LGC AIDC — Security & Data Privacy

🔒 Zero File Retention — Architecture, Not Policy

Every file you upload to AIDC — PLC code, P&ID drawings, network configurations, EPMS data — is loaded into RAM for processing and discarded the moment the analysis is complete. No file bytes are written to disk, stored in a database, cached, or logged at any point. This is an architectural guarantee, not a policy promise. There is no mechanism by which your files could be retained even if we wanted to retain them.

🧠

AI Provider — Zero Retention

AIDC uses the Anthropic Claude API configured with zero data retention. File content sent to the Claude API is not stored by Anthropic and is not used for model training. This is a contractual and technical configuration of our API key.

🔐

Encryption in Transit

All data transmitted between your browser and AIDC is encrypted using TLS 1.3 with AES-256. There is no unencrypted transmission path. HSTS is enforced.

📋

Audit Trail

Every API call is logged to Google Cloud Firestore with timestamp, user ID, tenant ID, and action type. File contents are never logged — only metadata. Exportable for compliance audits.

🔑

Authentication

JWT session tokens (HS256, 30-day TTL, HttpOnly). Admin endpoints require a separate admin token. No persistent session data stored client-side. Force-logout available via JWT secret rotation.

🌐

Network Isolation

CORS restricted to authorized LGC domains only. Cross-origin requests blocked. AIDC runs on Google Cloud Run (asia-northeast1) with no inbound access except HTTPS port 443.

⚙️

L1 Intelligence — No External API

Layer 1 deterministic reviews (PLC code audit, network audit, SEMI E187 pre-certification) run entirely on local compute inside the Cloud Run container. No file content leaves the container during L1 analysis.

What We Store vs. What We Don't

Data handling is explicit and auditable.

Data Type	Stored?	Where	Retention
Uploaded files (PLC code, P&ID, network configs)	Never stored	RAM only, discarded after response	0 seconds
AI prompts and responses	Never stored	Not logged or retained	0 seconds
Account information (name, email, company)	Yes	Google Cloud Firestore	Until account deletion
Credit usage (call counts, timestamps)	Yes	Google Cloud Firestore	12 months rolling
Audit log (action type, user ID, timestamp)	Yes	Google Cloud Firestore	12 months rolling
Session tokens (JWT)	Yes	Browser cookie only	30 days or logout

NDA & Data Protection Process

For enterprise customers who require formal agreements before sharing proprietary files.

Mutual NDA Available

LGC provides a standard mutual NDA covering PLC code, P&ID drawings, network configurations, and all engineering assets as confidential information. Available for signature before any file upload. Contact: larry@lgc.inc

Enterprise Data Processing Agreement

A full Data Processing Agreement (DPA) aligned to GDPR principles and Japan APPI is available for Enterprise and Platform tier customers. Covers sub-processor relationships, breach notification, and data subject rights.

Compliance Roadmap

SOC 2 Type II audit in progress (target: Q3 2026). IEC 62443 alignment built into the platform architecture. SEMI E187 pre-certification is an L1 built-in tool. ISO 27001 planned for 2027.

Questions about security?

Contact Larry Luyombya directly: larry@lgc.inc — we respond to all security inquiries within 24 hours. For enterprise pilots and NDA requests, we can typically turn around documentation within 48 hours.