Privacy Policy

Effective April 11, 2026

1. What We Collect

  • Account information: email address, first name, company/facility name (provided during signup)
  • Payment information: processed and stored by Stripe. We never see or store your card number.
  • Equipment manuals: PDFs and documents you upload for MIRA to index
  • Usage data: diagnostic queries you submit and MIRA's responses
  • Technical data: IP address, browser type, device type (server logs only, no tracking cookies)

2. How We Use Your Data

  • Account info: to identify your account, send transactional emails (signup confirmation, payment receipts, Loom nurture sequence), and personalize MIRA's responses
  • Equipment manuals: indexed into your tenant's private knowledge base to power MIRA's diagnostic responses. Your manuals are never shared with other tenants.
  • Diagnostic queries: processed in real-time via Claude API (Anthropic) to generate responses. Queries are not stored by Anthropic for training per our DPA.
  • Usage data: to improve MIRA's response quality and monitor for abuse

3. Sub-processors

Sub-processor Purpose Location
NeonDB (Neon Inc.) Tenant data, knowledge base storage us-east-1, AWS
Stripe Payment processing, subscription management USA
Resend Transactional email delivery USA
Anthropic (Claude API) AI inference for diagnostic queries USA

4. Data Retention

  • Account data: retained while subscription is active + 30 days after cancellation
  • Equipment manuals & knowledge entries: deleted within 30 days of account termination
  • Diagnostic query logs: retained for 90 days for quality monitoring, then deleted
  • Payment records: retained per Stripe's data retention policy and tax/legal requirements (typically 7 years)
  • Server logs: retained for 30 days

5. Your Rights

Under GDPR and CCPA, you have the right to:

  • Access: request a copy of all data we hold about you
  • Correction: update inaccurate personal information
  • Deletion: request deletion of your account and all associated data
  • Export: receive your data in a portable format
  • Restriction: limit how we process your data
  • Objection: opt out of certain data processing activities

To exercise any right, email privacy@factorylm.com. We respond within 30 days.

6. Cookies & Tracking

We do not use cookies for tracking. We do not use Google Analytics or any third-party tracking scripts. Session state is managed via JWT tokens stored in browser sessionStorage (cleared when you close the tab).

7. Security

  • All data transmitted over HTTPS/TLS
  • Database connections encrypted (SSL required)
  • Secrets managed via Doppler (not stored in code)
  • Tenant isolation: each customer's knowledge base is scoped by tenant ID

8. Children

FactoryLM is a B2B industrial maintenance tool. We do not knowingly collect data from anyone under 18.

9. Changes

We may update this policy. Material changes will be communicated via email to active subscribers. The "Effective" date at the top will be updated.

10. Contact

For privacy inquiries: privacy@factorylm.com
FactoryLM, Inc. — Delaware, USA