Privacy Policy
Last Updated: January 16, 2026
NormaLang Studio ("we", "our", or "us") is committed to protecting your privacy and the confidentiality of your engineering data. This policy adheres to industry best practices for industrial SaaS applications and global data protection standards.
1. Information We Collect
A. Personal Information
Managed through Clerk: We collect your name, professional email address, and credentials. This information is used strictly for identity management and access control.
B. Project & Engineering Data (The "Core Data")
Includes electrical system models, one-line diagrams, equipment impedances, and calculation results. This data is treated as highly confidential corporate property and remains the sole ownership of the User.
C. Financial Data
Managed through Stripe: We do not store full credit card numbers or sensitive financial authentication data on our servers.
2. Confidentiality and Multi-Tenant Isolation
Logical Separation
We utilize a robust multi-tenant architecture. Your project data is logically and cryptographically isolated from other users' data, ensuring no cross-contamination.
Encryption
Data is protected using AES-256 encryption at rest and TLS 1.3 for all data in transit.
No Access Policy
NormaLang Studio employees are strictly prohibited from accessing your project data unless you provide explicit, time-limited authorization for technical support purposes.
3. Use of Artificial Intelligence (Gemini API)
NormaLang Studio integrates the Google Gemini API to provide an intelligent "Engineering Copilot" for documentation and reporting.
Contextual Processing
The AI analyzes project metadata and calculation results solely to structure, summarize, and draft technical explanations.
Zero Training Guarantee
Our API integration is configured to ensure that none of your engineering data is used to train, retrain, or improve global AI models. Your data remains within your tenant's context.
Deterministic Calculations
AI is never used to perform electrical calculations. All physics-based results (Arc Flash, Short Circuit) are generated exclusively by our proprietary deterministic calculation engines.
Human-in-the-Loop
All AI-generated suggestions must be reviewed and validated by the User, consistent with professional engineering standards.
4. Third-Party Sub-processors
We engage the following trusted sub-processors to maintain the Service:
| Sub-processor | Purpose |
|---|---|
| Clerk | Authentication and Identity Management |
| Stripe | Global Payment Processing |
| Railway | High-availability Cloud Infrastructure |
| Google Cloud | Secure AI Processing via Vertex AI/Gemini API |
5. Data Residency and Global Transfers
Storage Location
All project and personal data are stored on secure servers located in the United States (US-West).
Transfers
By using the Service, you acknowledge that your data may be processed in regions where our sub-processors operate, all of which maintain industry-standard data protection certifications (SOC2/ISO 27001).
6. User Rights and Data Control (GDPR/CCPA)
Depending on your jurisdiction, you have the following rights:
Access & Portability
You may export your project data in supported formats (PDF, Word, CSV) at any time while your subscription is active.
Right to be Forgotten
You may request the permanent deletion of your account and all associated project data.
Retention
Upon subscription cancellation, data is retained for a 30-day grace period for export before permanent deletion.
7. Cookies
We use essential cookies for authentication and session management. No third-party tracking cookies are used.
8. Security Standards and Audits
NormaLang Studio follows the security principles of SOC2 and ISO 27001. We conduct regular vulnerability scans and adhere to a "Security by Design" philosophy in our software development lifecycle.
9. Contact Us
For privacy inquiries, Data Processing Agreement (DPA) requests, or data deletion:
NormaLang Studio
Email: privacy@normalang.com