MapleSpike MapleSpike

Privacy Policy

Last updated: July 1, 2026

1. Overview

MapleSpike ("we", "us", "our") provides a government data intelligence platform that aggregates, processes, and serves Canadian public-sector data via REST API, MCP tools, and a web portal. This policy explains what data we collect, how we use it, and your rights.

We are committed to transparency. Our core product is publicly licensed government data — we do not sell user data to third parties.

2. Data We Collect

Account data: Email address, OAuth provider ID (GitHub, Google, Apple), wallet address (if Web3 auth), and tenant tier. We store the minimum required to authenticate you.

API usage data: Request count, endpoint accessed, timestamp, and response status. Used for rate limiting, billing, and abuse prevention. Audit logs are retained for 30 days, then aggregated into daily summaries.

AI query data: Questions submitted to the /v1/ai/ask endpoint are processed in real-time and not stored permanently. PII (emails, phone numbers, SINs) is redacted before any audit logging.

Payment data: We do not store credit card numbers. Crypto payments are processed on-chain. Interac e-Transfer details are handled by our payment processor.

We do NOT collect: Browser fingerprints, tracking cookies for advertising, personal browsing history, or location data beyond IP-based rate limiting.

3. How We Use Your Data
  • Authenticate you and manage your account
  • Enforce rate limits and API quotas per your plan tier
  • Process payments and manage billing
  • Detect and prevent abuse, fraud, and unauthorized access
  • Improve our data quality, coverage, and service reliability
  • Comply with legal obligations under Canadian law
4. Data Storage & Security

API keys are stored as SHA-256 hashes — we cannot recover your plaintext key after issuance. Authentication uses JWT tokens with short-lived refresh cycles.

Government data is cached in our database with provenance metadata (source URL, retrieval timestamp, SHA-256 content hash). All data is licensed under the Open Government Licence – Canada or equivalent provincial licenses.

AI inference requests to the edge worker are processed via Cloudflare Workers AI or our self-hosted homelab cluster. No query content is stored beyond the 30-day audit window.

5. Your Rights
  • Access: Request a copy of your account data
  • Deletion: Request permanent deletion of your account and associated data
  • Portability: Export your API usage history in JSON format
  • Rectification: Correct inaccurate account information
  • Withdrawal: Revoke OAuth grants at any time from your provider

To exercise any of these rights, contact privacy@maplespike.ca. We respond within 30 days.

6. Cookies

We use a single session cookie for authentication (JWT) and localStorage for UI preferences (dark/light theme). We do not use third-party tracking cookies, advertising pixels, or analytics scripts that profile individual users.

7. Contact

Questions about this policy? Email privacy@maplespike.ca or write to us at Ottawa, Ontario, Canada.