This Notice describes how Made collects,
uses, and protects personal and operational data in providing
Made OS services. It applies to all Customers
in Chile, Mexico, and the United States.
01Identity of the Data
Controller
| Jurisdiction | Responsible Entity |
|---|
| Chile | Made SpA |
| Mexico | Red Tripartita de Servicios Digitales
S.A.P.I. de C.V. |
| USA & Rest of World | R3D Tech LLC |
Contact: privacy@madeos.ai
02Data Processing Roles
(Controller / Processor)
Customer = Data Controller: Determines
the purposes and means of processing data of its employees
and visitors.
Made = Data Processor: Acts exclusively
on the Customer's instructions, for the purposes described
in this Notice.
03Data Collected
Visual Data: Video and images from
industrial cameras for anomaly detection and quality
control. May incidentally contain images of persons
present in the industrial area.
Telemetry and Sensors: PLC readings,
temperature, vibration, pressure, and other machine
operational parameters.
Administrative Data: Name, role,
email, and phone of the primary contact and platform
administrator.
Usage Data: Access logs, dashboard
actions, and configurations.
Important: Made OS is not designed for
biometric identification. Incidental images of persons
are processed exclusively for the described industrial
purposes and are subject to anonymization within the processing
workflow.
04Purposes of Processing
Primary purposes (necessary for service
delivery):
Real-time detection of quality defects and
microstops on production lines.
Predictive alerts and machine failure diagnosis
based on telemetry.
Workflow automation and AI-assisted SOP
generation.
Security and authentication notifications for
platform access, including identity verification
and risk-activity alerts.
Integration with operational messaging services,
including WhatsApp and equivalent channels
enabled by Customer.
Delivery of critical platform-event notifications,
operational incidents, and escalations requiring
immediate action.
Digital Twin construction and maintenance.
Billing and commercial management.
Secondary purposes (non-conditioning
of service):
Training and improving AI models in strictly
anonymized and aggregated format (see Clause 5).
Sector-level statistical performance analysis
without identifying specific Customers.
05AI Model Training
The Customer grants Made an irrevocable and perpetual license to use telemetry and operational data under the following
strict conditions:
Exclusively in anonymized and aggregated format, with no possibility of re-identification or
disclosure of trade secrets.
Exclusive purpose: training and improving Made's
AI models.
Data will not be shared with third parties for
AI training outside the Made corporate group.
06Data Transfer and
Subprocessing
Made may subcontract processing to trusted cloud
providers subject to equivalent obligations. Made
does not sell or transfer personal data to third
parties for other purposes. International transfers
comply with recognized legal mechanisms in each
jurisdiction.
07Data Retention
Operational data and images are retained during the
contract term and a maximum of 90 additional days for audit and closure. Administrative data is retained
for the minimum period required by applicable tax and
commercial legislation.
08Rights of Data Subjects
Exercisable by contacting privacy@madeos.ai. As Customer is the Controller, Customer is
responsible for addressing and responding to rights
requests. Made, as Processor, will reasonably assist
Customer to comply within applicable legal
timeframes.
Access: Learn what personal data
Made processes.
Rectification: Correct inaccurate
or incomplete data.
Erasure: Request deletion when there
is no legal basis for processing.
Objection: Object to processing for
secondary purposes.
Portability: Receive data in structured
format (where applicable by law).
Restriction: Request restriction
of processing where provided by law.
09Jurisdiction-Specific
Provisions
π²π½ Mexico - LFPDPPP
The Customer assumes the obligation to obtain
express written consent for incidental biometric
data capture, in compliance with the LFPDPPP and
its Regulations.
To exercise ARCO rights, contact privacy@madeos.ai with official ID. Made responds within 20 business
days.
Made maintains security measures consistent with
applicable law and guidance issued by the
competent authority.
π¨π± Chile - Laws No. 19,628 and No. 21,719
The Customer declares that video surveillance is
aligned with the Chilean Labor Directorate's
doctrine for use exclusively in industrial
safety and technical process control.
The Customer warrants having disclosed this in
the company's Internal Regulations and notified
workers per the Labor Code.
Made will adapt its practices to Law No. 21,719
within the statutory deadlines.
πΊπΈ United States - CCPA / CPRA
Do Not Sell: Made does not sell or
share personal information. We operate as a Service
Provider, retaining data only for the business purposes
described.
California residents may exercise their CPRA
rights by contacting privacy@madeos.ai.
Made does not discriminate against data subjects
who exercise their privacy rights.
10Data Security
Made implements encryption in transit (TLS 1.2+) and
at rest, role-based access controls, continuous
monitoring, and incident response plans. In the
event of a breach affecting personal data, Made will
notify the Customer within 72 hours of
detection.
11Customer Obligations as
Data Controller
Having obtained necessary consents from
personnel for industrial video surveillance and,
where applicable, for biometric data processing.
Having installed and maintaining required video
surveillance signage per applicable law.
Indemnifying and holding Made harmless from any
claim arising from breach of these obligations.
12Changes to This Notice
Updates will be published at madeos.ai/legal. For material changes involving new processing
purposes, Made will obtain the Customer's consent in
accordance with applicable law.
13Legal Bases and Made's
Role
13.1 Legal Bases: Made processes
personal data only to (a) perform the contract and
provide the Services, (b) comply with legal obligations,
and (c) secondary purposes only where permitted by
applicable law and, where required, with Customer
or data-subject consent.
13.2 Made as Processor: Made acts
as a Processor under Customer's documented instructions.
Customer is the Controller for data of its employees,
contractors, and visitors.
14International Transfers
and Safeguards
14.1 Transfers: Data may be transferred
to and processed in countries other than Customer's,
consistent with service operation and cloud providers.
14.2 Mechanisms: Where required by
law, Made will implement recognized safeguards for
international transfers, such as standard contractual
clauses or other valid instruments under the applicable
jurisdiction.
15Retention, Deletion and
Return
15.1 Retention: The retention periods
in Clause 07 apply unless law requires longer retention
or Customer requests earlier deletion where permissible.
15.2 Deletion and Return: Upon Customer
request and subject to reasonable legal and technical
limitations, Made will delete or return personal data
processed as Processor upon contract end, pursuant
to the DPA.
16CCPA/CPRA Transparency and
No Sale
16.1 No Sale or Sharing: Made does
not sell personal information or share it for cross-context
behavioral advertising.
16.2 California Rights: California
residents may request access, deletion, correction,
and limitation of use of sensitive personal information
where applicable via privacy@madeos.ai. Made may require
reasonable verification and will accommodate authorized
agents as required by law.
16.3 Categories and Purposes: Made
processes the categories described in Clause 03 for
the purposes described in Clause 04 and retains data
per Clause 07.
