Compliance (International)

This Registry is operated by the AtoM Foundation, custodian of the platform.

This Registry is hosted in Canada under PIPEDA + Quebec Law 25 (see our main compliance page). If you are visiting from another country, the rights summarised below mirror what you can expect under most major data-protection regimes worldwide, including but not limited to PIPEDA (Canada), GDPR (EU/UK), CCPA (California), POPIA, LGPD (Brazil), APPI (Japan), and equivalents.

Your rights at a glance

Regardless of where you are, when you interact with this Registry you can:

1. Be informed

We tell you what we collect, why, and how long we keep it. The full details are on the Privacy Policy. There are no hidden trackers; the only cookie we set is the one that keeps you signed in.

2. Access your data

You can download a structured JSON archive of every record we hold under your account at any time: /registry/my-account/export. No charge, no waiting period, no formal request needed.

3. Correct inaccurate or outdated data

Edit your profile via My Preferences. Listing entries (institution / vendor / software pages) can be corrected by the operator that owns them.

4. Delete your account

Permanent deletion is a one-click action at /registry/my-account/delete. We anonymise your username, email, and password; contributions you made (reviews, blog posts, software listings) remain visible but are no longer linked to a personal account. Backups containing your old data age out within 30 days.

5. Restrict or object to processing

You can opt out of the newsletter at any time using the unsubscribe link in any newsletter email or by emailing us. You can decline cookies (the banner on first visit). You can disable two-factor authentication. None of those choices affects your ability to use the Registry.

6. Data portability

The JSON export at /registry/my-account/export produces a structured, commonly used, machine-readable format you can carry to another service.

7. Withdraw consent

Account creation, newsletter subscription, and 2FA are all opt-in. Withdrawing consent at any time stops the corresponding processing.

8. Lodge a complaint

First, email us — we resolve most concerns within 30 days. If you remain dissatisfied, you can complain to the data-protection authority in your jurisdiction. We do not require you to exhaust our internal process before doing so.

What we do NOT do

• We do not sell personal data.
• We do not run advertising or behavioural tracking.
• We do not transfer personal data to third parties for marketing purposes.
• We do not use automated decision-making that produces legal or similarly significant effects.

Cross-border transfer

Our servers are in Canada. If you submit personal information from another country, that information will be transferred to and stored in Canada. Canada has been recognised by the European Commission as providing an adequate level of data protection for commercial activity governed by PIPEDA.

Children

The Registry is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has registered, contact us and we will delete the account.

Contact

All privacy requests: johan@theahg.co.za with subject line "Privacy Request".