PLCs.ai
The PlatformPricingYour DataDeveloperLog in
Start free trial
Legal

Privacy Policy

Effective date: June 10, 2026 · PLCs.ai, Inc. · Hoboken, NJ

This Privacy Policy describes how PLCs.ai, Inc. ("PLCs.ai," "we," "us," or "our") collects, uses, shares, and protects information in connection with the PLCs.ai platform, including the cloud-based web application known as plcsai-cloud, the desktop companion application known as plcsai-rva, and our website at plcs.ai (collectively, the "Service").

PLCs.ai is a business-to-business (B2B) platform. Most of the data we process on behalf of our business customers is provided by them and is subject to the agreement between PLCs.ai and the business customer (the "Customer Agreement," which includes our Terms of Service and, where applicable, a Data Processing Addendum). This Privacy Policy describes our general data practices and our commitments to data subjects. Where the Customer Agreement addresses a topic differently, the Customer Agreement controls for that customer.

Headline commitments
(1)

We do not train any machine-learning model on Customer Content, including PLC files or AI outputs.

(2)

We do not sell personal information, and we do not share it for cross-context behavioral advertising.

(3)

We support data-subject rights under the GDPR, CCPA and TDPSA and will honor reasonable requests.

1.

Scope

This Privacy Policy applies to information we process when:

  • you visit our website;
  • you create an account, sign in, or use the Service;
  • you communicate with us by email or through a support channel;
  • you attend a webinar, event, or demo hosted by us.

This Privacy Policy does not apply to third-party websites or services that link to or from the Service; those are governed by their own privacy policies.

2.

Our Roles

2.1 As a controller
PLCs.ai acts as a controller (or equivalent, such as a business under the CCPA or the TDPSA) for personal information we collect directly about prospects, website visitors, and account administrators. We decide why and how to process that information. This Policy applies to such personal information.
2.2 As a processor
When our business customers use the Service, they decide what information, including what PLC files and related content, to upload. For that information, PLCs.ai acts as a processor (or equivalent, such as a service provider under the CCPA or the TDPSA), and we process it only according to the Customer Agreement, on the customer's documented instructions and, where applicable, according to the Data Processing Addendum. This Policy does not apply to such Personal Information.
2.3 Data subject requests
If you are a data subject whose information is processed by PLCs.ai on behalf of a business customer, please direct privacy questions and rights requests to that customer first. We will cooperate with the customer as required by the Customer Agreement.
3.

Information We Collect

We collect the categories of information described below. Not every category applies to every individual or every customer.

3.1 Account and identity information
  • name, work email address, employer, profile picture and job title – directly from you or from third parties such as Google, Microsoft and Github;
  • authentication credentials (hashed passwords, SSO identifiers, MFA tokens);
  • account role and permissions.
3.2 Billing information
  • billing contact, billing address, purchase-order details;
  • payment method details (processed by our payment processor — Stripe, Inc.).
3.3 Usage, technical, and telemetry data
  • log and event data, such as API calls, feature events, session duration, error codes, and stack traces;
  • device and environment data, such as operating system, browser or application version, IP address, device identifiers, and language;
  • performance telemetry from plcsai-cloud and plcsai-rva (latency, throughput, error rates) that does not include the contents of PLC files or AI outputs.
3.4 Support and other inbound communications
  • the contents of support tickets, chat messages, emails to support@, security@, privacy@, and sales@ (where lawful and disclosed), and voluntary feedback;
  • marketing preferences and engagement (e.g., whether an email was opened or a link clicked).
3.5 Cookies and similar technologies
Our website and web application use cookies and similar technologies. We describe the categories of cookies and how to control them in Section 10.
4.

How We Use Information

We use information for the following purposes. For personal information of EU/UK/Swiss data subjects, we have identified the GDPR legal basis in brackets.

