCloud Line at the agreed price without them.

12. Indemnification by Customer

You agree to indemnify, defend, and hold Miigwech harmless from and against any third‑party claims, damages, liabilities, costs, and expenses (including reasonable legal fees) arising from:

• Your use or misuse of miigCloud Line
• Customer Content and data you store or process on the Product
• Your violation of these Terms or applicable laws
• Any claims that your configuration or deployment of the Product infringes third‑party rights

13. Confidentiality

13.1 Definition

"Confidential Information" means non‑public information disclosed by one party to the other that is designated as confidential or that should reasonably be understood to be confidential under the circumstances.

13.2 Obligations

The receiving party will:

• Use Confidential Information only to perform its obligations under these Terms
• Protect it with at least reasonable care
• Not disclose it to third parties except to personnel with a need to know and subject to similar obligations

13.3 Exclusions

Confidential Information does not include information that is or becomes public without breach, is already known to the receiving party, is independently developed, or is required to be disclosed by law (with prompt notice where permitted).

13.4 Duration

Confidentiality obligations survive for three (3) years after disclosure, except trade secrets remain protected for as long as they qualify as trade secrets under applicable law.

14. Dispute Resolution and Governing Law

14.1 Governing Law

These Terms are governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles.

14.2 Informal Resolution

Before initiating formal proceedings, the parties will attempt to resolve disputes in good faith for at least thirty (30) days after written notice of the dispute.

14.3 Arbitration or Courts

Unless otherwise required by law, disputes that cannot be resolved informally may be brought before the courts of Ontario or resolved through binding arbitration in Toronto, Ontario, under applicable Canadian arbitration rules, as specified in any written agreement between the parties. Nothing in this section limits your right to raise concerns or complaints with the Office of the Privacy Commissioner of Canada or any other relevant privacy regulator with jurisdiction.

15. General Provisions

15.1 Entire Agreement

These Terms, together with any applicable purchase agreement and our Privacy Policy for miigCloud Line, form the entire agreement relating to the Product and supersede all prior or contemporaneous understandings.

15.2 Amendments

Amendments must be in writing and signed or otherwise agreed by both parties, except that Miigwech may update standard Terms for future orders as described in Section 1.5.

15.3 Severability

If any provision is held invalid or unenforceable, the remaining provisions will remain in full force and effect, and the invalid provision will be modified to the minimum extent necessary to be enforceable.

15.4 Waiver

Failure to enforce a provision is not a waiver of that or any other provision. Any waiver must be in writing.

15.5 Assignment

You may not assign these Terms or any rights or obligations under them without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.

15.6 Independent Contractors

The parties are independent contractors. These Terms do not create a partnership, joint venture, employment, or agency relationship.

15.7 Force Majeure

Neither party is liable for delays or failures caused by events beyond its reasonable control (including natural disasters, war, government actions, or widespread network outages). If such an event continues for more than thirty (30) days, either party may terminate the affected order upon written notice.

15.8 Export Compliance

You are responsible for complying with applicable export, import, and sanctions laws regarding your use and transfer of miigCloud Line.

15.9 Notices

Formal notices to Miigwech must be sent to the address or email specified in your invoice or purchase agreement. Notices to you may be sent to the billing or contact address associated with your purchase.

BY PLACING AN ORDER FOR OR USING MIIGCLOUD LINE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS.

Privacy Policy

1. Core Privacy and Sovereignty Principles

We design miigCloud Line according to privacy‑by‑architecture and data sovereignty principles so that your data stays under your physical and legal control.

• Miigwech does not access, process, or store the operational or user data that resides on your miigCloud Line system.
• The Product is engineered to avoid exposure to the U.S. CLOUD Act by operating without U.S. infrastructure, U.S. cloud services, or U.S. telemetry dependencies.
• We treat laws like PIPEDA and GDPR‑style regimes as a minimum floor, not a ceiling; our design choices aim to materially reduce external access risks rather than relying solely on policy promises.

2. Scope of this Policy

This Policy covers:

• The miigCloud Line hardware and its base system software.
• Bundled local applications, including miigFlashPaper and the sovereignty / CLOUD Act exposure monitor, when run on your own infrastructure under your control.
• Our handling of limited transactional data required to sell and deliver the Product and meet legal obligations.

This Policy does not cover how you or your users configure, operate, or use miigCloud Line within your organization. You are the data controller for all content and user information processed on your own systems.

3. No Remote Access, No Telemetry

No backdoors, no remote administration:

• Miigwech cannot remotely connect to your miigCloud Line system.
• We do not maintain admin credentials, remote tunnels, or hidden accounts.

