Stiple Labs Privacy Annex

Stiple Labs (labs.stiple.ca) is Stiple's browser-based geospatial data platform — the web application where you create and sign in to your Stiple account, manage projects, store and preview point clouds and other geospatial files, run QA/QC, share work with collaborators, and hold your subscription and billing. Stiple Labs is the account holder for the Stiple ecosystem: the free Mapdesk field app uses the same Stiple account and streams the field data it captures into the storage and compute that Stiple Labs provides.

This Annex describes how personal information and user content are handled in the Stiple Labs web application specifically. It assumes you have read the umbrella Stiple Privacy Policy, which describes the practices common to all Stiple products. Topics common across all of Stiple's products — your privacy rights under PIPEDA and Quebec's Law 25, our retention principles, breach notification, children's privacy, and how to contact our Privacy Officer — are set out in the umbrella and are not repeated here. This Annex points you to the umbrella where those topics arise.

Sign-in and account authentication for Stiple Labs are provided by WorkOS, a third-party authentication infrastructure provider, through a web-hosted login page. The same Stiple account is used across Stiple Labs and Mapdesk.

• What we receive. On successful sign-in, WorkOS returns to us basic identity information — your name and email address — and, where you have one, your profile photo. If you sign in through an identity provider facilitated by WorkOS (such as Google or Microsoft single sign-on), we receive only the information you authorize that provider to share.
• Profile photo from a CDN. Your profile photo is served from the WorkOS content-delivery network (CDN). When the photo is displayed, your browser loads it from WorkOS, which may observe the request (for example, IP address and timestamp) in the ordinary course of delivering the image. Stiple does not republish your photo elsewhere.
• Credentials. Authentication credentials and related session data are processed by WorkOS in accordance with its terms and privacy policy (workos.com/privacy). Stiple does NOT store your password. Authentication is handled by our identity provider, WorkOS, so Stiple never sees or stores the password itself.

WorkOS processing involves a cross-border (United States) transfer. See Section 8.

Paid Stiple Labs subscriptions are billed and managed within the Labs web application. Payments are processed by Stripe, our payment sub-processor. This payment flow exists in Stiple Labs only. The Mapdesk mobile app is free, has no in-app purchases, and involves no payment processing and no Stripe at all; a Mapdesk user who does not hold a Labs subscription has zero Stripe involvement.

3.1 What Stripe Processes

• Payment-card details are collected and processed by Stripe. Stiple does not store your full payment-card number on its servers.
• Billing details — such as billing name and address — are processed to complete the transaction and to meet tax and financial-reporting obligations.
• Transaction confirmations — Stripe returns to Stiple only what is necessary to manage your subscription (for example, whether a payment succeeded, the amount, the billing address, and a payment reference).
• Fraud prevention. Stripe may use device and transaction signals to detect and prevent fraudulent payments.

3.2 What Stiple Keeps

Stiple retains subscription and payment records (such as plan, invoices, and payment status) as required by Canadian tax and financial-reporting obligations. Stripe processing involves a cross-border (United States) transfer; see Section 8. Stripe's own handling of your information is governed by its privacy policy (stripe.com/privacy).

The substantive data you work with in Stiple Labs — your projects, surveys, point clouds, laser scans, drone imagery, coordinate data, models, and related files — is stored and processed on Canadian infrastructure.

• Storage. Your project, survey, and geospatial files are stored as object storage on Backblaze B2 in Toronto, Canada, through Stiple's Smart Optimized Storage (SOS) layer.
• Compute. The backend that powers Stiple Labs — hosting, rendering, format handling, QA/QC tools, and coordinate processing — runs on Amazon Web Services (AWS) in the ca-central-1 (Montreal) region.
• In Canada. Your substantive project and survey data is held within Canada. The only cross-border transfers are the limited authentication, profile-photo, and payment flows described in this Annex (see Section 8).

Encryption. Data in transit between your browser and Stiple Labs is encrypted using TLS. Data stored on our infrastructure is encrypted at rest. Detailed security commitments are set out in the umbrella Stiple Privacy Policy (Data Storage & Security).

User content, not personal information. Geospatial data you upload to Stiple Labs — including point clouds, laser scans, survey data, drone imagery, and related files — is treated as user content. While we protect it with the same rigour as personal information, it is governed by the data-ownership provisions of our Terms of Service rather than as personal information under privacy legislation, unless a specific dataset contains identifiable personal information.

Purpose-limited processing. Stiple processes your geospatial data solely to provide the Services you have requested — hosting, rendering, format conversion, QA/QC tool execution, and any other platform feature you choose to use. We do not process your geospatial data for any other purpose.

No mining, no analysis, no sharing. Stiple does not:

• Mine, analyze, or extract insights from the content of your geospatial datasets for our own purposes;
• Sell, license, or share your geospatial data with any third party;
• Use your geospatial data to train artificial-intelligence or machine-learning models;
• Combine your geospatial data with data from other users;
• Access the content of your geospatial data except as necessary to provide the Services or as directed by you.

Ownership. You retain all ownership rights in your geospatial data at all times. Uploading data to Stiple Labs does not transfer any intellectual-property rights to Stiple. You may export or delete your data in accordance with the retention provisions of the umbrella Stiple Privacy Policy (see Section 10).

Data integrity. Stiple Labs preserves the accuracy of your geospatial data at the precision at which it was ingested. We do not modify, downsample, or alter the source data. What you upload is what you get back.

5.1 Point Cloud Anonymization

Geospatial data — particularly point clouds captured through indoor scanning (for example, terrestrial laser scanners or mobile mapping systems) — may contain identifiable features such as human faces, licence plates, or signage displaying personal information. Stiple does not automatically anonymize, blur, or redact point cloud data. Users are responsible for reviewing and, where appropriate, anonymizing or redacting identifiable content from their datasets before uploading them to the Platform. If Stiple introduces automated anonymization tools in the future, their availability, capabilities, and limitations will be documented in this section.

