Compliance & Trust

1. Cookie Notice

What Are Cookies

Cookies are small text files stored on your device when you visit a website. They are commonly used to ensure websites function correctly and securely.

How We Use Cookies

Tiktaalik AI uses only essential and limited analytics cookies.

We use cookies to:

• Enable core website functionality
• Maintain language and theme preferences
• Understand aggregate website usage to improve performance

We do not use cookies for:

• Advertising
• Cross-site tracking
• Behavioral profiling

Managing Cookies

You can control or disable cookies through your browser settings. Disabling essential cookies may affect website functionality.

2. Data Processing Addendum (DPA)

This Data Processing Addendum applies where Tiktaalik AI processes personal data on behalf of a customer as part of its services.

Scope of Processing

Tiktaalik AI processes personal data solely to:

• Deliver agreed services
• Operate and secure AI systems
• Provide oversight and stewardship as contracted

Processing Principles

Tiktaalik AI commits to:

• Process data only on documented customer instructions
• Limit processing to what is necessary
• Ensure confidentiality of all personal data
• Implement appropriate technical and organizational safeguards

Sub-processors

Tiktaalik AI may engage vetted sub-processors (e.g., cloud infrastructure providers) solely to support service delivery. Sub-processors are contractually bound to equivalent data protection obligations.

Data Subject Rights

Tiktaalik AI will assist customers in fulfilling data subject requests, where applicable, in accordance with law.

Data Retention

Personal data is retained only for the duration required to fulfill contractual obligations, unless otherwise required by law.

Security Measures

Security controls are described in the Security & Trust section below.

3. Security & Trust Overview

Tiktaalik AI approaches security as a systems responsibility, not a checklist.

Security Principles

• Least privilege by default
• Defense in depth
• Explicit ownership of systems and access
• Continuous improvement over static compliance

Technical Controls

Depending on engagement scope, controls may include:

• Secure cloud infrastructure
• Role-based access control (RBAC)
• Encrypted communication (TLS)
• Environment separation (development / production)
• Secure secrets management

Organizational Controls

• Limited internal access to customer systems
• Access reviewed and revoked when no longer required
• Security considerations embedded in system design

Incident Handling

Tiktaalik AI maintains internal procedures to:

• Detect and assess security incidents
• Contain and mitigate impact
• Notify affected customers without undue delay where required

Contact