4.1 To deliver and support the Service
  • provide, operate, maintain, and secure the Service;
  • authenticate Authorized Users, administer subscriptions, and provide customer support;
  • respond to inquiries, send service announcements, and provide product updates;
  • generate AI outputs requested by the business customer or Authorized User.
basis

performance of a contract and our legitimate interests in providing you with the Service, contacting you regarding administrative issues related to the Service, this Privacy Policy, our Terms, support and maintenance.

4.2 To secure the Service and prevent abuse
  • detect, investigate, and respond to security, fraud, or abuse events;
  • maintain logs sufficient to support investigations.
basis

legitimate interests in defending and enforcing against violations and breaches that are harmful to our business; legitimate interest in complying with mandatory legal requirements.

4.3 To improve and develop the Service

No training on Customer Content. We do not use Customer Content — including PLC files, prompts, or AI outputs — to train, fine-tune, or otherwise improve any machine-learning model, whether general-purpose or customer-specific. This commitment applies to all customers on every pricing tier.

We may use aggregated and de-identified Usage Data to analyze trends, diagnose performance, and develop new features. We may also use support communications and voluntarily-provided feedback (which is not Customer Content) to improve the Service.

basis

legitimate interests in developing and enhancing our business and the Service.

4.4 To send marketing communications
Send marketing communications to prospects and customers, subject to applicable opt-out rights and consent obligations where required.
basis

explicit consent where required or consent via soft-opt in, where allowed.

4.5 To comply with law and enforce our rights
Comply with applicable law, regulation, court orders, and lawful requests from public authorities; enforce the Customer Agreement and protect the rights, property, and safety of PLCs.ai, our customers, and others.
basis

legitimate interest in complying with mandatory legal requirements imposed on us; legitimate interests in defending and enforcing against violations and breaches that are harmful to our business.

6.

How We Share Information

We share information only as described below. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

6.1 Subprocessors
We engage carefully selected Subprocessors to help us deliver the Service, including cloud infrastructure, payment processing, email delivery, customer support tooling, and analytics. We impose data-protection terms on each Subprocessor that are substantially equivalent to the protections in this Privacy Policy and the Customer Agreement, and we remain responsible for their performance. A current list of our Subprocessors is available upon request at privacy@plcs.ai.
6.2 Other users of the Service
We will share your Account Information with other users of the Service, if you collaborate with them as part of your Organization.
6.3 Professional advisors
We may share information with our accountants, auditors, lawyers, bankers, insurers, and other professional advisors where reasonably necessary.
6.4 Corporate transactions
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, we may share information as part of the transaction, subject to reasonable confidentiality obligations.
6.5 Legal and safety
We may share information to: (a) comply with applicable law, regulation, or legal process; (b) respond to a lawful request from a government authority; (c) protect the rights, property, or safety of PLCs.ai, our customers, or others; or (d) investigate or prevent fraud, abuse, or security incidents. Where permitted, we will notify the affected customer before disclosing Customer Content in response to a legal request.
6.6 With your direction
We will share information with third parties at your direction or with your consent, for example when you authorize an integration or single sign-on provider.
7.

International Transfers

PLCs.ai is based in the United States, and information we process is typically hosted on cloud infrastructure located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States or in other countries where our Subprocessors operate.

For transfers of personal information out of the European Economic Area, the United Kingdom, or Switzerland to countries not recognized as providing an adequate level of protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. Customers that require a Data Processing Addendum may request one at privacy@plcs.ai.

8.

Data Retention

We keep personal information only for as long as needed for the purposes described in this Privacy Policy, or as required by law. Retention periods are aligned to SOC 2 Type II audit requirements and applicable legal obligations. If a legal hold, pending dispute, or regulatory obligation requires longer retention, we will keep the relevant records for the required period.

9.

Your Rights

You have the right to review the personal information we collect and use about you and the right to request correction of your personal information. Depending on where you live and how we process your information, you may have some or all of the following rights:

Right to Access

Receive a copy of your personal information that we process.

