Privacy Policy

Information We Collect

1.1 Business Contact Information. In the course of our consulting engagements and business development activities, we collect professional contact information including names, titles, governmental entity names, mailing addresses, email addresses, and telephone numbers of authorized representatives and project contacts.

1.2 Project and Engagement Data. We collect information necessary to deliver contracted GIS services, including procurement documents, Statements of Work, project correspondence, technical specifications, and deliverable materials provided by or developed for clients.

1.3 Geographic and Spatial Data. Clients provide us with spatial datasets, parcel records, infrastructure inventories, boundary files, and other geographically referenced data necessary for project performance. This data typically relates to public lands, infrastructure, and governmental records rather than private individuals.

1.4 Website Information. When you visit our website, we may collect standard web server log information including IP addresses, browser type, referring pages, and pages visited. We may use analytics tools to understand aggregate site usage patterns. We do not use tracking technologies to build personal profiles of individual visitors.

1.5 Communications. We retain records of business communications, including emails and meeting notes, as part of our normal project documentation practices.

1.6 What We Do Not Collect. We do not intentionally collect sensitive personal information such as Social Security numbers, financial account numbers, health information, or biometric data. Our services are delivered to governmental entities rather than private individuals, and we take steps to ensure that client datasets delivered to us do not include unnecessary personal information about private citizens.

How We Use Information

2.1 Service Delivery. We use collected information primarily to perform contracted GIS consulting services, including data processing, spatial analysis, map production, web portal development, and related deliverables as specified in applicable Statements of Work.

2.2 Business Operations. We use contact and engagement information to manage client relationships, issue invoices, communicate about project status, schedule meetings, and fulfill other routine business obligations.

2.3 Quality and Improvement. We may use de-identified, aggregated insights from past engagements to improve our methodologies, develop internal tools, and enhance the quality of services delivered to future clients. We do not use individually identifiable client data for this purpose.

2.4 Legal and Compliance. We may use and retain information to comply with applicable laws, respond to legal process, enforce our contractual rights, and protect the safety and security of our systems and personnel.

2.5 Marketing. We may use business contact information to communicate about our services, publications, and industry developments. Recipients may opt out of marketing communications at any time by contacting us at owner@txgis.org. We do not send unsolicited bulk commercial email.

Sharing & Disclosure

3.1 No Sale of Information. We do not sell, rent, trade, or otherwise transfer personal or client information to third parties for commercial purposes.

3.2 Service Providers. We may share information with trusted third-party service providers who assist us in operating our business, including cloud hosting providers, accounting software, project management tools, and email services. These providers are contractually obligated to use information only for the purpose of providing services to us and to maintain appropriate security standards.

3.3 Subcontractors. Where permitted by applicable engagement agreements, we may share project information with qualified subcontractors engaged to assist with specific deliverables. Subcontractors are bound by confidentiality obligations consistent with our client agreements.

3.4 Legal Requirements. We may disclose information when required by law, court order, subpoena, or governmental authority, or where we believe disclosure is necessary to protect our legal rights, prevent fraud, or ensure the safety of our personnel or systems. We will provide reasonable notice to affected clients where legally permissible.

3.5 Business Transfers. In the event of a merger, acquisition, or sale of substantially all assets of the Company, information held by the Company may be transferred to the successor entity, subject to the same privacy commitments described in this Policy.

Client Data

4.1 Ownership. All spatial datasets, records, and other materials provided by clients remain the property of the client. We do not claim any ownership interest in client-provided data.

4.2 Use Restrictions. We use client data solely for the purpose of performing contracted services. We do not use client datasets for internal product development, research, or any purpose not expressly authorized by the client engagement agreement.

4.3 Sensitive Governmental Data. We recognize that governmental clients may provide us with data that is subject to statutory confidentiality protections, including critical infrastructure information, law enforcement records, emergency operations data, and pre-decisional planning documents. We treat all such data with heightened care and implement access controls to limit exposure to only those personnel with a project need.

4.4 Data Minimization. We request only the data necessary to perform contracted services. Where a client's dataset includes personal information about private individuals that is not required for project performance, we will notify the client and request a redacted or filtered version.

4.5 Return and Destruction. Upon completion of an engagement or upon request, we will return client data in a mutually agreed format or certify its secure destruction, subject to any legal retention obligations applicable to our business records.

Data Security

5.1 Technical Safeguards. We implement industry-standard technical security measures to protect information against unauthorized access, disclosure, alteration, and destruction. These include encrypted data transmission (TLS), access controls, strong authentication for internal systems, and regular security reviews of our cloud infrastructure.

5.2 Organizational Controls. Access to client data and project materials is restricted to Company personnel and subcontractors with a legitimate project need. We maintain internal policies governing acceptable use of client data and provide security awareness guidance to our team.

5.3 Cloud and Storage. Project data is stored on cloud platforms that maintain SOC 2 or equivalent certifications. We do not store sensitive client data on unencrypted local devices.

5.4 Incident Response. In the event of a confirmed security incident involving client data, we will notify affected clients promptly and in accordance with applicable legal requirements, cooperate in any required breach notification process, and take reasonable steps to contain and remediate the incident.

