Privacy Policy

Last updated: March 18, 2026

1. Information We Collect

When you use TATER, we collect information necessary to provide our compliance management services:

• Account Information: Name, email address, organization name, and role when you register or are invited to an organization.
• Compliance Data: Device inventories, scan results, control assessments, and evidence documents you upload or generate through the platform.
• Usage Data: Log data including IP addresses, browser type, pages visited, and feature usage to improve our services.
• Authentication Data: We use Microsoft Entra ID (Azure AD) for authentication. We do not store passwords.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve TATER's compliance management services
• Authenticate users and enforce role-based access controls
• Generate compliance reports, dashboards, and Trust Center content
• Send service-related communications and security alerts
• Respond to support requests and provide technical assistance

3. Data Storage & Security

All data is stored in Microsoft Azure infrastructure, including Azure Cosmos DB and Azure Static Web Apps. Data is encrypted at rest and in transit using industry-standard TLS 1.2+ encryption. We implement role-based access controls, audit logging, and tenant isolation to protect your information.

4. Multi-Tenant Data Isolation

TATER is a multi-tenant platform. Each organization's data is logically isolated using tenant-specific partition keys. Users can only access data belonging to organizations they are members of, as enforced by server-side authorization checks.

5. Data Sharing

We do not sell your data. We may share information only in these circumstances:

• With your consent or at your direction (e.g., Trust Center public content you choose to publish)
• With service providers who assist in operating our platform (Microsoft Azure)
• To comply with legal obligations or respond to lawful requests

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Deleted data is moved to a recycle bin and permanently removed after 30 days. You may request complete data deletion by contacting us.

7. Your Rights

You have the right to access, correct, export, or delete your personal data. Organization administrators can manage user access and data within their tenant. Contact us at privacy@tatersecurity.com for data requests.

8. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via the platform or email. Continued use of TATER after changes constitutes acceptance of the updated policy.

9. Contact Us

For privacy-related inquiries, contact us at privacy@tatersecurity.com.