TAIS Performance Systems Inc. – Privacy Policy

Version: 2026.06

Governing the Collection, Use, and Protection of Personal Information Applicable to TAIS-Certified Users, DAWN-Authorized Users, and TAIS Distributors

Effective: April 1, 2020 | Last Updated: June 23, 2026

Replaces and supersedes Version 2020.04.C

PLEASE READ THIS PRIVACY POLICY CAREFULLY.

By accepting this Policy at login, or by accessing or using our services, you confirm that you have read and understood it and that you consent to the collection, use, and disclosure of personal information as described below.


Policy Modifications: We reserve the right to modify this Privacy Policy at any time. If we make changes, we will notify you by updating the "Last Updated" date above. For significant or material changes (such as changes to how we use your personal data), we will provide a more prominent notice, which may include sending an email notification or placing a temporary banner on our website prior to the change becoming effective. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any modifications constitutes your acknowledgment of the updated policy.

1. Introduction

1.1
  TAIS Performance Systems Inc. (“TPSI”, “we”, “us”, or “our”) operates the assessment platform located at app.tpsitais.com (the “Platform”) and provides psychometric assessment, scoring, reporting, and related services. The TAIS Inventory and related content are owned by Grandlark Investments Inc. and are made available through the Platform under exclusive licence to TPSI.

1.2   TPSI is committed to protecting the personal information it collects and handles in connection with the Platform. This Privacy Policy (the “Policy”) describes how TPSI collects, uses, discloses, retains, and safeguards personal information, and the rights available to the individuals to whom that information relates.

1.3   This Policy is intended to comply with the privacy legislation applicable to TPSI’s operations, including the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”); the Personal Information Protection Act (British Columbia) (“BC PIPA”); applicable United States federal and state privacy laws, to the extent they apply to TPSI; and the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and the United Kingdom GDPR, to the extent TPSI processes the personal data of individuals located in the European Economic Area (the “EEA”) or the United Kingdom. Section 8 sets out additional information for those individuals.

1.4   This Policy replaces and supersedes all prior versions of the TPSI privacy statement, including Version 2026.04 and Version 2020.04.c.

2. Application of this Policy

2.1
  This Policy applies to all personal information that TPSI collects or processes through the Platform. It is presented to, and accepted by, the professionals who access the Platform, namely:
(a) TAIS-Certified Users, being professionals who hold current TAIS certification and who access the TAIS module of the Platform;
(b) DAWN-Authorized Users, being individuals authorized to access the DAWN Profile module of the Platform; and
(c) TAIS Distributors or “TDs”, being individuals or organizations authorized by TPSI to administer assessments and deliver related services.

Where this Policy refers to “you”, it refers to the Authorized User or TD accessing the Platform.

2.2   This Policy also describes how TPSI handles the personal information of (a) “Clients”, being organizations or individuals that engage a TD or access the Platform through a TD; and (b) “Subjects”, being individuals who complete a TAIS Inventory or DAWN Profile assessment.

2.3   Subjects do not ordinarily log in to administer the Platform. A Subject’s personal information is collected through an assessment initiated by a TD or Authorized User, and the Subject is provided with a separate assessment notice and consent at the time the assessment is completed. As a condition of access, each Authorized User and TD is responsible for ensuring that, before an assessment is administered, the Subject has been informed of and has consented to the collection and use of their information as described in that notice and in this Policy.

2.4   This Policy does not apply to third-party websites or services that may be linked from the Platform, and TPSI is not responsible for the privacy practices of such third parties.

2.5   The Platform and the Assessments are intended for use by adults. No individual under the age of sixteen (16) may be assessed through the Platform. Each Authorized User and TD is responsible for ensuring that no Subject under 16 is administered an Assessment. If TPSI becomes aware that it has collected the personal information of an individual under 16 without appropriate authority, it will delete that information promptly.

3. Information We Collect

3.1   Information about Authorized Users and TDs.
When you access the Platform, TPSI collects:
(a) your name, professional title, and contact information, including email address and telephone number;
(b) your organization or employer;
(c) your certification or authorization status; and
(d) login activity, access logs, session data, and records of your use of the Platform.

3.2   Information about Subjects. When a Subject completes an assessment, TPSI collects: the Subject’s first name, last name, and a valid email address; any optional contact or demographic information requested by the administering TD, such as age or age range, gender, occupation, and current role; any free-form text responses provided by the Subject or TD; assessment responses, and the psychometric results and scores compiled by TPSI’s proprietary scoring systems. The raw assessment responses are retained by TPSI. An Authorized User or TD ordinarily has access only to the compiled scores and the Reports derived from those responses.

