Privacy Policy

Privacy Policy

Last Updated: Jan 12, 2026
Last Updated: Jan 12, 2026

This Privacy Policy (“Policy”) explains how Tier0 ( “Tier0,” “we,” “our,” or “us”) collects, stores, uses, and discloses information about you when you use our websites and our Industrial IoT software-as-a-service offerings. These offerings include the Tier0 Cloud Platform, UNS Manager, Connectivity Services, Node-RED Instances, Data Notebooks, and AI App Generator (collectively, the “Service”).

This Policy incorporates our Terms of Service and any applicable Data Processing Agreement (DPA) .

  1. Scope: Crucial Distinction (The "Controller" vs. "Processor" Role)

    To ensure clarity and legal compliance, particularly for our B2B customers, we distinguish between two categories of data:

    • A. Information We Collect About You (Tier0 as Controller)

      This refers to data we collect to provide the Service, such as your account registration, billing details, and platform usage logs. This Policy applies to this information.

    • B. Customer Content (Tier0 as Processor)

      This refers to the industrial data, MQTT payloads, Node-RED flows, Python scripts, databases, and AI prompts that you upload, stream, generate, or store in the Service.Technical Information: IP address, browser type, device information, operating system, and usage data.

      • Tier0 processes Customer Content solely on your behalf. You (the Customer) are the Data Controller, and Tier0 is the Data Processor.

      • You are responsible for the collection, legality, accuracy, and privacy of the data within your Customer Content.

      • Privacy of Your End Users: If your Customer Content contains personal data of your employees or end-users (e.g., worker IDs in an MQTT payload), you are responsible for providing relevant privacy notices to them. Tier0 does not have a direct relationship with your end-users.


  2. Information We Collect

    We collect information in three ways: information you provide, information we collect automatically, and information from third parties.

    • Information You Provide

      • Account Registration: Name, business email, company name, and authentication credentials (hashed passwords or SSO tokens).

      • Billing Information: We use Stripe as our payment processor. Tier0 does not store full credit card numbers.

      • Industrial Context: When using our AI App Generator, you may provide prompts describing your factory processes (e.g., "Create an OEE dashboard for Line A").

    • Information We Automatically Collect (Usage Data)

      When you use the Service, we automatically collect telemetry to ensure system stability, security, and accurate billing. This data is generally aggregated:

      • Connectivity Metrics: Active MQTT connection counts, message throughput rates (MB/s), protocol versions, and error rates.

      • Compute Usage: CPU/Memory consumption of your Node-RED instances and Notebook kernels.

      • Log Data: IP addresses, browser types, device identifiers, page views, and timestamps of API requests for debugging and security auditing.

      • We and our partners use cookies and similar tracking technologies to track the activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

    • Information from Third Parties

      We may receive information from partners such as AWS Marketplace if you subscribe to Tier0 through those channels.


  3. How We Use Your Information

    We use the collected information for the following business purposes:

    • Service Operation: To provision your Unified Namespace (UNS), manage MQTT brokers, and spin up compute resources.

    • Billing & Metering: To calculate usage fees based on your active connection count, data throughput, and storage tier.

    • Security & Integrity: To detect "noisy neighbor" issues, prevent DDoS attacks via MQTT, and monitor for unauthorized access attempts.

    • AI Model Improvement (Limited): We may analyze anonymized prompts to improve the accuracy of our AI models. We do not use your proprietary Customer Content (e.g., private UNS structures, raw Machine Data, or database records) to train general-purpose public AI models without your explicit consent.

    • Service Communications: We may send you non-promotional, service-related messages such as security alerts, billing receipts, system notices, and critical product updates.

    • Marketing Communication: We may send newsletters, event invitations, and promotional updates. In jurisdictions that require opt-in consent, we will send marketing only if you have opted in. You can opt out at any time via the unsubscribe link in our emails or in your account settings.


  4. Data Architecture & Sub-Processors

    Tier0 is built on best-in-class cloud infrastructure to ensure industrial-grade reliability. We utilize the following key Sub-Processors:

    • Amazon Web Services (AWS): Our primary infrastructure provider.

      • Hot Data (Real-time): Active UNS configurations, Node-RED flows, and operational databases (PostgreSQL) are hosted on AWS EC2 instances with High Availability (HA).

      • Cold Data (Historical): Historical telemetry, Notebook archives, and backups are stored in AWS S3 (and related table formats) for cost-effective, long-term durability.