No telemetry or monitoring:

• The Product does not send Miigwech usage logs, user identifiers, model inputs/outputs, content, or system metrics.
• We do not collect crash reports, performance statistics, or configuration data from your deployment.

No centralized user database:

• We do not operate any central service that knows which users exist inside your miigCloud Line environment.
• All identities, roles, and permissions are local to your infrastructure and under your control.

Any data stored, processed, or transmitted by miigCloud Line inside your network is your responsibility and remains outside Miigwech's operational reach.

4. OCAP and Indigenous Data Sovereignty

Miigwech expressly aligns the design and intended use of miigCloud Line with the First Nations Principles of OCAP® (Ownership, Control, Access, and Possession) and broader Indigenous data sovereignty frameworks.

• Ownership: Communities and organizations own their data in full. miigCloud Line is built so that your information does not become a resource for external parties, including Miigwech.
• Control: You control how data is collected, used, and shared. Configuration of applications, RBAC, and information flows occurs entirely within your governance processes.
• Access: Decisions about who may access data, under what conditions, and for what purposes are made by you, not Miigwech.
• Possession: Physical custody of infrastructure is a core protection mechanism. miigCloud Line is a physical device installed within your environment so that you maintain physical possession of the systems hosting your data.

Where there is any tension between OCAP‑aligned sovereignty principles and convenience for Miigwech, the Product is intentionally designed to favour sovereignty, not convenience.

OCAP® is a registered trademark of the First Nations Information Governance Centre (FNIGC). This Policy acknowledges OCAP® as a foundational framework for Indigenous data governance and sovereignty.

5. Relationship to PIPEDA and Other Laws

PIPEDA as a baseline:

Miigwech complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) in how we handle the limited personal information we collect for sales, invoicing, and legal compliance.

Beyond minimum compliance:

Because miigCloud Line does not send operational data back to Miigwech, many traditional privacy risks and consent considerations associated with "cloud" services do not arise. Our aim is to meet or surpass both PIPEDA and GDPR‑style expectations by minimizing centralized data collection wherever possible.

International use:

For customers outside Canada, this same architecture—no remote access, no telemetry, no U.S. infrastructure—is intended to support compliance with local privacy and data sovereignty laws by keeping data within your control and your jurisdiction.

6. Information We Collect from Customers

Miigwech only collects information necessary to: (a) sell and deliver miigCloud Line units, and (b) comply with applicable tax and business laws.

6.1 Transactional and Business Information

When you purchase miigCloud Line, we may collect:

• Organization or individual name
• Billing and invoicing address
• Contact information (such as email and/or phone for billing and logistics)
• Details of the Product purchased (units, model, price, invoice details)
• Tax‑relevant information required by law in the applicable jurisdiction

We do not collect information about the data you later store on miigCloud Line or about the identities and activities of your internal users.

6.2 Payment Processing and Third‑Party Service Providers

If third-party payment processors or invoicing tools are used, your payment or billing details may be processed by those providers under their own terms and privacy notices. We do not store full payment card details on our own systems where this can be avoided.

Where we engage third-party service providers to assist with billing, accounting, or record-keeping, we require them by contract to:

• Use customer information only for the specific services we request.
• Apply appropriate safeguards designed to protect confidentiality and security.
• Comply with applicable privacy and data protection laws.

We do not sell or rent customer information to third parties.

7. How We Use Customer Information

We use the limited customer information described above to:

• Process and record sales, invoicing, and delivery
• Meet accounting, audit, and tax obligations under applicable law
• Maintain basic records of business relationships (e.g., invoices issued)

We do not use this information for behavioural profiling, advertising, or analytics.

8. Data Retention for Customer Records

We retain transactional and invoicing records only as long as required by applicable tax, accounting, and corporate law, after which they are securely deleted or anonymized.

We do not retain, and have no ability to retain, any operational data from your miigCloud Line deployment, because such data never transits our infrastructure.

9. miigCloud Line Local Applications

miigCloud Line includes locally running applications such as miigFlashPaper and the sovereignty / CLOUD Act exposure monitor. These are operated solely within your environment.

• All content, messages, and logs processed by these applications remain within your infrastructure and under your governance.
• Features such as "burn after reading" or short‑TTL data handling are executed locally; Miigwech does not receive copies of the underlying content.

You are responsible for configuring these applications in accordance with your own legal, regulatory, and community requirements.