3.3   Technical information. The Platform automatically collects certain technical information, including:
(a) IP address and browser or device identifiers;  
(b) session cookies used solely to maintain the login session and to track assessment progress; and  
(c) server access logs retained for a limited period for security and performance purposes. TPSI does not conduct web-analytics tracking of Subjects’ assessment sessions, and cookie data is neither shared with any TD or third party nor retained beyond the relevant session.

4. How We Use Personal Information

4.1  
TPSI uses personal information only for the purposes for which it was collected and for related purposes that a reasonable person would consider appropriate in the circumstances, including to:
(a) administer, score, and generate Reports from assessments;
(b) deliver Reports to the applicable TD;
(c) manage Authorized User and TD accounts and verify certification and authorization status;
(d) send a Subject a single confirmation email upon completion of an assessment;
(e) provide, maintain, secure, and improve the Platform and related services;
(f) conduct internal quality control and psychometric research and development;
(g) comply with applicable legal and regulatory obligations; and
(h) contact you (or test takers) directly to resolve general issues, complaints, or technical support items.

4.2   For the purposes described in Section 4.1(e) and (f), TPSI may use its own proprietary tools and authorized service providers to operate, secure, analyze, and improve the Platform and its assessments. Personal information used for long-term psychometric research, trend analysis, quality control, and the development or improvement of TPSI’s assessments, scoring models, and services is permanently de-identified or aggregated so that it no longer identifies any individual.

4.3   TPSI does not sell personal information and does not add Subjects to marketing or contact lists. Other than the single assessment-confirmation email described above, TPSI does not contact Subjects directly.

4.4   This section only applies to participants of the Dawn Profile (not TAIS participants or practitioners). We may use your personal information, such as your email address, to send you newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these marketing communications from us at any time by:
- Clicking the "unsubscribe" link provided at the bottom of any email we send.
- Replying directly to the email with the word "Unsubscribe".
- Contacting us directly at support@tpsitais.com. Please note that even if you opt out of receiving marketing communications, we may still send you transactional or administrative messages (such as order confirmations, account updates, or updates to our terms).  

5. Access Controls and Data Compartmentalization

5.1  
The Platform operates a tiered, role-based access-control model:
(a) TPSI retains administrative oversight of all data on the Platform for operational, security, and legal-compliance purposes;
(b) a TD may access Subject Data only for Subjects within its own client environment, and not Subject Data held under any other TD;
(c) a TAIS-Certified User may access TAIS data and Reports only within their authorized scope and has no access to the DAWN Profile module;
(d) a DAWN-Authorized User may access DAWN Profile data only within their authorized scope and has no access to the TAIS module;
(e) a Client and its Authorized Users may access only the data made available to them by their TD; and
(f) a Subject may be granted access to their own Reports at the discretion of their TD, as described in Section 11.

5.2   Subject Data is not disclosed to any person outside the scope of their authorization, except as set out in Section 6.

6. Disclosure of Personal Information

6.1  
TPSI does not disclose personal information except:
(a) to TDs and Authorized Users as necessary to administer assessments and deliver services, within their authorized scope;
(b) to service providers and technology partners that support the operation of the Platform, under confidentiality and data protection obligations consistent with this Policy;
(c) as required by applicable law, court order, or regulatory authority; and
(d) where necessary to protect the rights, property, or safety of TPSI, its users, or the public, as permitted or required by law.

6.2   TPSI does not disclose Subject Data to employers or other third parties without the direction of the applicable TD or Client, except as required by law.

7. Cross-Border Transfer and Hosting Locations

7.1
  Personal information and Subject Data are stored and processed on secure servers located in Canada and the United States. TPSI may also engage service providers that store or process limited categories of personal information (such as email-delivery or technical-support data) in other jurisdictions. The principal service providers, and the countries in which they store or process personal information, are:
(a) Hosting / database: Microsoft Azure (Canada and the United States)
(b) Email and communications: Microsoft Outlook and Google (Canada and the United States)
(c) Support / ticketing and other processors: Not applicable (managed internally)

7.2   Where personal information is transferred to or accessed from a jurisdiction other than the individual’s own, it may be subject to the laws of that jurisdiction, including lawful access by courts, law-enforcement, and regulatory authorities. TPSI takes reasonable steps to ensure that any service provider that stores or processes personal information on its behalf is bound by contractual and security obligations requiring a level of protection comparable to that described in this Policy.

