Platform Privacy Policy

Hagen Automation Ltd

Company registered in England and Wales Number 09894246

info@hagenautomation.com | robovigil.com

Version 1.1

Last updated: February 2026

This document forms part of the RoboVigil Licence Agreement

See also: RoboVigil Data Processing Agreement (separate document)

1. About This Policy

This privacy policy explains how Hagen Automation Ltd (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use the RoboVigil platform, including the mobile applications, web application, and associated backend services (the “Platform”).

The Platform is designed to minimise personal data processing. It primarily processes machine telemetry data rather than personal data. Machine telemetry typically does not contain personal data unless configured by the customer to include user-identifying fields.

This policy applies to the RoboVigil Platform only. Our website (robovigil.com) has a separate privacy policy covering website visitors. This policy should be read alongside the RoboVigil Licence Agreement (robovigil.com/licence) and the RoboVigil Data Processing Agreement.

2. Data Controller and Processor Roles

Hagen Automation Ltd acts as a data processor when handling your machine data, camera feeds, and operational data on your behalf. You (the customer) are the data controller and determine the purposes and means of processing that data.

We act as an independent data controller for account management data (your name, email address, billing information) which we require to provide and administer the service.

3. Personal Data We Collect

3.1 Account Data (Controller)

When you create an account, we collect:

  • Name and email address
  • Authentication credentials (managed via Firebase Authentication)
  • Billing and payment information (processed via Stripe)
  • Account preferences and notification settings
  • IP addresses and device information used to access the Platform

3.2 Operational Data (Processor)

When you connect machines and cameras to the Platform, we process on your behalf:

  • Machine telemetry data collected via OPC-UA protocol (e.g. temperatures, speeds, cycle counts, operational states)
  • Machine configuration data (node mappings, tag classifications, alert thresholds)
  • Camera video streams transmitted via RTSP/WebRTC through secure VPN tunnels
  • Alert snapshots (still images captured only when triggered by customer-defined alert rules)
  • Calculated performance metrics (uptime, cycle statistics, OEE data)
  • Alert and error logs

3.3 Camera Feeds

Camera feeds connected to the Platform may capture images of individuals within your premises. You are the data controller for this data and are responsible for ensuring that appropriate notices, consents, and safeguards are in place for individuals who may be captured by cameras connected to the Platform. We process camera data solely to deliver the monitoring service to you.

The Platform does not provide facial recognition, biometric analysis, or identity detection of any kind.

3.4 AI Classification

When machines are added to the Platform, machine configuration metadata (OPC-UA node names, data types, and structural information) may be sent to Anthropic’s Claude API for automated classification and tagging. This data is machine configuration metadata and does not contain personal data. Anthropic processes this data under their own data processing terms and does not use it for model training.

We may also use Anthropic’s services to provide data analysis features within the Platform. Any such processing will be limited to machine telemetry and operational data and will not include personal data unless you configure it to do so.

4. How We Use Your Data

4.1 Account Data

We use your account data to:

  • Create and manage your account
  • Authenticate your access to the Platform
  • Process subscription payments
  • Send service-critical notifications (e.g. security alerts, billing confirmations)
  • Provide customer support

4.2 Operational Data

We process your operational data solely to:

  • Display real-time machine status and camera feeds within the Platform
  • Generate and deliver alerts based on your configured rules
  • Calculate and display performance metrics
  • Store historical data for trend analysis within the Platform
  • Classify and tag machine configuration data using AI services

5. Legal Basis for Processing

We process personal data on the following legal bases under UK GDPR:

  • Contract performance (Article 6(1)(b)): Account data is processed as necessary to provide you with the service under our Licence Agreement.
  • Legitimate interests (Article 6(1)(f)): We process limited technical data (e.g. IP addresses, session logs) for security monitoring and service integrity.
  • Your instructions (Article 28): Operational data is processed on your behalf as data processor, in accordance with the RoboVigil Data Processing Agreement.

6. Data Storage and Security

6.1 Infrastructure

Your data is stored on dedicated cloud infrastructure hosted by Hetzner Online GmbH in Germany (EU). Machine data is stored in PostgreSQL databases. Real-time data is cached in Redis. Camera streams are relayed through secure Wireguard VPN tunnels and are not recorded or stored by us unless an alert snapshot is generated.

