Trust & Security
Updated April 25, 2026
FactoryLM (MIRA) is built for industrial maintenance teams. This page describes how we protect the equipment manuals, work orders, photos, and conversations you trust us with. We aim for transparency: where we host, who touches your data, what we encrypt, and what's on the roadmap. Questions? security@factorylm.com.
1. Hosting & Encryption
- Application hosting: DigitalOcean (USA). Customer-facing services run on hardened Linux containers behind TLS.
- Database (MIRA core): NeonDB serverless Postgres, hosted in AWS us-east-1. Includes per-tenant accounts, knowledge base chunks, and audit events.
- Atlas CMMS data: each customer gets an isolated Postgres instance and MinIO object store — physical separation, not shared storage.
- Encryption in transit: TLS 1.2+ on every public endpoint. Database connections use SSL (Postgres
sslmode=require). - Encryption at rest: AES-256, applied by the underlying providers (Neon, AWS, MinIO defaults).
- Secrets management: all production credentials live in Doppler. No
.envfiles in source control. Pre-commit and CI gates scan every change for credential leaks (gitleaks).
2. Sub-processors
Vendors that process customer data on our behalf:
| Sub-processor | Purpose | Region |
|---|---|---|
| Anthropic (Claude API) | AI inference for chat, diagnosis, citations | USA |
| NeonDB (Neon Inc.) | Tenant data, knowledge base, audit log | AWS us-east-1, USA |
| DigitalOcean | Application hosting, customer-facing endpoints | USA |
| Stripe | Payment processing, subscription management | USA |
| Resend | Transactional email (signup, receipts, magic links) | USA |
| Google (Gmail + Apps Script) | Magic email inbox for manual ingestion (HMAC-signed) | USA |
| Twilio | WhatsApp / SMS adapter (optional, per tenant) | USA |
| Microsoft Azure | Microsoft Teams adapter (optional, per tenant) | USA |
| Apify | Scheduled crawler for OEM manual discovery | USA / EU (Czech) |
| Firecrawl | Alternative crawler for OEM manual discovery | USA |
| Langfuse | LLM call observability (telemetry only — no manual content) | EU (Germany) |
| Doppler | Secrets management (operational; no customer data) | USA |
Material changes to this list are announced at least 30 days in advance to active subscribers.
3. Data Isolation
- Atlas CMMS (work orders, assets, photos): each customer runs on their own Atlas container with their own Postgres database and MinIO bucket. Physical isolation — no shared tables.
- MIRA chat & knowledge base (NeonDB): every query is scoped by
tenant_id. A continuous integration test inserts data as Tenant A, queries as Tenant B, and fails the build if any row leaks across. - Engineer access: production database credentials live in Doppler; access is logged and reviewed. Customer manual contents and conversation logs are not used for model training, internal benchmarking, or sales analytics.
4. Authentication
- Login: magic-link email (no passwords stored).
- Session: short-lived signed JWT, kept in browser
sessionStorage(cleared when you close the tab). - Multi-factor authentication (TOTP): Roadmap — Q3 2026 Available on every plan.
- Single sign-on (SAML / OIDC): Roadmap — Team plan $497/mo Team tier with Okta and Microsoft Entra ID via WorkOS.
5. Audit Logging
Roadmap — Q3 2026 Append-only audit_events log capturing authentication, tenant-scoped writes, exports, and account-level actions. Available to customers on request.
6. Data Retention & Deletion
- Account data: retained while subscription is active.
- Account deletion: request via privacy@factorylm.com or the in-product "Delete account" button (Roadmap — Q3 2026). Hard purge of all tenant-scoped data within 30 days.
- Equipment manuals & KB chunks: deleted within 30 days of account termination.
- Diagnostic query logs: 90 days for quality monitoring, then deleted.
- Server logs: 30 days.
- Payment records: per Stripe / tax / legal requirements, typically 7 years.
7. Compliance
- Data residency: primary data store is in the United States (AWS us-east-1).
- CCPA: California residents have rights to access, deletion, and opt-out of "sale" of personal information. We do not sell personal information. Submit requests to privacy@factorylm.com.
- SOC 2 Type II: Roadmap Targeted attestation start once we reach our customer milestone. Pre-attestation security questions can be sent to security@factorylm.com; we'll respond with a written summary of controls.
- Penetration testing: Roadmap — annual First third-party test scheduled to follow audit log + MFA rollout.
- HIPAA / FedRAMP / CMMC: not in scope. FactoryLM is a manufacturing maintenance tool; we don't process protected health, federal, or controlled defense information.
8. Vulnerability Disclosure
If you've found a security issue in FactoryLM or MIRA:
- Email security@factorylm.com. PGP key on request.
- We aim to acknowledge within 72 hours and follow a 90-day coordinated disclosure window.
- We do not currently operate a paid bug bounty program. We do credit researchers in Acknowledgments below (with permission).
- Please don't run automated scanners against production tenants you don't own; reach out first and we'll provide a sandbox.
Our machine-readable contact: /.well-known/security.txt (RFC 9116).
9. Contracting Documents
- Data Processing Addendum (DPA): /legal/dpa — counter-signed copies available on request to legal@factorylm.com.
- Privacy Policy: /privacy
- Terms of Service: /terms
- Acceptable Use Policy: embedded in Terms §4.
10. Acknowledgments
None yet. We'll list (with permission) researchers who have responsibly disclosed issues to security@factorylm.com.
11. Changes
Material changes to this page (new sub-processors, residency changes, certification milestones) are emailed to active subscribers and noted with the "Updated" date at the top.
12. Contact
Security issues: security@factorylm.com
Privacy / data requests: privacy@factorylm.com
Legal / contracting: legal@factorylm.com
FactoryLM, Inc. — Delaware, USA