Legal

Privacy Policy

Last updated: May 5, 2026

This Privacy Policy describes how DiagAI (“we”, “us”, or “our”) collects, uses, stores, and protects information when you use the DiagAI predictive maintenance platform, dashboard, and REST API (“Service”).

1. Information we collect

Account information

When you create a DiagAI account we collect your name, work email address, company name, and the plan you select. This information is required to provide the service.

Sensor and equipment data

DiagAI processes the industrial sensor telemetry you submit via the API or dashboard — including time-series readings for temperature, vibration, rotational speed, torque, tool wear, and derived feature values. This data is stored in your account namespace in MongoDB Atlas and is used solely to provide anomaly detection, root cause analysis, and predictive maintenance recommendations.

Usage data

We automatically collect certain information when you use DiagAI: browser type, IP address, pages visited, API endpoint calls (method, path, response status, latency), and dashboard interactions. This data is used for service reliability monitoring and product improvement.

Communications

If you contact us via email or the contact form, we retain those communications to respond to your enquiry and improve our support quality.

2. How we use your information

  • Provide, operate, and maintain the DiagAI platform and REST API
  • Deliver anomaly detection results, RCA reports, and maintenance recommendations
  • Authenticate your identity and manage your session
  • Send transactional emails (account creation, alert notifications, trial expiry)
  • Respond to support requests and technical enquiries
  • Monitor service health, debug errors, and improve platform reliability
  • Comply with legal obligations
We do not sell your personal data or your equipment data to third parties. We do not use your sensor data to train shared models without your explicit consent.

3. Data storage and retention

Storage location

Account data and sensor telemetry are stored in MongoDB Atlas (cloud-hosted, AWS us-east-1 region by default). Enterprise customers may request dedicated clusters in alternative regions or on-premises deployments.

Retention

Active account data is retained for the duration of your subscription plus 30 days after cancellation, during which you may export your data. Anomaly event history and RCA reports are retained for 12 months on the Starter plan and indefinitely on Professional and Enterprise plans. Usage logs are retained for 90 days.

Deletion

You may request full account and data deletion at any time by emailing hello@diagAI.io. Deletion is completed within 30 days. Anonymised, aggregated statistics derived from your data (e.g., overall platform F1 score metrics) may be retained.

4. Data sharing and sub-processors

We share data only with sub-processors necessary to operate the service. Our current sub-processors include: MongoDB Atlas (database hosting), Render (compute and static hosting), and Groq (LLM inference for the RCA reasoning pipeline). Each sub-processor is bound by data processing agreements and processes data only as instructed. We do not share your data with any other third parties except as required by law.

5. Security

DiagAI uses HTTPS for all data in transit. Data at rest in MongoDB Atlas is encrypted using AES-256. API authentication uses bearer tokens scoped to your account. We conduct periodic security reviews. In the event of a data breach affecting your personal data we will notify you within 72 hours of becoming aware of it, consistent with applicable law.

6. Cookies

DiagAI uses session authentication cookies to maintain your logged-in state and localStorage for client-side preferences (e.g., dashboard layout). We do not use tracking cookies or third-party advertising cookies.

7. Your rights

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — request deletion of your data (see Section 3)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on our legitimate interests
  • Restriction — ask us to restrict processing in certain circumstances
To exercise any of these rights, email hello@diagAI.io. We will respond within 30 days.

8. Children

DiagAI is an industrial B2B platform not directed at individuals under 18. We do not knowingly collect personal data from minors.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-product notification at least 14 days before the change takes effect. Continued use of DiagAI after that date constitutes acceptance of the updated policy.

10. Contact

Questions or requests regarding this policy should be directed to: hello@diagAI.io. You can also use the contact form at /company/contact.