Privacy Policy

for the software "TIA Openness Manager" — EU-only backend (Netlify Pro, eu-central-1 Frankfurt)

Version 3.5.3 — Effective 9 May 2026

TIA Portal V15-V21

Windows 10/11

MCP Tools

OPC UA Client

Privacy & Data Processing

1. Data Controller

AnyAutomation

Inh. Brzozowski

Rappenstrasse 9

8307 Effretikon

Switzerland

UID: CHE-341.595.058

Email: support@tiaopenessmanager.ch

Website: https://www.tiaopenessmanager.ch

1.1 Data Processors

To deliver the service the provider engages exclusively EU-based data processors. A Data Processing Agreement (DPA) is in place with each processor:

Netlify, Inc. — hosting of backend functions and blob storage in the EU region eu-central-1 (Frankfurt, Germany). DPA: https://www.netlify.com/pdf/netlify-dpa.pdf
Stripe Payments Europe, Ltd. (registered office Ireland) — processing of payments, subscriptions, and the Stripe Customer Portal. DPA: https://stripe.com/legal/dpa
Sendinblue SAS (Brevo, registered office France) — delivery of transactional emails (account verification, magic-link login, license receipts). DPA: https://www.brevo.com/legal/termsofuse/dpa/

All personal data is processed exclusively within the EU. No data is transferred to third countries (in particular, not to the United States).

2. Data Collected

The software may process the following data:

Local project information (TIA Portal)
User text inputs
Technical context data from engineering environments
Anonymized Hardware IDs for licensing
Log data (actions, timestamps)

None of this data is automatically sent to the provider.

2.1 Account System (Backend)

When you create an account the following data is stored in the EU backend (Netlify Pro, eu-central-1 Frankfurt):

Email address (used for login and license binding)
Password as a bcrypt hash (NEVER in cleartext)
Refresh-token family (for session management; family revocation on reuse detection)
Hardware IDs of the devices activated so far (for license binding)
HWID-switch counter (max. 3 hardware switches per rolling 30 days, for abuse prevention)

Engineering data or TIA Portal project contents are NEVER transmitted to the backend.

3. Transmission to External LLMs

The user decides independently which data is transmitted to an external LLM. Transmissions occur only on explicit user action (sending a chat message or file attachment, OAuth flow against the LLM provider).

The provider has no influence on:

The type, scope, and content of transmitted data
Storage or further processing by the LLM provider
The security of external systems

Principle: all data stays local except on explicitly triggered actions (LLM chat, OAuth login, license validation).

4. Online Licensing & Data Transmission

What is transmitted to the provider?

The software performs online license validation against the account system and transmits the following data:

During account login:

Email address + password (verified in the backend)
Hardware ID (automatically generated)
Login timestamp

On every application start (license refresh):

Session token
Hardware ID
Validation timestamp

Note: The software can be used offline for up to 14 days, after which a fresh online validation is required.

During subscription purchase (via Stripe):

Email address (passed to Stripe)
Selected license model (Pro, Pro+, Volume)
Payment information (processed by Stripe, not stored by us)

On hardware switch:

New Hardware ID + verification confirmation by the account owner
Increments the HWID-switch counter (max. 3 switches per rolling 30 days)

4.2 Where is this data stored?

Netlify (Functions & Blobs): Account data, Hardware IDs, Email, License status — hosted in the EU region eu-central-1 (Frankfurt, Germany)
Stripe: Payment and subscription information — Stripe Payments Europe Ltd. (Ireland, EU)
Brevo (formerly Sendinblue): Email delivery (account verification, magic-link, license receipts) — Sendinblue SAS (France, EU)

All licensing and subscription data is processed exclusively within the EU. No data is transferred to third countries (in particular, not to the United States).

4.3 What is NOT transmitted?

The software does not send:

Engineering data from TIA Portal
Prompts or queries to LLMs
LLM outputs
Project contents
PLC code
User actions or logs

The provider conducts no telemetry, no tracking, and no analysis of engineering data.

5. Storage at User Location

Log files and local data are stored exclusively at the user's location. Log file path: %LocalAppData%\TiaOpennessManager\Logs. These logs remain local — they are never uploaded automatically or in the background to the provider.

The user is responsible for:

Access protection
Data privacy
Internal compliance
Backup & archiving

6. Right to Delete

You can delete your account at any time through the software (Settings → Account → Delete Account) or by sending an email to support@tiaopenessmanager.ch. On deletion the following happens:

Email + bcrypt hash + refresh-token family are immediately removed from the backend
Hardware bindings + licenses are deactivated
The trial email is added to a blacklist to prevent repeated trials

Stripe payment receipts are retained for 10 years for legal reasons (Swiss Code of Obligations Art. 957 et seq.).

Other data-subject rights under the GDPR and Swiss FADP (access, rectification, data portability, objection) can likewise be exercised by emailing support@tiaopenessmanager.ch.

7. Changes

The provider may update this privacy policy if technical changes require it.

Disclaimer:

The provider assumes no liability for data loss or damages arising from the use of external LLMs. The user is solely responsible for compliance with data protection regulations. See EULA and Disclaimer for details.