On this page

Data Protection & Privacy

This document outlines how Tajo handles personal data for merchants’ customers, prospective customers, and visitors to merchant sites. Our commitment to data protection ensures compliance with GDPR, CCPA, and other global privacy regulations.

Purpose & Data Minimization

Do you process the minimum personal data required to provide value to merchants?

Yes. Tajo processes only the essential personal data required to:

  • Synchronize customer information with Brevo for marketing automation
  • Enable loyalty program functionality
  • Track customer orders and engagement
  • Provide multi-channel communication capabilities

Personal data includes information that can identify a unique person (name, email address) or be linked back to a unique person (order total, customer ID).

Do you tell merchants the personal data that you process and your purposes for processing it?

Yes. We provide complete transparency through:

  • Our Data Processing Agreement (DPA) that clearly defines all data categories processed
  • Documentation specifying exactly what data is synchronized to Brevo
  • Clear API documentation showing all data fields transmitted
  • Real-time visibility into data synchronization activities

Do you limit your use of personal data to that purpose?

Yes. Tajo strictly uses personal data only for:

  • Providing the core platform services as described in our Terms of Service
  • Synchronizing customer data with Brevo for marketing automation
  • Operating loyalty programs and customer engagement features
  • Generating analytics and insights for merchants

We do not use customer data for any purposes beyond those explicitly stated and agreed upon.

Consent & Legal Basis

Do you have privacy and data protection agreements with your merchants?

Yes. Every merchant must accept our:

  • Terms of Service - Governing the use of Tajo platform
  • Data Processing Agreement (DPA) - Defining our role as data processor
  • Privacy Policy - Outlining our data handling practices

These agreements establish:

  • Tajo acts as a Processor for merchant customer data
  • Merchants act as Controllers and are responsible for obtaining proper consent
  • Clear obligations for both parties regarding data protection

Do you respect and apply customers’ consent decisions?

Yes. Tajo respects customer consent through:

  • Automatic processing of unsubscribe requests from Brevo
  • Real-time synchronization of consent preferences
  • Suppression of communications to customers who have opted out
  • Honoring customer preferences across all channels (email, SMS, WhatsApp)

When a customer unsubscribes or withdraws consent, Tajo immediately:

  1. Syncs the preference to Brevo
  2. Prevents future marketing communications
  3. Maintains audit logs of consent changes

Do you respect and apply customers’ decisions to opt-out of having their data sold?

Yes. Tajo does not sell customer data under any circumstances. We:

  • Never share personal data with third parties for commercial purposes
  • Only transmit data to Brevo as part of core platform functionality
  • Comply with CCPA “Do Not Sell My Personal Information” requirements
  • Maintain clear disclosures that no data selling occurs

If you use personal data for automated decision-making and those decisions may have legal or significant effects, can customers opt-out?

Not Applicable. Tajo does not perform automated decision-making that has legal or similarly significant effects on individuals. The platform provides:

  • Marketing automation (which customers can opt out of entirely)
  • Loyalty program management (which merchants control)
  • Customer segmentation (for merchant use only)

None of these activities constitute automated decision-making with legal or significant effects as defined by GDPR Article 22.

Storage & Security

Do you have retention periods that make sure personal data isn’t kept longer than needed?

Yes. Tajo implements clear data retention policies:

Active Customer Data:

  • Retained while the merchant account is active
  • Used for ongoing synchronization and platform functionality
  • Merchants can delete customer data at any time through the Tajo interface

Account Termination:

  • All customer data is deleted within 90 days of account termination
  • Merchants can request immediate data deletion upon termination
  • Backup data is purged according to our backup retention schedule (30 days)

Legal Retention:

  • Transaction records may be retained longer where required by law (e.g., tax records)
  • Minimal data retained for legal compliance purposes only

Merchants are responsible for:

  • Managing retention periods for their own data processing activities
  • Deleting customer data when no longer needed
  • Complying with applicable data protection laws in their jurisdiction

Do you encrypt data at rest and in transit?

Yes. Tajo employs industry-standard encryption:

In Transit:

  • TLS 1.3 for all data transmissions
  • HTTPS enforced for all web traffic
  • Encrypted API connections to Brevo
  • Certificate pinning for mobile applications

At Rest:

  • AES-256 encryption for database storage
  • Encrypted backups
  • Encrypted file storage for any uploaded documents
  • Database-level encryption for sensitive fields (e.g., API keys)

Do you encrypt your data backups?