Right to Rectification

Correct inaccurate personal information we have concerning you and have incomplete personal information completed.

Right to Withdraw Consent

Easily and at any time withdraw your consent to marketing communications or non-essential cookies. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Data Portability

Receive the personal information you provided to us in a structured, commonly used, and machine-readable format, and transmit it to another person or entity.

Right to Object

Object to our processing of your personal information based on our legitimate interest. We may override the objection if we demonstrate compelling legitimate grounds or need to process for the establishment, exercise, or defense of legal claims.

Right to Restriction

Restrict us from processing your personal information in certain circumstances, including where you contest accuracy, where processing is unlawful, or where we no longer need the data.

Right to be Forgotten

Under certain circumstances, ask us to erase your personal information. We may still process it if necessary to comply with legal obligations or for the establishment, exercise, or defense of legal claims.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. EU residents may lodge a complaint with the supervisory authority in their Member State of residence. UK residents may contact the Information Commissioner's Office (ICO).

To exercise any of these rights, contact us at privacy@plcs.ai. We may need to verify your identity before responding. If your personal information is held by PLCs.ai on behalf of a business customer, we will forward your request to the customer and cooperate with the customer's response.

9.1 CCPA / CPRA / TDPSA disclosures (California & Texas)

In the prior 12 months, PLCs.ai has collected the categories described in Section 3 for the purposes described in Section 4 and shared them only with the categories of recipients described in Section 6. We have not sold personal information, and we have not shared personal information for cross-context behavioral advertising.

California and Texas residents have the following rights: knowing the personal information we collect and obtaining it in a readable format; the right to delete personal data; the right to correct inaccurate personal information; and protection against discrimination for exercising these rights.

You may also designate an authorized agent to make a request on your behalf by providing the agent with written permission and having the agent submit proof of authorization to us.

To exercise your rights, contact us at privacy@plcs.ai.

10.

Cookies and Similar Technologies

We use cookies and similar technologies (such as local storage and pixels) to operate the Service, remember your preferences, analyze traffic, and measure campaign performance.

Strictly necessary

Required to deliver the Service (e.g., authentication, CSRF protection). Cannot be disabled.

Analytics

Help us understand how the Service is used so we can improve it.

Marketing

Used on our marketing website only, not inside the Service.

You may opt out from the use of non-essential cookies or consent to their use (dependent on your region) via our cookie banner.

10.1 Global Privacy Control and Do Not Track
We recognize the Global Privacy Control (GPC) opt-out signal and will treat it as a confirmed opt-out preference on record. We do not currently respond to browser Do Not Track (DNT) signals as there is no industry-standard interpretation of that signal.
11.

Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including:

  • role-based access controls, MFA for administrative access, and audit logging;
  • secure software development practices, including code review, dependency scanning, and static analysis;
  • background checks for personnel with access to production systems, subject to local law;
  • incident-response procedures, including notification to customers in accordance with the Customer Agreement and applicable law.

No security program is perfect; if you believe a security vulnerability exists in the Service, please report it at security@plcs.ai.

12.

Children

The Service is not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from children under thirteen (13). If you believe we have collected such information, contact us at privacy@plcs.ai and we will delete it.

13.

Automated Decision-Making

The Service uses artificial intelligence and machine-learning models to generate AI Outputs. These are productivity suggestions for review by our customer's engineers and do not produce decisions that have legal or similarly significant effects on individual data subjects. We do not use personal information to make solely-automated decisions of that kind.

14.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make a material change, we will notify affected users by email or through the Service at least 30 days in advance. The version number above reflects the current version.

15.

How to Contact Us

For privacy questions, rights requests, or a Data Processing Addendum, please contact:

PLCs.ai, Inc.
Attn: Privacy Team
Suite 400, 258 Newark Street, Hoboken, New Jersey 07030, United States
Security disclosuressecurity@plcs.ai
Support / data exportsupport@plcs.ai