Privacy
Privacy Policy
Updated July 3, 2026
What we collect
Articul collects account information such as name, email address, organization, role, billing identifiers, authentication events, and support or contact requests. The service also stores customer data that users submit, including drawings, title-block data, AS9102 form fields, characteristic rows, certificates, evidence files, comments, approvals, audit-history events, and export packages.
How we use data
We use data to create and maintain accounts, provide hosted and self-host workflows, run extraction and validation jobs, generate FAIR exports, support customers, secure the service, monitor reliability, process billing, and meet legal or contractual obligations.
Hosted extraction may send drawing content, prompts, and extraction outputs to configured subprocessors such as OpenAI and Anthropic. Their handling of submitted content is governed by the applicable commercial/API terms and deployment configuration.
Export-controlled data
Hosted Articul is not intended for ITAR-controlled technical data, EAR-controlled technology, classified data, or other data that must remain inside customer-controlled infrastructure. Do not upload export-controlled technical data to hosted. Use the self-host path for that work.
Sharing and subprocessors
We share data only as needed to operate the service, including infrastructure, storage, email, billing, analytics, support, and hosted extraction subprocessors. We do not sell customer drawings or FAIR records. We may disclose data if required by law, to protect the service, or to enforce our terms.
Retention and deletion
Hosted data is retained while the account or FAIR record is active, while needed for backup integrity, billing, security, dispute resolution, or legal obligations, or according to an applicable written agreement. Self-host customers control retention inside their own infrastructure, subject to their deployment and backup configuration.
Security
Articul uses tenant-scoped records, access controls, audit events, durable storage, operational monitoring, and deployment-specific safeguards. No system is perfectly secure; customers remain responsible for classifying data before upload and for configuring self-host environments when controlled data is involved.