Rearton Labs Privacy Policy

Effective Date: March 22, 2026 | Last Updated: March 22, 2026

Rearton Labs, Inc., a Delaware corporation and subsidiary of Akston Industries ("we," "our," or "us"), operates PRISM AI — the Production Resource Intelligence System for Manufacturing — and related software and services. This Privacy Policy describes how we collect, use, and protect your information when you use our services.

🔒 Key Privacy Principles

Your original blueprints never leave your device. Blueprint processing happens locally in your browser. We do not store your blueprint images. Your manufacturing data (job records, SPC measurements, customer information) is encrypted at rest and in transit. Cross-shop learning is opt-in and anonymized. Our built-in data redaction system removes identifying information before any cross-shop sharing.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address (used for authentication via magic link)
Account creation date and last sign-in date
Organization name and role (if provided)

1.2 Subscription and Billing Data

Your subscription tier (Free, Starter, Pro, Enterprise) and status
Post-processor license purchases and activation status
Billing cycle and payment history (payment details are held by Stripe — see Section 4)

1.3 Usage Data

We track platform usage to enforce plan limits, improve our Services, and provide analytics dashboards:

Number of speed/feed calculations, post-processor runs, blueprint analyses, and quote generations
Feature usage patterns (which modules you use and how frequently)
API call volumes (for metered billing)
PRISM Academy course progress, quiz scores, and certifications earned

1.4 Manufacturing Data (You Control)

If you use our ERP, job management, quality, or shop floor features, you may store:

Job records — Work orders, operation sequences, job status, and production notes
Customer data — Customer names, contacts, and order history in your CRM
Inventory data — Material stock, tool inventory, and purchase orders
Quality data — SPC measurements, inspection results, Gauge R&R data, and CMM reports
HR data — Employee records, time clock entries, payroll information, training records, and certifications
Financial data — Invoices, accounts receivable/payable, general ledger entries, and P&L data
Scheduling data — Machine schedules, capacity plans, and production calendars

This data belongs to you. We store it on your behalf and process it only to provide the Services.

1.5 Machine Connectivity Data

If you connect CNC machines via OPC-UA, MTConnect, or MQTT:

Machine status, spindle load, feed rate, and position data
Alarm events and error codes
Cycle times and utilization metrics
Tool wear data and maintenance events

Machine connectivity data is used for real-time monitoring, predictive maintenance, and adaptive control. It is stored within your tenant namespace and not shared without your consent.

1.6 Kiosk and Shop Floor Data

If you use our kiosk system for shop floor operations:

Operator badge scan events (clock-in/out times)
Operator-to-machine assignments
Job start/stop events

1.7 Training Data (Optional)

If you voluntarily contribute training data to improve our AI:

Part metadata (part numbers, materials, machine models)
G-code content and operation sequences
Cutting parameter results (speeds, feeds, tool life outcomes)
Extracted feature data (dimensions, tolerances)

Contributing training data is entirely optional. Our data redaction system can automatically remove customer names, pricing, serial numbers, and operator identifiers before contribution.

1.8 Standard Web Data

Browser type and version
Access times and IP addresses
Error logs and crash reports

2. Blueprint and Document Handling

2.1 Client-Side Processing

Your original blueprints and engineering drawings are never uploaded to our servers.

When you upload a document to our Print-to-Program pipeline or blueprint analysis tools:

The file is loaded directly into your web browser's memory
OCR, dimension extraction, and GD&T recognition occur locally on your device
The original file remains on your device and is never transmitted

2.2 Redaction Process

Our software includes automatic redaction to protect sensitive information:

Detection: The system identifies potentially sensitive content (company names, addresses, contact information, proprietary markings)
Local Processing: All detection and redaction occurs entirely within your browser
Permanent Redaction: A new image is created with black rectangles permanently covering selected areas
Original Preserved: Your original file remains untouched on your device

2.3 AI Analysis

When you use AI-powered features (feature extraction, process planning, AI assistant):

Only the redacted version of your document (or extracted text/metadata) is sent to our AI service
The original, unredacted document is never transmitted
Data is sent via encrypted HTTPS connection
We do not store blueprint images after analysis is complete

2.4 What We Do NOT Collect from Blueprints

Original blueprint files
Unredacted document images
CAD file contents (beyond extracted metadata you choose to process)
Proprietary design information (if properly redacted)

3. How We Use Your Information

3.1 Service Delivery

We use your information to provide and maintain the PRISM platform, process speed/feed calculations, generate G-code and post-processed programs, run SPC analyses and quality reports, manage job workflows, scheduling, and accounting, deliver PRISM Academy courses and track certifications, and provide real-time machine monitoring and predictive maintenance.

3.2 Platform Improvement

We use aggregated and anonymized usage data to improve our physics models and algorithms, expand and refine our tool, material, and machine databases, optimize platform performance and reliability, and develop new features and capabilities.

3.3 Cross-Shop Learning (Opt-In)

If you opt into the Shared Learning Bus:

Anonymized patterns (e.g., "this tool/material combination at these parameters produced good results") are aggregated across participating shops
These patterns improve speed/feed recommendations and process planning for all participants
Never shared: Customer names, pricing, serial numbers, operator identifiers, job details, or any information that could identify your shop or your customers
You may opt out at any time with no impact on your Service access

3.4 Communication

We may use your email address for account authentication (magic links), subscription and billing notifications, critical service announcements and security alerts, and product updates (you may opt out of non-essential communications).

4. Third-Party Services

4.1 AI Services

We use third-party AI services for document analysis, feature extraction, and the AI assistant. When you use AI-powered features:

Only redacted content or extracted metadata is sent to the AI provider
The AI provider's data retention and privacy policies apply to their processing
We select AI providers with strong privacy, security, and data handling practices

Your API Key Option: You may use your own API key, in which case requests go directly to the AI provider under your own account and terms.