7.3   By accessing or using the Platform, you acknowledge and consent to the storage and processing of personal information in Canada, the United States, and the other jurisdictions identified above. Where applicable law requires a specific transfer mechanism, the mechanisms described in Section 8 apply.

8. Individuals in the EEA and United Kingdom (GDPR)

8.1
  This Section applies where TPSI processes the personal data of individuals located in the EEA or the United Kingdom, and supplements the remainder of this Policy. In the event of a conflict, this Section governs with respect to those individuals.

8.2   Controller and roles. In respect of the personal data of Authorized Users and TDs, TPSI acts as a controller. In respect of Subject Data processed on the instructions of a TD or Client, TPSI generally acts as a processor (or as a joint controller, where applicable), and the TD or Client acts as the controller responsible for establishing a lawful basis for the assessment.

8.3   Legal bases. TPSI processes personal data on one or more of the following legal bases:
(a) the performance of a contract, or steps taken at the individual’s request before entering into a contract;
(b) compliance with a legal obligation to which TPSI is subject;
(c) the legitimate interests of TPSI or a third party, except where those interests are overridden by the individual’s interests or fundamental rights; and
(d) consent, where required, which may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

8.4   Rights of data subjects. Subject to the conditions and exceptions in applicable law, individuals in the EEA and United Kingdom have the right to access, rectify, erase, restrict, or object to the processing of their personal data; the right to data portability; the right to withdraw consent; and the right to lodge a complaint with their local supervisory authority. Requests may be made as described in Section 14.

8.5   International transfers. Where TPSI transfers personal data from the EEA or United Kingdom to a country that has not been recognized as providing an adequate level of protection, TPSI relies on an appropriate safeguard, such as the European Commission’s Standard Contractual Clauses (together with the UK Addendum or the UK International Data Transfer Agreement, as applicable) and any supplementary measures required.

8.6   Representative and contact. TPSI’srepresentative and data-protection contact for the purposes of the GDPR andUKGDPR is: TPSI Privacy Compliance (support@tpsi.com). General privacyinquiries may be directed as set out in Section 14.9. Restrictions on AI andAutomated Processing

9. Restrictions on AI and Automated Processing

9.1
 To protect the security and confidentiality of personal information and Subject Data, all data obtained from the Platform is strictly prohibited from being uploaded, transmitted, pasted, or otherwise disclosed to or through any unapproved third-party artificial-intelligence system, machine-learning tool, large language model, or automated processing platform. This includes publicly available tools, employer-provided systems, or AI-enabled features integrated into third-party software.

9.2    TPSI may utilize its own proprietary tools and verified, authorized service providers for internal operational, security, research, and service-improvement purposes. All such processing is subject to the strict administrative, technical, and physical safeguards described in this Policy and complies with applicable Canadian data protection laws.

9.3   The unauthorized processing of personal information through any AI or automated tool  constitutes a data security risk and a direct violation of the permitted purpose under which the data was collected. Any such unauthorized use is treated as a material breach of data governance and is subject to the enforcement actions outlined in our Platform Terms of Use.

10. Data Retention

10.1
  TPSI retains personal information and Subject Data only for as long as necessary to fulfil the purposes for which it was collected, to provide the Platform and related services, to comply with legal obligations, and to resolve disputes. Subject to that principle, the following retention periods apply:
(a) Subject assessment records (raw responses, scores, and Reports) are retained while the administering TD’s or Client’s account remains active, and until the Subject, TD, or Client requests deletion or the data is no longer required for the purposes identified in this Policy;
(b) Authorized User and TD account records are retained while the account remains active, and until the account holder requests deletion or the account is no longer required for the purposes identified in this Policy;
(c) Technical and access logs (including IP address, session, and security logs) are retained for approximately ninety (90) days, after which they are deleted or aggregated; and
(d) De-identified and aggregated data that no longer identifies any individual may be retained and analyzed indefinitely for closed research, trend tracking, quality-control, and long-term service-improvement purposes.

10.2   Upon termination of a Client’s or TD’s relationship with TPSI, or upon a valid deletion request, personal information is deleted, de-identified, or otherwise handled in accordance with applicable law and any applicable data agreement. Personal information may persist in secure backups for a limited period until those backups are overwritten in the ordinary course.

