T
TansiqInformation Portal

Data Policy

Purpose of Data Collection

TiPortal collects and processes incident data for the purpose of community safety awareness and documentation. Our goal is to provide transparent information about incidents while protecting the privacy of all individuals involved.

Data Categories

Public Data

  • Anonymized incident descriptions
  • General location information (district level)
  • Incident categories and severity levels
  • Anonymized timeline events
  • Redacted media attachments

Internal Data (Never Public)

  • Full incident details and narratives
  • Precise location information
  • Information about involved persons
  • Original media attachments
  • Verification notes and evidence
  • Source information

Data Processing Workflow

  1. Collection: Incidents are reported by authorized community volunteers and staff members.
  2. Verification: Verification officers review and validate incident reports before publication.
  3. Sanitization: Public-facing content is carefully reviewed to remove all PII and sensitive identifiers.
  4. Publication: Only sanitized content is published to the public portal.
  5. Monitoring: Published content is monitored for accuracy and potential privacy concerns.

Data Storage

All data is stored securely on Cloudflare's infrastructure:

  • Database: Cloudflare D1 (SQLite) with encryption at rest
  • File Storage: Cloudflare R2 with private bucket configuration for original files and separate public bucket for redacted versions
  • Edge Caching: Public content is cached at Cloudflare's edge for performance

Data Retention

Data TypeRetention Period
Published incidentsIndefinite (until deletion request)
Deleted incidents30 days (for recovery)
Audit logs2 years
User sessions7 days
Rate limit data1 hour

Data Deletion

Incident deletion follows a two-step process:

  1. Request: A deletion request is submitted with justification
  2. Review: An administrator reviews the request and approves or denies it
  3. Soft Delete: Upon approval, the incident is immediately removed from public view
  4. Hard Delete: After 30 days, all associated data is permanently purged

Third-Party Sharing

We do not sell or share personal data with third parties for commercial purposes. Data may be shared with:

  • Law enforcement: When legally required or to prevent imminent harm
  • Service providers: Cloudflare for hosting and infrastructure (under strict data processing agreements)

API Usage

Our public API provides access to published incident data with the same privacy protections as the web portal:

  • Rate limited to prevent abuse
  • Only returns public-safe fields
  • CORS enabled for legitimate use cases
  • Cached responses for performance

Compliance

Our data practices are designed to comply with applicable data protection regulations. We regularly review and update our policies to ensure continued compliance.

Last updated: 2/12/2026