    • AI Providers: We transmit your natural language prompts (but not your underlying database) to providers like OpenAI, Google Gemini, or Anthropic via our AI Gateway to generate MES applications and logic flows. These transmissions occur on a pass-through basis.

    • Stripe: For secure payment processing.

    All sub-processors are bound by Data Processing Agreements (DPAs) ensuring compliance with applicable laws.


  5. Security & Isolation

    We employ industry-standard technical and organizational measures to protect your data:

    • Encryption: TLS 1.2/1.3 for all data in transit (including MQTT and HTTP traffic) and AES-256 for data at rest.

    • Tenant Isolation: We implement strict Access Control Lists (ACLs) on the MQTT Broker layer to ensure one tenant cannot subscribe to another tenant's topics.

    • Authentication: You are responsible for maintaining the security of your account credentials and the Client IDs / Secrets for your edge devices.


  6. Industrial AI & Safety Disclaimer (Crucial)

    No Industrial Safety Advice: Our Services provide AI-assisted tools that can generate code, Node-RED flows, and MES control logic. However, AI models are probabilistic and can hallucinate or produce errors. Tier0’s AI outputs are not a substitute for professional industrial engineering judgment.

    • Your Responsibility: You remain solely responsible for reviewing, testing, and validating all AI-generated code, configurations, or logic before deploying them to production equipment or Operational Technology (OT) environments.

    • Liability: Tier0 is not liable for any physical damage, safety incidents, production downtime, or data loss resulting from reliance on AI-generated outputs.


  7. International Data Transfers

    Tier0 operates globally. Your personal information and Customer Content may be transferred to, and processed in, countries other than the country in which you reside (primarily the United States, hosted on AWS regions).

    • For Singapore Users: We comply with the Personal Data Protection Act (PDPA) regarding the transfer of personal data outside of Singapore.

    • For EEA/UK Users: We rely on lawful transfer mechanisms, such as Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (where applicable).


  8. Your Rights & Choices

    Depending on your location (e.g., Singapore, China, EEA, UK), you may have specific rights regarding your personal information, including:

    • Access & Correction: The right to access, correct, or update your account information.

    • Deletion: The right to request deletion of your personal information.

    • Opt-Out: The right to opt-out of marketing communications or specific AI data usage programs (via unsubscribe link or account settings).

    Managing Customer Content: Since Tier0 is the Processor for Customer Content, if you or your end-users wish to exercise rights regarding data inside your Customer Content (e.g., deleting specific MQTT message history), you must use the platform's deletion tools directly.


  9. Data Retention
    • Account Data: Retained as long as your account is active.

    • Hot Data: Retained in active databases as long as needed for service operation.

    • Cold Data (S3): Retained according to your configured retention policy or subscription plan.

    • Deletion: Upon account termination, we will delete your Customer Content within 30 days, subject to our backup cycles.


  10. Contact Us

    If you have any questions about this Policy, Tier0's data practices, or wish to exercise your privacy rights, please contact us at:

    • Email: privacypolicy@tier0.dev

    • Address: 1 Fusionpolis Link #03-03/03-04, Nexus at One-North, Singapore 138542

This Privacy Policy (“Policy”) explains how Tier0 ( “Tier0,” “we,” “our,” or “us”) collects, stores, uses, and discloses information about you when you use our websites and our Industrial IoT software-as-a-service offerings. These offerings include the Tier0 Cloud Platform, UNS Manager, Connectivity Services, Node-RED Instances, Data Notebooks, and AI App Generator (collectively, the “Service”).

This Policy incorporates our Terms of Service and any applicable Data Processing Agreement (DPA) .

  1. Scope: Crucial Distinction (The "Controller" vs. "Processor" Role)

    To ensure clarity and legal compliance, particularly for our B2B customers, we distinguish between two categories of data:

    • A. Information We Collect About You (Tier0 as Controller)

      This refers to data we collect to provide the Service, such as your account registration, billing details, and platform usage logs. This Policy applies to this information.

    • B. Customer Content (Tier0 as Processor)

      This refers to the industrial data, MQTT payloads, Node-RED flows, Python scripts, databases, and AI prompts that you upload, stream, generate, or store in the Service.Technical Information: IP address, browser type, device information, operating system, and usage data.

      • Tier0 processes Customer Content solely on your behalf. You (the Customer) are the Data Controller, and Tier0 is the Data Processor.

      • You are responsible for the collection, legality, accuracy, and privacy of the data within your Customer Content.