5.2 Indoor Scan Consent

Users who capture indoor scan data of occupied or privately-owned spaces — including offices, residential properties, retail locations, and industrial facilities — are responsible for obtaining appropriate consent from building owners, occupants, and other affected parties before uploading that data to the Platform. This may include consent under applicable privacy legislation, property-access agreements, or contractual obligations to the site owner. Stiple does not verify whether such consent has been obtained and assumes no liability for data uploaded without proper authorization.

5.3 Point Cloud & Project Retention

Geospatial datasets, including point clouds, follow the same retention schedule as other user content: data is retained while your account is active, plus a ninety (90) day export window following account termination, after which it may be permanently deleted from production systems. You may request deletion of a specific dataset at any time by contacting support@stiple.ca; deletion requests are processed within thirty (30) days. Because backups rotate, residual copies of deleted data may persist in backups for up to ninety (90) days. The full retention and deletion schedule is set out in the umbrella Stiple Privacy Policy (Data Retention) and the Terms of Service. For full-account deletion, see Section 9 below.

Stiple Labs lets you upload files, organize them into projects, and share projects or datasets with collaborators.

• Uploads. Files you upload are stored as described in Section 4 (Backblaze B2 Toronto; AWS ca-central-1 compute).
• Sharing you control. When you share a project or dataset with a collaborator, you direct that sharing. Stiple facilitates the access you grant and does not share your content with third parties on its own initiative.
• Collaborators. A collaborator you invite will be able to access the content you share with them according to the role and permissions you assign within the Platform. If you administer an organization account, you are responsible for managing collaborator access, including removing access when it is no longer appropriate.
• Activity records. To operate sharing and collaboration securely, Stiple records limited activity (for example, who accessed or modified a shared item, and when) for account-security and audit purposes.

Because Stiple Labs is a web application, it uses cookies and similar browser technologies. At a minimum, it uses strictly necessary cookies to keep you signed in, maintain your session, and protect against common web attacks (for example, session and authentication cookies and CSRF-protection tokens). These are required for the application to work. It also uses functional cookies to remember preferences (such as display and view settings).

The full list of cookie categories, durations, the services that set them (Stripe for payments and WorkOS for authentication), how to manage them, and our stance against advertising and social-tracking pixels are all set out in the Cookie Policy at stiple.ca/legal/cookies.

Your substantive Stiple Labs data — your projects, surveys, and files — stays in Canada (Backblaze B2 in Toronto for storage; AWS ca-central-1 in Montreal for compute). For Stiple Labs, the only cross-border (United States) processing of personal information is authentication and profile-photo delivery via WorkOS and payment processing via Stripe; each is governed by a data-processing agreement with appropriate contractual safeguards.

The list below summarizes the sub-processors that apply to Stiple Labs. The authoritative, current list for all Stiple products is maintained at stiple.ca/legal/sub-processors.

• WorkOS — authentication and profile-photo CDN. Data location: United States.
• Stripe — subscription payments and billing (Labs only). Data location: United States.
• Backblaze B2 — object storage for project / survey / geospatial files. Data location: Canada (Toronto).
• Amazon Web Services (AWS) — backend cloud compute. Data location: Canada (ca-central-1, Montreal).

The cross-border transfers in this Annex (WorkOS and Stripe) may be subject to the laws of the jurisdictions in which those providers operate, including lawful-access regimes. Stiple's general cross-border framing, including its CLOUD Act disclosure and DPA safeguards, is set out in the umbrella Stiple Privacy Policy (Cross-Border Data Transfers & Data Residency).

You can delete your Stiple account from inside Stiple Labs. Sign in at labs.stiple.ca, then go to Profile → Danger Zone → Delete account.

• 14-day cancellation window. When you confirm deletion, your account enters a 14-day cancellation window. During this window the deletion is reversible: if you sign back in at labs.stiple.ca within 14 days, your account and data are restored.
• After 14 days — permanent deletion. If you do not sign back in within the 14-day window, your account and the data associated with it — including projects, survey data, files, and images — are permanently deleted from production systems, and any active subscription is cancelled. As described in the umbrella Stiple Privacy Policy, residual copies may persist in backups for a short, time-limited window before being rotated out.
• Limited logs retained. For security, fraud-prevention, audit, and legal-compliance purposes, Stiple retains a limited set of account and access logs after deletion — for example, sign-in records and which projects were downloaded and when. These retained logs do not include the content of your projects, surveys, files, or images. Retained logs are held for 24 months after deletion and are then deleted, unless a longer period is required by law.
• Mapdesk. Because Mapdesk uses the same Stiple account, deleting your Stiple account through Stiple Labs also ends Mapdesk access. A Mapdesk "Delete Account" option routes you to this same Labs deletion flow.

The following topics apply to Stiple Labs but are common across Stiple's products and are addressed in the umbrella Stiple Privacy Policy at stiple.ca/legal/privacy. They are not repeated here:

• Your privacy rights under PIPEDA and Quebec's Law 25 — including access, correction, withdrawal of consent, data portability, de-indexing, and rights regarding automated decision-making — and how to exercise them.
• Consent posture and lawful bases for processing.
• Data retention principles (the Labs-specific point-cloud and project retention is summarized in Section 5.3; full-account deletion is described in Section 9).
• Breach notification and record-keeping.
• Children's privacy.
• How we share information and our no-sale commitment.
• Changes to the policy and how we notify you.
• Contacting our Privacy Officer at privacy@stiple.ca, and how to make a complaint.