Privacy Policy

Effective Date: 05/01/2026 Version: 1.1

aivato inc (“Company,” “we,” “our,” or “us”) respects your privacy. This page explains how we collect, process, and protect your data when you use the aivato inc platform, our 2D-to-3D rendering engine, AI Co-Designer, and CAD integrations.

1. Your Data in aivato inc

To provide a seamless engineering and AI co-design experience, we collect specific categories of data:

• User Identity & Consent Data: Name, email, billing details, and specific consent tracking metadata. This includes exact Timestamps, EULA/Privacy Policy Version IDs accepted, and your IP address.
• Proprietary Engineering Data: 2D schematic files (such as KBL and CSV) uploaded to the platform.
• Live Telemetry: Data from third-party CAD integration widgets (e.g., CATIA V5, Siemens NX). This is used strictly for system stability and executing co-design commands and is never used for AI training.
• Prompt & AI Interaction Logs: Natural language questions, spatial commands, and CAD modifications submitted to the AI Co-Designer.
• Session Metadata & Usage Analytics: Diagnostic data, browser types, and platform usage metrics.

2. How We Use Your Data

We process your data strictly to operate and secure the platform:

• Core Functionality: To computationally generate interactive 3D visualizations from your uploaded KBL/CSV coordinates and execute automated design rule checks.
• Anonymized Usage Analytics: Our analytics pipeline utilizes irreversible de-identification. IP addresses and JWT session tokens are stripped and decoupled from behavioral data before entering our databases. We apply de-identification and aggregation measures designed to reduce the risk of re-identification. Where data can no longer reasonably be linked to an identifiable individual, we treat it as anonymized data.
• AI Training Exclusivity (Explicit Opt-In): aivato inc strictly respects your intellectual property. We do not use your proprietary KBL/CSV files, 3D harness geometries, or prompt logs to train foundational AI models without a distinct, unchecked-by-default, explicit opt-in. Consent is never bundled into “Accept All” updates.

3. Data Retention & Hard Deletion

We enforce strict, automated retention rules to ensure the “Right to Erasure”:

• Prompt Logs: AI interaction logs are retained for a maximum of 30 days of inactivity, after which they are permanently purged from active sessions.
• Account Deletion: Upon account deletion, all associated proprietary CAD data, prompt logs, and identity data are immediately purged from active production databases.
• Backup Scrubbing: To ensure complete compliance, deleted data is permanently destroyed from all offline backups, cold storage, and disaster recovery archives within a maximum of 30 days of the request.

4. Your Privacy Controls

You own your data. We provide built-in tools (powered by our Data Request APIs) allowing you to control your footprint:

• Export Your Data: Request a structured export of your User Identity Data and AI-generated outputs (such as BOMs or Excel wire lists).
• Revoke Consent: You may revoke AI training consent at any time. While future data will not be used, previously learned derivative weights in foundational models cannot be retroactively “unlearned.”
• Trigger Deletion: You have the right to trigger a complete deletion of your profile and proprietary files from our servers at any time.

5. Global Compliance & Security

aivato inc is headquartered in Tennessee, United States.

• GDPR (EU) & CCPA (California): We fully support your statutory rights, including the right to access, correct, delete, or restrict the processing of your personal data.
• Security Architecture: We utilize isolated iframe sandboxing, API rate limiting, and token-based authentication to secure all data bridges between our web platform and your local CAD environments. Telemetry event buses are strictly firewalled from AI training data lakes.

6. Data Controller Information

aivato inc
900 S Gay St, Suite 2107
Knoxville, TN 37902
Email: [email protected]

7. Legal Basis for Processing (EU Users)

We process personal data based on:

• contract performance,
• legitimate interests,
• legal obligations,
• and explicit consent where required.