      • Privacy of Your End Users: If your Customer Content contains personal data of your employees or end-users (e.g., worker IDs in an MQTT payload), you are responsible for providing relevant privacy notices to them. Tier0 does not have a direct relationship with your end-users.


  2. Information We Collect

    We collect information in three ways: information you provide, information we collect automatically, and information from third parties.

    • Information You Provide

      • Account Registration: Name, business email, company name, and authentication credentials (hashed passwords or SSO tokens).

      • Billing Information: We use Stripe as our payment processor. Tier0 does not store full credit card numbers.

      • Industrial Context: When using our AI App Generator, you may provide prompts describing your factory processes (e.g., "Create an OEE dashboard for Line A").

    • Information We Automatically Collect (Usage Data)

      When you use the Service, we automatically collect telemetry to ensure system stability, security, and accurate billing. This data is generally aggregated:

      • Connectivity Metrics: Active MQTT connection counts, message throughput rates (MB/s), protocol versions, and error rates.

      • Compute Usage: CPU/Memory consumption of your Node-RED instances and Notebook kernels.

      • Log Data: IP addresses, browser types, device identifiers, page views, and timestamps of API requests for debugging and security auditing.

      • We and our partners use cookies and similar tracking technologies to track the activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

    • Information from Third Parties

      We may receive information from partners such as AWS Marketplace if you subscribe to Tier0 through those channels.


  3. How We Use Your Information

    We use the collected information for the following business purposes:

    • Service Operation: To provision your Unified Namespace (UNS), manage MQTT brokers, and spin up compute resources.

    • Billing & Metering: To calculate usage fees based on your active connection count, data throughput, and storage tier.

    • Security & Integrity: To detect "noisy neighbor" issues, prevent DDoS attacks via MQTT, and monitor for unauthorized access attempts.

    • AI Model Improvement (Limited): We may analyze anonymized prompts to improve the accuracy of our AI models. We do not use your proprietary Customer Content (e.g., private UNS structures, raw Machine Data, or database records) to train general-purpose public AI models without your explicit consent.

    • Service Communications: We may send you non-promotional, service-related messages such as security alerts, billing receipts, system notices, and critical product updates.

    • Marketing Communication: We may send newsletters, event invitations, and promotional updates. In jurisdictions that require opt-in consent, we will send marketing only if you have opted in. You can opt out at any time via the unsubscribe link in our emails or in your account settings.


  4. Data Architecture & Sub-Processors

    Tier0 is built on best-in-class cloud infrastructure to ensure industrial-grade reliability. We utilize the following key Sub-Processors:

    • Amazon Web Services (AWS): Our primary infrastructure provider.

      • Hot Data (Real-time): Active UNS configurations, Node-RED flows, and operational databases (PostgreSQL) are hosted on AWS EC2 instances with High Availability (HA).

      • Cold Data (Historical): Historical telemetry, Notebook archives, and backups are stored in AWS S3 (and related table formats) for cost-effective, long-term durability.

    • AI Providers: We transmit your natural language prompts (but not your underlying database) to providers like OpenAI, Google Gemini, or Anthropic via our AI Gateway to generate MES applications and logic flows. These transmissions occur on a pass-through basis.

    • Stripe: For secure payment processing.

    All sub-processors are bound by Data Processing Agreements (DPAs) ensuring compliance with applicable laws.


  5. Security & Isolation

    We employ industry-standard technical and organizational measures to protect your data:

    • Encryption: TLS 1.2/1.3 for all data in transit (including MQTT and HTTP traffic) and AES-256 for data at rest.

    • Tenant Isolation: We implement strict Access Control Lists (ACLs) on the MQTT Broker layer to ensure one tenant cannot subscribe to another tenant's topics.

    • Authentication: You are responsible for maintaining the security of your account credentials and the Client IDs / Secrets for your edge devices.


  6. Industrial AI & Safety Disclaimer (Crucial)

    No Industrial Safety Advice: Our Services provide AI-assisted tools that can generate code, Node-RED flows, and MES control logic. However, AI models are probabilistic and can hallucinate or produce errors. Tier0’s AI outputs are not a substitute for professional industrial engineering judgment.

    • Your Responsibility: You remain solely responsible for reviewing, testing, and validating all AI-generated code, configurations, or logic before deploying them to production equipment or Operational Technology (OT) environments.

    • Liability: Tier0 is not liable for any physical damage, safety incidents, production downtime, or data loss resulting from reliance on AI-generated outputs.


