Security & Privacy

Industrial product data is sensitive. Here is exactly how we handle it — and how we have designed AAS Studio so that most of your data never reaches our servers at all.

How we protect your data

Browser-local by default
The AAS editor runs entirely in your browser. Your product data, schemas, and files are never transmitted to our servers. Only the AI extraction feature sends data — and only the PDF text, never the output.
SHA-256 cryptographic anchoring
Every AI-extracted AAS file is anchored to a SHA-256 hash of the source PDF. The hash is embedded in the AAS metadata, creating a tamper-evident audit trail for regulatory liability.
Human-in-the-loop certification
AI extraction requires an engineer to review and approve field values before import. Engineer initials and a timestamp are embedded in the AAS description — creating a documented review record.
Cloud models on isolated Neon Postgres
When you save models to the cloud, they are stored in a dedicated Neon Postgres database with row-level isolation — you can only access your own models, or your organization's models.
Automatic versioning
Every model save creates a snapshot. You can restore any previous version at any time. We retain version history for the lifetime of your subscription.
Authentication via Clerk
We use Clerk for all authentication. We do not store passwords. Sign-in supports Google, Microsoft, and email OTP. SSO SAML is available on Enterprise plans.

Sub-processors

AAS Studio uses the following sub-processors. All data transfers comply with GDPR Chapter V (Standard Contractual Clauses).

Neon
Postgres database (cloud models, usage)
EU (Frankfurt)
Clerk
Authentication & user management
EU residency available
Anthropic / OpenAI
AI extraction (PDF text only, no product data output)
USA — SCCs in place
Vercel
Application hosting & CDN
Global — EU region on Enterprise

Frequently asked questions

Does AAS Studio send my product data to any third party?
No. The editor runs locally in your browser — product data never leaves your device unless you explicitly use AI extraction or save to cloud. Even for AI extraction, only the extracted PDF text is sent to the LLM provider (Anthropic or OpenAI depending on your key). The output AAS file is generated in your browser.
What data is stored on your servers?
If you use the cloud library: your AAS file content, the model name, and metadata. If you use AI extraction: a usage count record (no file content). Your Clerk profile (email, name) is stored for authentication. We do not log request bodies.
What is your uptime SLA?
Individual and Team plans: 99.5% monthly uptime SLA for API routes. Enterprise plans: 99.9% with a dedicated incident response SLA of 4 hours. The client-side editor is always available regardless of our servers — it runs in your browser.
Do you have a data processing agreement (DPA)?
Yes. Enterprise customers receive a DPA on request. For GDPR compliance, AAS Studio processes data under EU Standard Contractual Clauses with all sub-processors including Neon (Postgres), Clerk (auth), and Anthropic (AI).
Can I self-host AAS Studio?
The editor component is open-source under MIT license. Enterprise customers can receive a private deployment package including the full Next.js application. Contact us for details.
Enterprise security requirements?

We offer custom DPA, dedicated EU region deployment, SSO SAML, audit log export, and penetration test reports for Enterprise customers.

Contact security team

Command palette

Navigate + run actions