Privacy Policy

Last updated: March 2026  ·  Version 2025-01

1. Who we are

NouSynth AIDA is operated by NouSynth ("we", "us", "our"). We are the data controller for personal data processed through this platform. Contact: [email protected].

2. What data we collect and why

  • Account data (name, email, organisation) — to authenticate you and operate your account.
  • Usage data (parts created, AI interactions, session logs) — to deliver and improve the service.
  • Technical data (IP address, browser type, device) — for security and fraud prevention.
  • Consent records — to demonstrate compliance with GDPR Article 7.

We do not collect data beyond what is necessary for these purposes (data minimisation, GDPR Art. 5(1)(c)).

3. Legal basis for processing

  • Contract performance (Art. 6(1)(b)) — processing necessary to provide the service you signed up for.
  • Consent (Art. 6(1)(a)) — for any processing beyond service delivery, explicitly obtained at account creation.
  • Legitimate interests (Art. 6(1)(f)) — security monitoring, abuse prevention.
  • Legal obligation (Art. 6(1)(c)) — where required by EU or member-state law.

4. AI-generated content and intellectual property

NouSynth AIDA uses artificial intelligence to generate proprietary parametric source code from your design descriptions and interactions.

  • Geometric outputs (STL, STEP files) you export from the platform are yours. You retain full ownership and may use them for any purpose.
  • AI-generated parametric source code produced by the platform is generated by NouSynth's proprietary systems and constitutes NouSynth intellectual property. NouSynth retains all rights to this code, including the right to use, reproduce, modify, aggregate, and sublicense it for any purpose — including but not limited to product improvement, AI model training, and commercialisation of derived outputs. Users acquire no ownership interest in the generated source code.

This distinction is consistent with the contract-based nature of the service and is clearly disclosed at the point of consent.

5. Data sharing

  • Within your organisation — data is shared with other members of your tenant according to role-based permissions.
  • Service providers — infrastructure providers (hosting, email delivery) under data processing agreements (GDPR Art. 28).
  • Legal requirements — where compelled by a court order or applicable law. We will notify you unless prohibited.

We do not sell personal data. Ever.

6. Data retention

Account data is retained for the duration of your contract plus 12 months, after which it is anonymised or deleted. You may request earlier deletion at any time (see Section 7). Audit logs are retained for up to 5 years to satisfy legal obligations.

7. Your rights under GDPR

You have the following rights, exercisable via your Account Settings or by emailing [email protected]:

  • Access — obtain a copy of your personal data (Art. 15).
  • Rectification — correct inaccurate data (Art. 16).
  • Erasure — request deletion of your account and personal data (Art. 17). Note: parts and assemblies you created belong to your organisation and are retained.
  • Portability — receive your data in a machine-readable format (Art. 20).
  • Restriction — limit processing in certain circumstances (Art. 18).
  • Objection — object to processing based on legitimate interests (Art. 21).
  • Withdraw consent — at any time, without affecting prior lawful processing.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence.

8. Security

We implement appropriate technical and organisational measures including: bcrypt password hashing, AES-256 encryption for sensitive fields, TLS in transit, audit logging, and account lockout policies. No method of transmission is 100% secure; we cannot guarantee absolute security.

9. Children

The platform is not intended for users under 16. We do not knowingly collect data from minors.

10. Changes to this policy

Material changes will be notified to active users by email and require renewed consent at next login. The version number at the top of this page identifies the current policy version stored against your consent record.