  7. International Data Transfers

    Tier0 operates globally. Your personal information and Customer Content may be transferred to, and processed in, countries other than the country in which you reside (primarily the United States, hosted on AWS regions).

    • For Singapore Users: We comply with the Personal Data Protection Act (PDPA) regarding the transfer of personal data outside of Singapore.

    • For EEA/UK Users: We rely on lawful transfer mechanisms, such as Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (where applicable).


  8. Your Rights & Choices

    Depending on your location (e.g., Singapore, China, EEA, UK), you may have specific rights regarding your personal information, including:

    • Access & Correction: The right to access, correct, or update your account information.

    • Deletion: The right to request deletion of your personal information.

    • Opt-Out: The right to opt-out of marketing communications or specific AI data usage programs (via unsubscribe link or account settings).

    Managing Customer Content: Since Tier0 is the Processor for Customer Content, if you or your end-users wish to exercise rights regarding data inside your Customer Content (e.g., deleting specific MQTT message history), you must use the platform's deletion tools directly.


  9. Data Retention
    • Account Data: Retained as long as your account is active.

    • Hot Data: Retained in active databases as long as needed for service operation.

    • Cold Data (S3): Retained according to your configured retention policy or subscription plan.

    • Deletion: Upon account termination, we will delete your Customer Content within 30 days, subject to our backup cycles.


  10. Contact Us

    If you have any questions about this Policy, Tier0's data practices, or wish to exercise your privacy rights, please contact us at:

    • Email: privacypolicy@tier0.dev

    • Address: 1 Fusionpolis Link #03-03/03-04, Nexus at One-North, Singapore 138542

This Privacy Policy (“Policy”) explains how Tier0 ( “Tier0,” “we,” “our,” or “us”) collects, stores, uses, and discloses information about you when you use our websites and our Industrial IoT software-as-a-service offerings. These offerings include the Tier0 Cloud Platform, UNS Manager, Connectivity Services, Node-RED Instances, Data Notebooks, and AI App Generator (collectively, the “Service”).

This Policy incorporates our Terms of Service and any applicable Data Processing Agreement (DPA) .

  1. Scope: Crucial Distinction (The "Controller" vs. "Processor" Role)

    To ensure clarity and legal compliance, particularly for our B2B customers, we distinguish between two categories of data:

    • A. Information We Collect About You (Tier0 as Controller)

      This refers to data we collect to provide the Service, such as your account registration, billing details, and platform usage logs. This Policy applies to this information.

    • B. Customer Content (Tier0 as Processor)

      This refers to the industrial data, MQTT payloads, Node-RED flows, Python scripts, databases, and AI prompts that you upload, stream, generate, or store in the Service.Technical Information: IP address, browser type, device information, operating system, and usage data.

      • Tier0 processes Customer Content solely on your behalf. You (the Customer) are the Data Controller, and Tier0 is the Data Processor.

      • You are responsible for the collection, legality, accuracy, and privacy of the data within your Customer Content.

      • Privacy of Your End Users: If your Customer Content contains personal data of your employees or end-users (e.g., worker IDs in an MQTT payload), you are responsible for providing relevant privacy notices to them. Tier0 does not have a direct relationship with your end-users.


  2. Information We Collect

    We collect information in three ways: information you provide, information we collect automatically, and information from third parties.

    • Information You Provide

      • Account Registration: Name, business email, company name, and authentication credentials (hashed passwords or SSO tokens).

      • Billing Information: We use Stripe as our payment processor. Tier0 does not store full credit card numbers.

      • Industrial Context: When using our AI App Generator, you may provide prompts describing your factory processes (e.g., "Create an OEE dashboard for Line A").

    • Information We Automatically Collect (Usage Data)

      When you use the Service, we automatically collect telemetry to ensure system stability, security, and accurate billing. This data is generally aggregated:

      • Connectivity Metrics: Active MQTT connection counts, message throughput rates (MB/s), protocol versions, and error rates.

      • Compute Usage: CPU/Memory consumption of your Node-RED instances and Notebook kernels.

      • Log Data: IP addresses, browser types, device identifiers, page views, and timestamps of API requests for debugging and security auditing.

      • We and our partners use cookies and similar tracking technologies to track the activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

    • Information from Third Parties

      We may receive information from partners such as AWS Marketplace if you subscribe to Tier0 through those channels.


  3. How We Use Your Information

    We use the collected information for the following business purposes:

    • Service Operation: To provision your Unified Namespace (UNS), manage MQTT brokers, and spin up compute resources.