Yes. All backup data is encrypted:

  • Automated daily backups encrypted with AES-256
  • Backup files stored with encryption at rest
  • Secure key management for backup encryption keys
  • Regular backup restoration tests to verify integrity

Do you separate test and production data?

Yes. Tajo maintains strict separation:

  • Completely separate production and development/test environments
  • No production data used in test environments
  • Test data anonymized and synthetic
  • Separate databases, servers, and access controls
  • Different API keys and credentials for each environment

Do you have a data loss prevention strategy?

Yes. Tajo implements comprehensive data loss prevention:

Preventive Measures:

  • Automated backups every 24 hours
  • Real-time database replication
  • Redundant storage across multiple availability zones
  • Version control and change tracking

Detection:

  • Automated monitoring for data integrity
  • Anomaly detection for unusual data access patterns
  • Regular security audits and penetration testing
  • Automated alerts for potential data breaches

Recovery:

  • Point-in-time recovery capabilities
  • Documented disaster recovery procedures
  • Regular disaster recovery drills
  • RTO (Recovery Time Objective): 4 hours
  • RPO (Recovery Point Objective): 24 hours

Access Control

Do you limit staff access to customers’ personal data?

Yes. Access to customer data is strictly controlled:

Access Principles:

  • Principle of least privilege
  • Role-based access control (RBAC)
  • Need-to-know basis only
  • Regular access reviews (quarterly)

Access Levels:

  • No Access: Most staff have no access to production customer data
  • Read-Only: Support staff have limited, audited read access for troubleshooting
  • Administrative: Database administrators have elevated access, heavily logged
  • Emergency: Break-glass procedures for critical incidents only

Controls:

  • Multi-factor authentication (MFA) required for all staff
  • VPN required for remote access
  • IP allowlisting for administrative access
  • Session timeouts and automatic lockouts

Do you have strong password requirements for staff passwords?

Yes. Tajo enforces enterprise-grade password policies:

Requirements:

  • Minimum 16 characters
  • Must include uppercase, lowercase, numbers, and special characters
  • Cannot reuse last 12 passwords
  • Password expiration every 90 days
  • Account lockout after 5 failed attempts

Enhanced Security:

  • Multi-factor authentication (MFA) mandatory for all staff
  • Single Sign-On (SSO) integration with corporate identity provider
  • Biometric authentication supported
  • Password manager required for all employees
  • Regular security awareness training

Do you log access to personal data?

Yes. Comprehensive audit logging is maintained:

Logged Activities:

  • All database queries accessing customer data
  • API calls to Brevo with customer information
  • Administrative access to production systems
  • Data exports and bulk operations
  • Configuration changes
  • Failed authentication attempts

Log Details Include:

  • Timestamp of access
  • User identity
  • IP address and location
  • Action performed
  • Data accessed (record IDs)
  • Success or failure status

Log Management:

  • Logs retained for 1 year minimum
  • Encrypted log storage
  • Tamper-proof logging system
  • Regular log reviews
  • SIEM integration for real-time monitoring
  • Automated alerts for suspicious activities

Do you have a security incident response policy?

Yes. Tajo maintains a comprehensive Security Incident Response Plan:

Detection & Assessment:

  • 24/7 security monitoring
  • Automated threat detection
  • Incident severity classification
  • Initial assessment within 1 hour

Response Team:

  • Dedicated security incident response team
  • Clear escalation procedures
  • Defined roles and responsibilities
  • External security experts on retainer

Response Procedures:

  1. Containment: Immediate isolation of affected systems
  2. Investigation: Forensic analysis to determine scope and cause
  3. Eradication: Remove threat and close vulnerabilities
  4. Recovery: Restore systems and verify security
  5. Notification: Notify affected parties as required by law
  6. Post-Incident Review: Document lessons learned and improve processes

Notification Timeline:

  • Merchants notified within 72 hours of confirmed data breach
  • Regulatory authorities notified as required by applicable law (e.g., GDPR 72-hour requirement)
  • Affected individuals notified when high risk to their rights

Documentation:

  • All incidents documented in detail
  • Annual security incident reports
  • Regular training and tabletop exercises
  • Continuous improvement of response procedures

Data Processing Agreement (DPA)

Tajo operates under a comprehensive Data Processing Agreement that complies with GDPR Article 28 requirements. Key elements include:

Roles & Responsibilities

  • Tajo acts as Processor for merchant customer data
  • Merchants act as Controllers and are responsible for:
    • Obtaining proper consent from customers
    • Providing privacy notices
    • Handling data subject rights requests
    • Determining purposes and means of processing