11. Subjects’ Rights

11.1
  Subject to verification of identity and to the conditions and exceptions in applicable law, a Subject may:
(a) Anonymity — request to complete an assessment anonymously, which must be arranged in advance with their TD, who will supply an anonymizing code; a Subject must not attempt to anonymize their own data without TD involvement;
(b) Access — request a copy of the personal information held about them;
(c) Correction — request the correction of inaccurate or incomplete personal information, recognizing that assessment responses and compiled results cannot be altered once submitted;
(d) Anonymization — request the removal of their name and contact information from their assessment record, leaving only the assessment data;
(e) Portability — request their Subject Data in a machine-readable format, or its transfer to another TD; and
(f) Deletion — request deletion of the Subject Data held in respect of their assessment. 11.2   Requests should be directed in the first instance to the Subject’s TD, and TPSI will assist in facilitating communication where necessary. Requests may also be directed to TPSI at support@tpsitais.com, and TPSI will respond within a reasonable time and in accordance with applicable law. TPSI’s ability to fulfil a request may depend on verifying the requester’s identity, and certain requests may limit or prevent a TD from completing services in progress.

12. Correction and Modification of Records

12.1
  After a Subject completes an assessment, the administering TD may correct or supplement the personal and demographic information the Subject supplied, such as the spelling of a name or the addition of demographic tags. TPSI does not modify personal information on its own initiative.

12.2   Assessment responses and compiled psychometric results cannot be altered once submitted, whether by TPSI, the TD, or the Subject. Where system misuse is suspected, TPSI may mark a record as invalid and restrict access to it or flag it for deletion.

13. Security and Breach Notification

13.1  
TPSI maintains administrative, technical, and physical safeguards designed to protect personal information and Subject Data, including (a) encrypted (HTTPS) transmission of data; (b) storage on secured servers within controlled data centres; (c) tiered, role-based access controls; and (d) security monitoring and access logging.

13.2   No system is entirely secure. TPSI is not responsible for a security incident resulting from an Authorized User’s failure to safeguard login credentials, or from the prohibited use of AI systems or unauthorized automation by an Authorized User.

13.3   TPSI maintains procedures to detect, investigate, and respond to security incidents involving personal information. Where a breach of security safeguards creates a real risk of significant harm to an affected individual, TPSI will, in accordance with applicable law, report the breach to the relevant privacy regulator (including the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner for British Columbia, as applicable), notify affected individuals without undue delay, and keep records of the breach. Where TPSI acts as a processor for a TD or Client, it will notify the relevant controller without undue delay so that the controller can meet its own obligations, including the 72-hour notification timeline under the GDPR where applicable.

13.4   You must notify TPSI immediately, and in any event within twenty-four (24) hours, upon becoming aware of any actual or suspected breach, loss, or unauthorized access to or disclosure of personal information or Subject Data, and must cooperate with TPSI’s investigation and response.

14. Contact and Privacy Officer
Questions, concerns, and requests under this Policy may be directed to TPSI’s Privacy Officer:

TAIS Performance Systems Inc.
Privacy Officer
699 Cardero Street, Suite 502
Vancouver, BC  V6G 3H7  Canada
Email: support@tpsitais.com
Phone: 1-800-419-7473
Platform: app.tpsitais.com

TPSI will provide an initial response to a privacy inquiry within five (5) business days.

15. Your Responsibilities as an Authorized User or TD

15.1  
As a condition of access, you shall:
(a) access and use personal information and Subject Data only within your authorized scope and only for authorized professional purposes;
(b) safeguard your login credentials, which are personal and non-transferable;
(c) comply with the AI and automated-processing restrictions in Section 9;
(d) before administering an assessment, ensure that the Subject has been informed of and has consented to the collection and use of their information as described in this Policy and the applicable assessment notice; and
(e) promptly report to TPSI any suspected misuse, unauthorized access, or privacy incident.

15.2   Your obligations under this Policy are in addition to those in the Terms of Use. A failure to comply may result in the suspension or termination of access and the other consequences described in the Terms of Use.

16. Changes to this Policy and Continued Acceptance

16.1  
TPSI may modify this Policy at any time. The current version is always available at app.tpsitais.com, and the "Last Updated" date at the top indicates when it was most recently revised.

16.2   How TPSI provides notice depends on how you interact with the Platform:
(a) Authorized Users and TDs (who log in) will be required to review and affirmatively accept the updated Policy at their next login before continuing to use the Platform;
(b) Subjects and others who do not log in are shown the Policy then in effect at the time they complete an assessment, and the current Policy is available at all times at the URL above.

16.3   For significant or material changes, TPSI will provide more prominent notice on the Platform.

16.4   Your continued use of the Platform, or completion of an assessment, after an updated Policy takes effect constitutes your acknowledgment of the updated Policy, except where applicable law requires fresh consent.