    • Billing & Metering: To calculate usage fees based on your active connection count, data throughput, and storage tier.

    • Security & Integrity: To detect "noisy neighbor" issues, prevent DDoS attacks via MQTT, and monitor for unauthorized access attempts.

    • AI Model Improvement (Limited): We may analyze anonymized prompts to improve the accuracy of our AI models. We do not use your proprietary Customer Content (e.g., private UNS structures, raw Machine Data, or database records) to train general-purpose public AI models without your explicit consent.

    • Service Communications: We may send you non-promotional, service-related messages such as security alerts, billing receipts, system notices, and critical product updates.

    • Marketing Communication: We may send newsletters, event invitations, and promotional updates. In jurisdictions that require opt-in consent, we will send marketing only if you have opted in. You can opt out at any time via the unsubscribe link in our emails or in your account settings.


  4. Data Architecture & Sub-Processors

    Tier0 is built on best-in-class cloud infrastructure to ensure industrial-grade reliability. We utilize the following key Sub-Processors:

    • Amazon Web Services (AWS): Our primary infrastructure provider.

      • Hot Data (Real-time): Active UNS configurations, Node-RED flows, and operational databases (PostgreSQL) are hosted on AWS EC2 instances with High Availability (HA).

      • Cold Data (Historical): Historical telemetry, Notebook archives, and backups are stored in AWS S3 (and related table formats) for cost-effective, long-term durability.

    • AI Providers: We transmit your natural language prompts (but not your underlying database) to providers like OpenAI, Google Gemini, or Anthropic via our AI Gateway to generate MES applications and logic flows. These transmissions occur on a pass-through basis.

    • Stripe: For secure payment processing.

    All sub-processors are bound by Data Processing Agreements (DPAs) ensuring compliance with applicable laws.


  5. Security & Isolation

    We employ industry-standard technical and organizational measures to protect your data:

    • Encryption: TLS 1.2/1.3 for all data in transit (including MQTT and HTTP traffic) and AES-256 for data at rest.

    • Tenant Isolation: We implement strict Access Control Lists (ACLs) on the MQTT Broker layer to ensure one tenant cannot subscribe to another tenant's topics.

    • Authentication: You are responsible for maintaining the security of your account credentials and the Client IDs / Secrets for your edge devices.


  6. Industrial AI & Safety Disclaimer (Crucial)

    No Industrial Safety Advice: Our Services provide AI-assisted tools that can generate code, Node-RED flows, and MES control logic. However, AI models are probabilistic and can hallucinate or produce errors. Tier0’s AI outputs are not a substitute for professional industrial engineering judgment.

    • Your Responsibility: You remain solely responsible for reviewing, testing, and validating all AI-generated code, configurations, or logic before deploying them to production equipment or Operational Technology (OT) environments.

    • Liability: Tier0 is not liable for any physical damage, safety incidents, production downtime, or data loss resulting from reliance on AI-generated outputs.


  7. International Data Transfers

    Tier0 operates globally. Your personal information and Customer Content may be transferred to, and processed in, countries other than the country in which you reside (primarily the United States, hosted on AWS regions).

    • For Singapore Users: We comply with the Personal Data Protection Act (PDPA) regarding the transfer of personal data outside of Singapore.

    • For EEA/UK Users: We rely on lawful transfer mechanisms, such as Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (where applicable).


  8. Your Rights & Choices

    Depending on your location (e.g., Singapore, China, EEA, UK), you may have specific rights regarding your personal information, including:

    • Access & Correction: The right to access, correct, or update your account information.

    • Deletion: The right to request deletion of your personal information.

    • Opt-Out: The right to opt-out of marketing communications or specific AI data usage programs (via unsubscribe link or account settings).

    Managing Customer Content: Since Tier0 is the Processor for Customer Content, if you or your end-users wish to exercise rights regarding data inside your Customer Content (e.g., deleting specific MQTT message history), you must use the platform's deletion tools directly.


  9. Data Retention
    • Account Data: Retained as long as your account is active.

    • Hot Data: Retained in active databases as long as needed for service operation.

    • Cold Data (S3): Retained according to your configured retention policy or subscription plan.

    • Deletion: Upon account termination, we will delete your Customer Content within 30 days, subject to our backup cycles.


  10. Contact Us

    If you have any questions about this Policy, Tier0's data practices, or wish to exercise your privacy rights, please contact us at:

    • Email: privacypolicy@tier0.dev

    • Address: 1 Fusionpolis Link #03-03/03-04, Nexus at One-North, Singapore 138542