Data Handling & Privacy

MachineMetrics is designed with data security and privacy at every layer — from the Edge device on your shop floor to our cloud infrastructure. This document covers how your data is collected, transmitted, stored, and protected.

Data Ownership

You own your data. MachineMetrics acts as a data processor on your behalf:

Full data export capabilities available
No sale or sharing of customer data with third parties
Data Processing Agreements (DPA) available upon request
Right to deletion upon contract termination

Edge Device Security

The MachineMetrics Edge device is a hardened, purpose-built data collection appliance with security designed in from the ground up.

Security by Default

Feature	Description
Encryption	All data encrypted in transit (TLS) — no plaintext
No Open Ports	No incoming network ports exposed
No OS Access	No terminal login capability
Service Isolation	Each service runs in isolated Docker containers
Hardware Keys	Unique private key per device

Network Security

The Edge device architecture provides multiple layers of network protection:

Outbound-only communication: Edge initiates all connections; no inbound firewall rules required
Network isolation: Separate interfaces for machine network and internet
No attack surface: Device does not run any network services
VPN for maintenance: Secure tunnel for remote diagnostics (limited access, MFA required)

Device Hardening

External boot options disabled in BIOS
No user accounts or interactive logins
Minimal Linux operating system
Automatic OTA firmware updates for security patches
Configuration stored in cloud (easy device replacement)

Data Policy

No sensitive data stored locally — data is transmitted, not retained
No PII stored on Edge devices
Configuration backed up to cloud
Device API keys can be revoked remotely if compromised

Data Transmission

Edge to Cloud

All communication from Edge devices to MachineMetrics cloud:

Uses HTTPS (port 443) exclusively
Encrypted via TLS 1.2+
Authenticated with unique device API keys
Transmitted over outbound connections only

Data Buffering & Backfill

MachineMetrics is designed to handle connectivity interruptions:

During Internet Outage (Edge still powered):

Machine data continues to be collected
Data buffered locally on the Edge device
Automatic backfill when connectivity restores
Minimal or no data gaps in most cases

During Power Loss or Local Network Issues:

Data cannot be captured while machines are disconnected from Edge
Data from disconnection period is not recoverable
Normal operation resumes automatically when connectivity restores

Key Principle: MachineMetrics can only backfill data that was successfully captured by the Edge device. Extended outages may result in permanent data gaps.

Cloud Data Storage

Infrastructure

Hosted on Amazon Web Services (AWS)
Multi-region deployment with automatic failover
Data encrypted at rest using AES-256
Regular automated backups

Data Retention

Production data retained according to your contract terms
Historical data available for analysis and reporting
Data export available at any time
Secure deletion upon contract termination

Access Controls

Role-based access to all data
Audit logging of data access
API access controlled by scoped tokens
No MachineMetrics employee access without explicit authorization

Max AI Security

MachineMetrics AI capabilities (Max AI) are built with privacy and security at the forefront.

Architecture

All AI runs on AWS Bedrock within our private AWS tenant
Customer data never leaves our infrastructure
No third-party LLM provider has access to your data
Agentic architecture hosted in our Virtual Private Cloud (VPC)

Privacy Guarantees

Guarantee	Description
Data Isolation	Customer prompts and telemetry remain isolated
No Training	Customer data is never used to train AI models
Audit Logging	All AI interactions logged per security policies
Compliance	Aligned with GDPR and CMMC requirements

How AI Data Flows

┌─────────────────┐     ┌──────────────────┐     ┌────────────────────┐
│  Your Data      │────▶│  MachineMetrics  │────▶│  AWS Bedrock       │
│  (in our VPC)   │     │  AI Agents       │     │  (in our VPC)      │
└─────────────────┘     └──────────────────┘     └────────────────────┘
                              │
                              ▼
                        Results returned
                        (data stays in VPC)

Sub-Processors

MachineMetrics uses the following sub-processors. Customer data handling is limited to stated purposes.

Sub-processor	Purpose	Country
Amazon Web Services	Hosting	USA
Zendesk	Customer Support	USA
Intercom	Customer Support	USA
HubSpot	Customer Support, Payment Processing	USA
Pendo	Analytics	USA
Bugsnag	Error Monitoring	USA
Atlassian	Incident Resolution	USA
Twilio	Customer Communication	USA
Slack	Customer Support	USA
Google*	Communication, Analytics	USA
Anthropic*	Internal Workflows	USA
OpenAI*	Internal Workflows	USA

*MachineMetrics data is never used for training AI models

For the complete and current list, contact support@machinemetrics.com.

Data Processing Agreement

Enterprise customers can request a Data Processing Agreement (DPA) that covers:

Data processing terms and obligations
Sub-processor disclosure and notification
Security measures and audit rights
Data breach notification procedures
Data deletion and return provisions

Contact your Solution Delivery Manager (SDM) or support@machinemetrics.com to request a DPA.

Frequently Asked Questions

Will I lose data if I lose internet connectivity?

Short-term outages: No. The Edge device buffers data locally and backfills when connectivity restores.

Extended outages or power loss: Data generated while machines cannot communicate with the Edge device is not recoverable.

Does MachineMetrics access my data?

MachineMetrics employees only access customer data:

For troubleshooting at customer request
With explicit authorization
All access is logged

Is my data used to train AI models?

No. Customer data is never used to train or fine-tune any AI models. All AI inference happens within our private cloud using your data in isolation.

Where is my data stored?

Standard customers: AWS US regions
GovCloud customers: AWS GovCloud (US-only data residency)

How long is my data retained?

Data retention periods are defined in your contract. Data can be exported at any time. Upon contract termination, data is securely deleted per your request.

Security Overview — Certifications, compliance, authentication
Network Requirements — Firewall rules, ports, bandwidth

Data Ownership​

Edge Device Security​

Security by Default​

Network Security​

Device Hardening​

Data Policy​

Data Transmission​

Edge to Cloud​

Data Buffering & Backfill​

Cloud Data Storage​

Infrastructure​

Data Retention​

Access Controls​

Max AI Security​

Architecture​

Privacy Guarantees​

How AI Data Flows​

Sub-Processors​

Data Processing Agreement​

Frequently Asked Questions​

Will I lose data if I lose internet connectivity?​

Does MachineMetrics access my data?​

Is my data used to train AI models?​

Where is my data stored?​

How long is my data retained?​

Related Articles​