10. Your Role as Data Controller

For all data stored or processed on miigCloud Line, you (or your organization or community) act as the data controller:

• You determine what data is collected, stored, and deleted.
• You configure RBAC, authentication, and access controls.
• You decide how to meet your own obligations under PIPEDA, OCAP, and any other applicable frameworks with respect to individuals whose data you manage.

Miigwech acts only as a hardware and software vendor, not as a data processor or service provider for that operational data.

11. Security Design and Customer Responsibilities

Our responsibilities:

• Design and ship miigCloud Line systems without backdoors or remote access channels.
• Avoid reliance on U.S. cloud or telemetry infrastructure in the default design.
• Provide security‑focused product documentation where needed.

Your responsibilities:

• Secure physical access to miigCloud Line hardware.
• Configure network, RBAC, and application‑level security according to your risk model and legal obligations.
• Maintain backups, incident response plans, and any required policies for your users.

Because we do not control or operate your environment, we cannot be responsible for your internal configuration, network security, or user practices.

12. No Technical Support Obligation

Miigwech does not provide general technical support, managed services, or ongoing administration for your miigCloud Line deployment.

Any voluntary assistance we may choose to provide (for example, documentation or one‑time guidance) does not create an ongoing duty to support or monitor your systems.

We do not operate support channels that involve connecting into your environment or collecting diagnostic data from your deployment.

13. Disclaimers and Limitation of Liability

"AS IS" provision:

miigCloud Line is provided "AS IS" and "AS AVAILABLE" without warranties of any kind, whether express, implied, or statutory, including any implied warranties of merchantability, fitness for a particular purpose, or non‑infringement.

Limitation of liability:

To the maximum extent permitted by law, Miigwech's total liability for any claim related to miigCloud Line will not exceed the amount you paid for the specific unit giving rise to the claim in the twelve (12) months preceding the event. We are not liable for indirect, incidental, special, consequential, or punitive damages.

Force majeure:

We are not responsible for delays or failures caused by events beyond our reasonable control, such as natural disasters, war, government actions, or network failures.

14. User Rights and Complaints (PIPEDA Context)

For the limited personal information we hold about you as a customer (e.g., invoicing data), you may have rights under PIPEDA and similar laws, including the right to:

• Request access to the personal information we hold about you in our business records.
• Request corrections to inaccurate information.
• Challenge our compliance with applicable privacy principles.

Privacy‑related complaints should be directed to our designated Privacy Officer. Unresolved complaints may be escalated to the Office of the Privacy Commissioner of Canada or the relevant authority in your jurisdiction. Nothing in this Policy limits your right to make a complaint to the Office of the Privacy Commissioner of Canada or to any other applicable supervisory authority.

15. Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein.

Any disputes arising from or relating to this Policy or your purchase of miigCloud Line shall be resolved through binding arbitration in Toronto, Ontario, in accordance with applicable Canadian arbitration rules, except where prohibited by law. Nothing in this section limits your right to raise concerns or complaints with the Office of the Privacy Commissioner of Canada or any other relevant privacy regulator.

16. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in law or our business practices relating to customer records.

Material changes affecting how we handle customer information will be communicated using the contact details associated with your purchase, where feasible, before they take effect.

Because miigCloud Line does not transmit operational data to us, changes to this Policy do not change your local data governance; they only affect how we handle the minimal customer information we hold.

17. Contact Information

Use this contact for:

• Questions about this Privacy Policy
• Requests related to access or correction of your customer information
• Privacy or data protection complaints

No technical support is offered through this contact channel.

Data Deletion Policy

1. Overview

At Miigwech AI Solutions, we respect your right to control your personal information. The miigCloud platform is designed for sovereign deployment on your infrastructure, giving you complete control over your data. Here's how you can manage or delete your data:

miigCloud is designed for sovereign, customer‑controlled deployment. In most cases, you (the customer) operate the infrastructure and directly control data stored in miigCloud components (e.g., object storage, databases, logs).

This policy explains:

• What data miigCloud typically stores
• Where deletion and retention are controlled by you vs Miigwech
• Recommended patterns for secure deletion and retention

2. Data Categories in miigCloud Line

In a standard deployment, miigCloud may handle:

• Identity and access data - User accounts, roles, password hashes, tokens, API keys.
• Application data - Objects in S3‑compatible storage (e.g., Garage), database records, files managed by your workloads.
• Operational logs - HTTP/audit logs for admin UI and APIs, system events.
• Ephemeral data - Cache, temporary files, and transient request data.

Exact data categories depend on how you configure and use your instance.