5.5 Limitations. No method of transmission over the internet or electronic storage is completely secure. While we use commercially reasonable safeguards, we cannot guarantee absolute security. Clients are encouraged to implement their own security measures for sensitive data prior to transmission.

Retention

6.1 Business Records. We retain business contact information, engagement records, invoices, and project correspondence for a minimum of seven (7) years following the close of an engagement, consistent with standard business record retention practices and applicable tax and accounting requirements under Texas and federal law.

6.2 Project Deliverables and Data. Copies of project deliverables and associated client data are retained for the duration of the engagement and for a reasonable period thereafter (typically two years) to support any post-delivery questions, warranty claims, or follow-on work. Client data is returned or destroyed upon written request, subject to any legal retention obligations.

6.3 Website Analytics. Aggregate website analytics data is retained as long as necessary for business purposes and is reviewed periodically. Individually identifiable web server log data is not retained beyond ninety (90) days.

6.4 Deletion Requests. Business contacts and prospective clients who wish to have their contact information removed from our records may submit a written request to owner@txgis.org. We will honor such requests subject to our legal obligations to retain certain records.

Website & Cookies

7.1 Minimal Tracking. Our website is designed to collect only the information necessary to operate effectively. We do not use advertising tracking pixels, behavioral advertising networks, or cross-site tracking technologies.

7.2 Essential Cookies. We may use essential session cookies required for the website to function correctly. These cookies do not persist beyond your browser session and do not track you across other websites.

7.3 Analytics. If we use web analytics tools, they are configured to anonymize IP addresses and aggregate usage data. We do not use analytics data to identify individual visitors or build personal profiles.

7.4 Third-Party Embeds. Some pages may include third-party components such as embedded maps (Mapbox, MapLibre) or fonts (Google Fonts). These services may set their own cookies or collect limited technical data subject to their own privacy policies. We encourage you to review the privacy policies of any third-party services whose content appears on our site.

7.5 Browser Controls. You may configure your browser to refuse cookies or alert you when cookies are being sent. Most functionality of our website remains available if cookies are disabled.

Texas Privacy Rights

8.1 Texas Data Privacy and Security Act. The Texas Data Privacy and Security Act (TDPSA), effective July 1, 2024, provides certain rights to Texas residents with respect to their personal data. To the extent the TDPSA applies to our processing activities involving Texas residents, we honor the following rights:

• Right to Know: You may request confirmation of whether we process your personal data and access to that data;
• Right to Correct: You may request correction of inaccurate personal data we hold about you;
• Right to Delete: You may request deletion of personal data we have collected from you, subject to legal retention obligations;
• Right to Portability: You may request a copy of personal data you have provided to us in a portable, machine-readable format;
• Right to Opt Out: You may opt out of the sale of personal data, targeted advertising, and certain profiling activities. We do not engage in any of these activities.

8.2 B2B Exemption. Much of our data processing involves business contact information and governmental records that may be exempt from certain TDPSA requirements. We apply the spirit of these protections broadly regardless of technical exemption status.

8.3 Exercising Rights. To exercise any of the rights described above, submit a written request to owner@txgis.org with sufficient information to verify your identity. We will respond within forty-five (45) days as required by applicable law, with one possible extension of an additional forty-five (45) days where reasonably necessary.

8.4 Appeals. If we decline to take action on a rights request, you may appeal that decision by submitting a written appeal to owner@txgis.org within thirty (30) days of receiving our response. We will respond to appeals within sixty (60) days.

Third-Party Services

9.1 External Links. Our website and deliverables may contain links to external websites, government portals, or data sources operated by third parties. We are not responsible for the privacy practices or content of those sites and encourage you to review their privacy policies independently.

9.2 Data Sources. In performing GIS services, we may incorporate publicly available data from sources including the Texas Railroad Commission, FEMA National Flood Hazard Layer, USGS National Map, county appraisal district portals, and OpenStreetMap contributors. Use of such data is governed by the respective source agency's terms of use.

9.3 Software Platforms. We use professional software platforms in our operations, including Esri ArcGIS, QGIS, PostgreSQL/PostGIS, and cloud hosting services. These platforms process data on our behalf under appropriate data processing agreements. We have reviewed each platform's security and privacy commitments and selected providers with strong track records in the government and enterprise markets.

Contact & Updates

10.1 Privacy Contact. For questions, concerns, data rights requests, or to report a potential privacy issue, please contact us at:

• Email: owner@txgis.org
• Mail: TX GIS Solutions LLC, Attn: Privacy, Dallas–Fort Worth, TX

We will acknowledge receipt of all privacy inquiries within five (5) business days and provide a substantive response within the timeframes required by applicable law.

10.2 Policy Updates. We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or business operations. Material changes will be communicated to active clients by email at least thirty (30) days before the effective date. The current version of this Policy is always available at txgis.org/privacy.html. Continued engagement with the Company after the effective date of any update constitutes acceptance of the revised Policy.

10.3 Governing Law. This Privacy Policy is governed by the laws of the State of Texas. Any disputes arising from this Policy shall be resolved in accordance with the dispute resolution provisions of our Terms of Service.