Data Handling and Privacy
How Thogami handles customer data, implements privacy controls, and manages data protection practices
Data Collection and Processing
Thogami processes document data and access metadata submitted by customers. Processing activities include storage, retrieval authorization, access logging, and analysis for security purposes. No personal data is processed beyond what is necessary for service delivery.
Customers retain ownership of all submitted documents and associated data. Thogami acts as a data processor on behalf of customers, subject to appropriate data processing agreements.
Data Retention and Deletion
Customer Data
Customer data is retained as long as the account is active. Upon account deletion or service termination, customer data is removed within the timeframe specified in the service agreement. Data deletion is permanent and cannot be recovered.
Audit Logs
Audit logs are retained according to deployment terms and customer requirements. Default retention is 1 year. Extended retention available for compliance requirements. Audit logs are not deleted upon account deletion if legally required for record-keeping.
Backups
Database backups may contain customer data. Backup retention follows standard database recovery windows (typically 7-30 days). Deleted data may persist in backups until retention period expires.
Data Rights and Controls
Data Export
Customers can export all customer-submitted data at any time. Exports available in standard formats (JSON, CSV, etc.). Data portability requests processed within 30 days.
Data Correction
Customers can modify or correct customer data directly through the platform. Audit logs record when data is modified without showing the specific changes made.
Restrictions on Processing
Thogami does not use customer data for marketing, profiling, or service improvement without explicit customer consent. Customer data is not shared with third parties except as required for service delivery (e.g., cloud infrastructure providers).
International Data Transfers
Data residency location is configurable by deployment model. Cloud deployments can be provisioned in multiple regions with customer selection. Private VPC and on-premises deployments remain within customer infrastructure.
For customers subject to regulations restricting international data transfers, on-premises or private VPC deployment models provide localized data handling.
Privacy Questions?
For data handling inquiries, data subject access requests, or privacy concerns, contact our privacy team.
[email protected]