Privacy Policy

1. Core Privacy and Sovereignty Principles

We design miigCloud Line according to privacy‑by‑architecture and data sovereignty principles so that your data stays under your physical and legal control.

• Miigwech does not access, process, or store the operational or user data that resides on your miigCloud Line system.
• The Product is engineered to avoid exposure to the U.S. CLOUD Act by operating without U.S. infrastructure, U.S. cloud services, or U.S. telemetry dependencies.
• We treat laws like PIPEDA and GDPR‑style regimes as a minimum floor, not a ceiling; our design choices aim to materially reduce external access risks rather than relying solely on policy promises.

2. Scope of this Policy

This Policy covers:

• The miigCloud Line hardware and its base system software.
• Bundled local applications, including miigFlashPaper and the sovereignty / CLOUD Act exposure monitor, when run on your own infrastructure under your control.
• Our handling of limited transactional data required to sell and deliver the Product and meet legal obligations.

This Policy does not cover how you or your users configure, operate, or use miigCloud Line within your organization. You are the data controller for all content and user information processed on your own systems.

3. No Remote Access, No Telemetry

No backdoors, no remote administration:

• Miigwech cannot remotely connect to your miigCloud Line system.
• We do not maintain admin credentials, remote tunnels, or hidden accounts.

No telemetry or monitoring:

• The Product does not send Miigwech usage logs, user identifiers, model inputs/outputs, content, or system metrics.
• We do not collect crash reports, performance statistics, or configuration data from your deployment.

No centralized user database:

• We do not operate any central service that knows which users exist inside your miigCloud Line environment.
• All identities, roles, and permissions are local to your infrastructure and under your control.

Any data stored, processed, or transmitted by miigCloud Line inside your network is your responsibility and remains outside Miigwech's operational reach.

4. OCAP and Indigenous Data Sovereignty

Miigwech expressly aligns the design and intended use of miigCloud Line with the First Nations Principles of OCAP® (Ownership, Control, Access, and Possession) and broader Indigenous data sovereignty frameworks.

• Ownership: Communities and organizations own their data in full. miigCloud Line is built so that your information does not become a resource for external parties, including Miigwech.
• Control: You control how data is collected, used, and shared. Configuration of applications, RBAC, and information flows occurs entirely within your governance processes.
• Access: Decisions about who may access data, under what conditions, and for what purposes are made by you, not Miigwech.
• Possession: Physical custody of infrastructure is a core protection mechanism. miigCloud Line is a physical device installed within your environment so that you maintain physical possession of the systems hosting your data.

Where there is any tension between OCAP‑aligned sovereignty principles and convenience for Miigwech, the Product is intentionally designed to favour sovereignty, not convenience.

OCAP® is a registered trademark of the First Nations Information Governance Centre (FNIGC). This Policy acknowledges OCAP® as a foundational framework for Indigenous data governance and sovereignty.

5. Relationship to PIPEDA and Other Laws

PIPEDA as a baseline:

Miigwech complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) in how we handle the limited personal information we collect for sales, invoicing, and legal compliance.

Beyond minimum compliance:

Because miigCloud Line does not send operational data back to Miigwech, many traditional privacy risks and consent considerations associated with "cloud" services do not arise. Our aim is to meet or surpass both PIPEDA and GDPR‑style expectations by minimizing centralized data collection wherever possible.

International use:

For customers outside Canada, this same architecture—no remote access, no telemetry, no U.S. infrastructure—is intended to support compliance with local privacy and data sovereignty laws by keeping data within your control and your jurisdiction.

6. Information We Collect from Customers

Miigwech only collects information necessary to: (a) sell and deliver miigCloud Line units, and (b) comply with applicable tax and business laws.

6.1 Transactional and Business Information

When you purchase miigCloud Line, we may collect:

• Organization or individual name
• Billing and invoicing address
• Contact information (such as email and/or phone for billing and logistics)
• Details of the Product purchased (units, model, price, invoice details)
• Tax‑relevant information required by law in the applicable jurisdiction

We do not collect information about the data you later store on miigCloud Line or about the identities and activities of your internal users.

6.2 Payment Processing and Third‑Party Service Providers

If third-party payment processors or invoicing tools are used, your payment or billing details may be processed by those providers under their own terms and privacy notices. We do not store full payment card details on our own systems where this can be avoided.

Where we engage third-party service providers to assist with billing, accounting, or record-keeping, we require them by contract to:

• Use customer information only for the specific services we request.
• Apply appropriate safeguards designed to protect confidentiality and security.
• Comply with applicable privacy and data protection laws.