4.2 Stripe (Payment Processing)

Payments are processed by Stripe, Inc. Your payment information is sent directly to Stripe. We do not store credit card numbers, bank account details, or other payment credentials. Stripe's privacy policy applies to payment processing.

4.3 Infrastructure

We use industry-standard cloud infrastructure for authentication, data storage, and service delivery. All data is encrypted at rest and in transit. Our multi-tenant architecture provides per-tenant namespace isolation.

4.4 Machine Connectivity Protocols

OPC-UA, MTConnect, and MQTT connections run between your machines and our platform. We do not share machine connectivity data with third parties. Data flows are encrypted in transit.

5. Data Storage and Security

5.1 What Is Stored

Data Type	Storage	Retention
Account info	Encrypted database	Until account deletion
Usage counts	Encrypted database	12 months rolling
Manufacturing data (ERP, jobs, quality, HR, financial)	Encrypted database, tenant-isolated	Until you delete it
Machine connectivity data	Encrypted database, tenant-isolated	Configurable (default 90 days for time-series, indefinite for events)
SPC measurements	Encrypted database, tenant-isolated	Until you delete it
Training data contributions	Encrypted database	Until you delete it
Academy progress	Encrypted database	Until account deletion
Original blueprints	Not stored	N/A — processed in browser only
Redacted images	Not stored	N/A — discarded after analysis

5.2 Security Measures

All data transmission uses TLS/HTTPS encryption
Data at rest is encrypted
Multi-tenant architecture with per-tenant namespace isolation
Database access protected by Row Level Security (RLS)
API endpoints require authentication tokens (JWT with OAuth 2.1 PKCE)
Multi-factor authentication available (TOTP per RFC 6238)
Role-based access control (RBAC) for organizational accounts
Admin access restricted to whitelisted accounts
Passwords are not stored (magic link authentication)
3-tier API rate limiting

5.3 Compliance Framework Support

Our infrastructure is designed to support compliance with ISO 13485, AS9100D, IATF 16949, SOC 2, HIPAA, and FDA 21 CFR Part 11 requirements. This means our security controls and data handling practices align with these frameworks, but our platform's compliance support does not automatically make your use of the platform compliant. You are responsible for your own regulatory compliance.

5.4 Data Retention

Account data: Retained until you request deletion
Usage data: Retained for 12 months for billing and analytics
Manufacturing data: Retained until you delete it — your data, your control
Machine time-series data: Configurable retention (default 90 days for high-frequency data)
Training contributions: Retained until you delete them
Blueprint images: Not retained (processed in browser memory only)
Cross-shop learning patterns: Anonymized and aggregated — cannot be traced to individual shops

6. Your Rights and Choices

6.1 Access and Export

You may request a complete export of your data at any time, including job records, customer data, SPC measurements, financial records, employee data, and all other manufacturing data stored in your account. We will provide your data in a standard, machine-readable format.

6.2 Deletion

You may request deletion of your account and all associated data by contacting us at info@reardenlabs.ai. Upon deletion, all data in your tenant namespace is permanently removed within 30 days. Anonymized, aggregated data that has already been incorporated into cross-shop learning patterns cannot be individually removed, as it is no longer identifiable.

6.3 Redaction Control

You control what information is redacted before AI processing
You can skip redaction entirely if you choose
You can manually draw additional redaction regions
The data redaction system also applies to cross-shop sharing, automatically removing customer names, pricing, serial numbers, and operator identifiers

6.4 Cross-Shop Learning

Participation in the Shared Learning Bus is entirely optional
You can opt out at any time through your account settings
Opting out does not affect your access to any paid features

6.5 Training Data

Contributing training data is entirely optional
You can delete your training contributions at any time
You retain ownership of your contributed data

6.6 Communication Preferences

You may opt out of non-essential communications at any time. We will always send critical account, security, and billing notifications.

7. Children's Privacy

Our services are business-to-business products intended for manufacturing professionals. We do not knowingly collect information from children under 16. If we learn we have collected data from a child under 16, we will delete it promptly.

8. International Data Transfers

Our services are hosted in the United States. If you access our services from outside the US, your information may be transferred to and processed in the US. We implement appropriate safeguards for international data transfers, including encryption in transit and at rest.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website, updating the "Last Updated" date, and notifying you via email for significant changes. Continued use of our Services after changes constitutes acceptance.

10. Contact Us

For privacy-related questions, data export requests, or deletion requests:

Rearton Labs, Inc.
A subsidiary of Akston Industries
Email: info@reardenlabs.ai
Website: reardenlabs.ai

Summary: Your Data at a Glance

Data Type	Who Controls It	Stored?	Shared?
Blueprints	You	❌ Never leaves your browser	❌ No
G-code you create	You	Your choice	❌ No
Job/ERP/Financial data	You	✅ Encrypted, tenant-isolated	❌ No
SPC & quality data	You	✅ Encrypted, tenant-isolated	❌ No
Machine connectivity data	You	✅ Encrypted, tenant-isolated	❌ No
HR & payroll data	You	✅ Encrypted, tenant-isolated	❌ No
Training data contributions	You (opt-in)	✅ If you contribute	✅ Used to train models
Cross-shop learning	You (opt-in)	✅ Anonymized only	✅ Anonymized patterns only
Account & usage data	Us	✅ Encrypted	❌ No

Your blueprints stay on your device. Your manufacturing data is encrypted and tenant-isolated. Cross-shop learning is opt-in and anonymized. You can export or delete your data at any time.

This policy is effective as of March 22, 2026.