Processing Details

Purpose: Provision of Tajo platform services, including:

  • Customer data synchronization with Brevo
  • Loyalty program management
  • Multi-channel marketing automation
  • Analytics and reporting

Data Categories:

  • Contact information (name, email, phone)
  • Order history and transaction data
  • Customer preferences and consent status
  • Behavioral data (clicks, opens, engagement)
  • Loyalty program data (points, tiers, rewards)

Data Subjects:

  • Merchant customers
  • Website visitors
  • Newsletter subscribers
  • Loyalty program members

Sub-processors

Tajo engages the following sub-processors:

Sub-processorServiceLocationSafeguards
BrevoEmail/SMS/WhatsApp platformFrance (EU)GDPR compliant, Standard Contractual Clauses
AWSCloud infrastructureEU regionsGDPR compliant, EU-US Data Privacy Framework
CloudflareCDN and securityGlobalStandard Contractual Clauses, Data Localization

Change Notice:

  • Merchants notified 30 days before new sub-processors are engaged
  • Right to object to new sub-processors
  • Alternative solutions or termination rights if objection justified

Data Subject Rights

Tajo assists merchants in fulfilling data subject rights:

Supported Rights:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to data portability
  • Right to object
  • Right to restrict processing

Request Handling:

  • Merchants can export customer data at any time
  • Customer data deletion available through Tajo interface
  • API endpoints for automated data management
  • Response to data subject requests within 5 business days

Security Measures

See complete security measures in Appendix 4 of our DPA, including:

  • Physical and logical access controls
  • Encryption at rest and in transit
  • Security monitoring and incident response
  • Regular security audits and penetration testing
  • Staff training and background checks

International Data Transfers

EU Data Protection:

  • Primary data storage in EU (Belgium, France)
  • Standard Contractual Clauses for any transfers outside EU
  • Supplementary measures including encryption and access controls
  • EU-US Data Privacy Framework certification where applicable

CCPA Compliance:

  • Service Provider relationship clearly defined
  • No sale or sharing of personal information
  • Compliance with California privacy rights
  • Signed data processing agreement

Audit Rights

Merchants have the right to:

  • Request documentation of Tajo’s compliance
  • Review security certifications and audit reports
  • Conduct audits (with reasonable notice, max once per year)
  • Receive Security documentation including SOC 2 reports

Regulatory Compliance

GDPR (General Data Protection Regulation)

Compliance Status: Fully compliant

Key Features:

  • Valid legal basis for all processing activities
  • Data Processing Agreement with all merchants
  • Data Protection Impact Assessments (DPIAs) completed
  • Data Protection Officer appointed: [email protected]
  • Breach notification procedures (72 hours)
  • Records of processing activities maintained
  • Privacy by design and by default principles

CCPA (California Consumer Privacy Act)

Compliance Status: Fully compliant

Key Features:

  • Service Provider relationship (do not sell data)
  • Consumer rights supported (access, deletion, opt-out)
  • Privacy policy disclosures
  • “Do Not Sell My Personal Information” honored
  • Annual data protection training for staff
  • Contractual obligations with merchants

NIS 2 Directive

Applicability: Compliant where applicable

Cybersecurity Measures:

  • Risk management framework implemented
  • Security incident reporting to CSIRTs
  • Supply chain security requirements
  • Regular security assessments
  • Business continuity and disaster recovery plans

DORA (Digital Operational Resilience Act)

Applicability: Ready for financial institutions using Tajo

Compliance Features:

  • ICT risk management framework
  • Incident reporting procedures
  • Digital operational resilience testing
  • Third-party risk management
  • Regulatory access and audit rights

Note: DORA provisions apply only to regulated financial institutions. If you are a financial institution subject to DORA, contact our enterprise team for specific compliance documentation.

Contact & Support

Data Protection Officer

Email: [email protected] Role: Oversees all data protection compliance

Security Team

Email: [email protected] Role: Handles security incidents and inquiries

Merchant Support

Email: [email protected] Website: https://tajo.io/support Role: General platform support and assistance

Report a Security Vulnerability

Email: [email protected] PGP Key: Available at https://tajo.io/security.txt

We welcome responsible disclosure of security vulnerabilities and maintain a bug bounty program for qualifying reports.

Additional Resources

Document Version

Version: 1.0 Last Updated: January 2025 Next Review: July 2025

This document is reviewed and updated regularly to ensure continued compliance with evolving data protection regulations and industry best practices.