We do not sell or rent customer information to third parties.

7. How We Use Customer Information

We use the limited customer information described above to:

• Process and record sales, invoicing, and delivery
• Meet accounting, audit, and tax obligations under applicable law
• Maintain basic records of business relationships (e.g., invoices issued)

We do not use this information for behavioural profiling, advertising, or analytics.

8. Data Retention for Customer Records

We retain transactional and invoicing records only as long as required by applicable tax, accounting, and corporate law, after which they are securely deleted or anonymized.

We do not retain, and have no ability to retain, any operational data from your miigCloud Line deployment, because such data never transits our infrastructure.

9. miigCloud Line Local Applications

miigCloud Line includes locally running applications such as miigFlashPaper and the sovereignty / CLOUD Act exposure monitor. These are operated solely within your environment.

• All content, messages, and logs processed by these applications remain within your infrastructure and under your governance.
• Features such as "burn after reading" or short‑TTL data handling are executed locally; Miigwech does not receive copies of the underlying content.

You are responsible for configuring these applications in accordance with your own legal, regulatory, and community requirements.

10. Your Role as Data Controller

For all data stored or processed on miigCloud Line, you (or your organization or community) act as the data controller:

• You determine what data is collected, stored, and deleted.
• You configure RBAC, authentication, and access controls.
• You decide how to meet your own obligations under PIPEDA, OCAP, and any other applicable frameworks with respect to individuals whose data you manage.

Miigwech acts only as a hardware and software vendor, not as a data processor or service provider for that operational data.

11. Security Design and Customer Responsibilities

Our responsibilities:

• Design and ship miigCloud Line systems without backdoors or remote access channels.
• Avoid reliance on U.S. cloud or telemetry infrastructure in the default design.
• Provide security‑focused product documentation where needed.

Your responsibilities:

• Secure physical access to miigCloud Line hardware.
• Configure network, RBAC, and application‑level security according to your risk model and legal obligations.
• Maintain backups, incident response plans, and any required policies for your users.

Because we do not control or operate your environment, we cannot be responsible for your internal configuration, network security, or user practices.

12. No Technical Support Obligation

Miigwech does not provide general technical support, managed services, or ongoing administration for your miigCloud Line deployment.

Any voluntary assistance we may choose to provide (for example, documentation or one‑time guidance) does not create an ongoing duty to support or monitor your systems.

We do not operate support channels that involve connecting into your environment or collecting diagnostic data from your deployment.

13. Disclaimers and Limitation of Liability

"AS IS" provision:

miigCloud Line is provided "AS IS" and "AS AVAILABLE" without warranties of any kind, whether express, implied, or statutory, including any implied warranties of merchantability, fitness for a particular purpose, or non‑infringement.

Limitation of liability:

To the maximum extent permitted by law, Miigwech's total liability for any claim related to miigCloud Line will not exceed the amount you paid for the specific unit giving rise to the claim in the twelve (12) months preceding the event. We are not liable for indirect, incidental, special, consequential, or punitive damages.

Force majeure:

We are not responsible for delays or failures caused by events beyond our reasonable control, such as natural disasters, war, government actions, or network failures.

14. User Rights and Complaints (PIPEDA Context)

For the limited personal information we hold about you as a customer (e.g., invoicing data), you may have rights under PIPEDA and similar laws, including the right to:

• Request access to the personal information we hold about you in our business records.
• Request corrections to inaccurate information.
• Challenge our compliance with applicable privacy principles.

Privacy‑related complaints should be directed to our designated Privacy Officer. Unresolved complaints may be escalated to the Office of the Privacy Commissioner of Canada or the relevant authority in your jurisdiction. Nothing in this Policy limits your right to make a complaint to the Office of the Privacy Commissioner of Canada or to any other applicable supervisory authority.

15. Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein.

Any disputes arising from or relating to this Policy or your purchase of miigCloud Line shall be resolved through binding arbitration in Toronto, Ontario, in accordance with applicable Canadian arbitration rules, except where prohibited by law. Nothing in this section limits your right to raise concerns or complaints with the Office of the Privacy Commissioner of Canada or any other relevant privacy regulator.

16. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in law or our business practices relating to customer records.

Material changes affecting how we handle customer information will be communicated using the contact details associated with your purchase, where feasible, before they take effect.

Because miigCloud Line does not transmit operational data to us, changes to this Policy do not change your local data governance; they only affect how we handle the minimal customer information we hold.

17. Contact Information

Use this contact for:

• Questions about this Privacy Policy
• Requests related to access or correction of your customer information
• Privacy or data protection complaints

No technical support is offered through this contact channel.