6.2 Security Measures

We implement the following technical and organisational measures:

  • Encryption in transit (TLS/SSL for all connections)
  • Encrypted VPN tunnels (Wireguard) for all machine and camera data
  • Multi-tenant data isolation at the database level
  • Firebase Authentication with support for Apple and Google sign-in
  • Role-based access control within the Platform
  • Automated health monitoring and service recovery
  • Regular database backups
  • Firewall and reverse proxy (Nginx) configuration
  • Log rotation to prevent data accumulation

6.3 System Logs

System logs may include IP addresses, device identifiers, and user activity metadata necessary for security monitoring and troubleshooting. Logs are subject to automatic rotation and are not retained beyond what is necessary for operational purposes.

6.4 Support Access

Authorised support personnel may access customer environments only when necessary for troubleshooting and under confidentiality obligations.

7. Third-Party Processors (Sub-Processors)

We use the following third-party services to deliver the Platform. Each has its own GDPR-compliant data processing terms:

Sub-ProcessorPurposeData Location
Hetzner Online GmbHCloud server hostingGermany (EU)
Google (Firebase)Authentication, push notificationsEU/US (Data Privacy Framework)
Stripe, Inc.Payment processingEU/US (Data Privacy Framework)
Apple Inc.Push notifications (APNs), App Store distributionUS (Data Privacy Framework)
Google LLCPush notifications (FCM), Play Store distributionEU/US (Data Privacy Framework)
Anthropic PBCAI classification of machine configuration data; data analysisUS (Standard Contractual Clauses)

We will notify you of any changes to our sub-processor list by updating this document and, where reasonably practicable, by notice within the Platform. You may object to a new sub-processor in accordance with the RoboVigil Data Processing Agreement.

8. Push Notifications

The Platform uses Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) to deliver real-time alerts to your devices. Push notifications contain only minimal alert metadata (machine name, alert type, timestamp) and do not include camera images or detailed machine data.

9. International Data Transfers

Your machine data and database are stored on servers in Germany (EU). The UK has an adequacy decision with the EU, so transfers between the UK and Germany do not require additional safeguards.

Firebase Authentication and push notification services may process limited data (authentication tokens, device tokens) in the United States. Google and Apple participate in the EU-US and UK-US Data Privacy Frameworks, providing lawful transfer mechanisms. Stripe processes payment data under equivalent frameworks.

Anthropic processes machine configuration metadata in the United States under Standard Contractual Clauses and their data processing terms.

10. Data Retention

  • Account data: Retained for the duration of your subscription plus 90 days after termination, after which it is deleted.
  • Machine telemetry and performance data: Retained for the duration of your subscription. Deleted within 90 days of termination.
  • Machine configuration data: Retained for the duration of your subscription plus 90 days after termination to allow for service restoration.
  • Alert logs and snapshots: Retained for the duration of your subscription. Deleted within 90 days of termination.
  • Camera feeds: Streamed in real time only. Not recorded or stored except for alert snapshots as described above.
  • Payment records: Retained as required by applicable tax and accounting legislation (typically 6 years).
  • System logs: Subject to automatic rotation; not retained beyond operational necessity.

11. Law Enforcement and Legal Disclosure

We may disclose personal data if required to do so by law, regulation, court order, or other governmental request. Where legally permitted, we will notify you of any such request before disclosure.

12. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate data.
  • Right to erasure: Request deletion of your data, subject to legal retention requirements.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at info@hagenautomation.com. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

13. Cookies and Tracking

The RoboVigil Platform uses authentication tokens stored locally on your device to maintain your session. We do not use advertising cookies, analytics tracking, or any third-party tracking technologies within the Platform.

14. Children

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

15. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the Platform or by email. The “Last updated” date at the top of this document indicates the most recent revision.

16. Contact

For any queries regarding this policy or data protection matters:

Hagen Automation Ltd

Email: info@hagenautomation.com

Website: robovigil.com


© 2026 Hagen Automation Ltd. All rights reserved.