3. Who Controls Deletion

Because miigCloud is deployed on your infrastructure:

• You control storage systems (disks, Garage/S3, PostgreSQL, backups, snapshots).
• You control when data is deleted, anonymized, or retained under your own policies.
• Miigwech does not reach into your environment to delete or retain customer data unless explicitly agreed in a managed‑service contract.

If Miigwech also operates a hosted miigCloud instance on your behalf, that hosted environment will have a separate, written data retention/deletion schedule as part of your service agreement.

4. Deletion Mechanisms (Typical Patterns)

4.1 User Accounts and Access

Administrators can disable or remove accounts using the miigCloud admin interface or API. Typical effects:

• Disable user – prevents login; account and historical logs remain.
• Delete user (where implemented) – removes the user record; logs may keep a non‑identifying reference (e.g., numeric ID) for integrity.

Because RBAC and audit trails are core to sovereignty, we recommend:

• Deactivate users for most HR/lifecycle events.
• Use anonymization or log rotation (see 4.3) if you need to remove identifying info from historical logs.

4.2 Application Data (Buckets, DB records, files)

Deletion of application data (buckets, objects, database rows) is fully under your control:

• Use your S3/Garage tooling, database tools, or application logic to delete data.
• miigCloud does not silently mirror or back up your data to Miigwech‑controlled infrastructure.

If you implement CLI tools (e.g., sovereign-cloud user delete, bucket delete) those are part of your operational playbook, not hardwired guarantees from Miigwech. Document them in your internal runbooks rather than in a public policy unless they are stable, supported commands.

4.3 Audit Logs and System Logs

By default, miigCloud can record audit logs (e.g., timestamp, method, path, status, remote IP, user/id) for security and compliance.

Recommended pattern:

• Short‑term detailed logs (e.g., 30–90 days) for investigations.
• Optional longer‑term, reduced logs (e.g., summarized or anonymized) if you need historical metrics without personal identifiers.

Implement log rotation and deletion via:

• PostgreSQL retention jobs (e.g., scheduled DELETE FROM audit_logs WHERE timestamp < ...)
• Filesystem rotation for any text logs (e.g., logrotate).

miigCloud itself does not force a retention schedule; you define this based on your legal and policy obligations.

5. Ephemeral and "Burn‑After‑Read" Features

If you enable components like miigFlashPaper (burn‑after‑read / TTL notes):

• Notes are stored in memory or short‑lived storage by design.
• Burn‑after‑read notes are deleted as soon as they are successfully viewed once.
• TTL notes are deleted automatically after their configured lifetime expires.

These behaviors are part of the miigCloud application logic and are intended to minimize persistence of sensitive message content.

6. Backups, Snapshots, and Emergency Deletion

Because miigCloud runs inside your environment:

• Backups and snapshots (e.g., database dumps, volume snapshots, tape/remote backups) are created, stored, and deleted according to your own policies.
• If you restore from an older backup, previously deleted data may reappear until it is deleted again.

For emergency deletion (e.g., key compromise, incident response), your administrators can:

• Revoke credentials and tokens
• Delete specific datasets (buckets/DBs)
• Purge or rotate logs
• Destroy or overwrite storage volumes

Miigwech can provide guidance or scripts as part of support, but the actual deletion is performed by your team (unless you have a managed‑service contract that states otherwise).

7. Irreversibility and Recovery

miigCloud is intentionally designed so that:

• Miigwech does not maintain "shadow copies" of your data outside of your control.
• If your team deletes data from your environment (and from any backups/snapshots you control), Miigwech cannot restore it for you.

You are responsible for implementing and testing a backup and recovery strategy consistent with your own retention obligations and risk tolerance.

8. Alignment with Sovereignty and Privacy Frameworks

This approach to data retention and deletion is intended to support:

• OCAP® principles (Ownership, Control, Access, Possession) for First Nations data governance
• PIPEDA and applicable Canadian privacy laws regarding limiting collection, retention, and use
• Data sovereignty expectations where communities and public bodies require that data remain in their legal and physical control
• The spirit of "right to erasure" under GDPR‑like frameworks, to the extent you implement deletion/anonymization workflows in your environment

9. How to Exercise Deletion or Retention Choices

Because miigCloud is deployed in your environment:

• End‑users should send access/erasure requests to your organization, not to Miigwech.
• Your administrators can then:
  • Disable/delete accounts in miigCloud
  • Delete or anonymize records in underlying databases and storage
  • Apply log retention/deletion policies per your governance framework

If you operate a Miigwech‑hosted instance, details of how we execute deletion on your behalf (and timelines) will be documented in your service agreement and/or Data Processing Addendum.