Privacy Policy
Effective April 7, 2026
1. Overview — What We Collect and Why
EXITON is built on a core principle: your engineering data stays on your machine. We collect the minimum data necessary to operate the service, as detailed below.
| Data Category | What | Purpose | Stored Where |
|---|---|---|---|
| Your engineering files | Schematics, BOMs, FMEAs, reports | Analysis & report generation | Your device only — never transmitted |
| License key | Lemon Squeezy license key string | Activate paid features | Your device + Lemon Squeezy API (validation only) |
| License validation request | License key, machine fingerprint (hashed) | Verify subscription status | Sent to Lemon Squeezy API via HTTPS |
| Trial start date | First-launch timestamp | Calculate 30-day trial period | Your device only (~/.exiton/config.json) |
| Web server logs | IP address, timestamp, page requested | Website operation & error diagnosis | Our server (Sakura VPS, Japan) |
| Payment information | Name, email, card details | Process subscription payments | Lemon Squeezy only — EXITON never receives card data |
2. Desktop Applications (EXITON FMEA & Q-gate)
Your engineering data never leaves your computer. All schematic parsing, BOM analysis, FMEA generation, and quality checks run 100% locally.
The only outbound network request the desktop apps make is license validation: when you enter a license key or when the app periodically re-validates (approximately once per day when online), it sends your license key and a hashed machine identifier to the Lemon Squeezy API over HTTPS. No engineering data, file names, or usage telemetry is included in this request.
If you are offline, the app uses cached license status and continues to function. After 30 days offline, paid features revert to Free tier until the next successful validation.
3. BlockSketch (Browser-Based)
EXITON BlockSketch runs in your web browser. When you use the LLM integration, API calls go directly from your browser to your chosen LLM provider (e.g., OpenAI, Anthropic). EXITON does not proxy, log, monitor, or store these API calls. Your LLM provider's privacy terms apply to those calls. All diagram data remains in your browser until you export it.
4. Website (fmea.exiton.net)
Our website uses standard web server logs for operational and error-diagnosis purposes. Logs are stored on our server in Japan (Sakura VPS) and are not associated with user accounts or identities. We do not:
- Use analytics services (Google Analytics, Mixpanel, etc.)
- Install tracking cookies or pixels
- Serve third-party advertisements
- Profile or segment visitors
5. Payment Data
Subscription payments are processed entirely by Lemon Squeezy (Lemon Squeezy, LLC), our merchant of record. EXITON does not receive, store, or have access to your credit card number, billing address, or payment history. Your email address is shared with EXITON solely for license key delivery and subscription-related communication. Lemon Squeezy's privacy policy governs payment data handling.
6. Third-Party Services
We share data with third parties only as described below, and only to the extent necessary to operate the service:
- Lemon Squeezy — Payment processing, license key generation and validation. Receives: email, payment details, license key, machine fingerprint hash.
- LLM providers (BlockSketch only) — API calls you initiate. Receives: your text prompt. EXITON does not proxy or log these calls.
We do not sell, rent, lease, or otherwise share user information with any other third party.
7. Data Retention and Deletion
Data you create locally remains entirely under your control — when you delete it, it is gone. For data we hold:
- Web server logs: Retained for up to 90 days, then automatically rotated.
- Email address (from Lemon Squeezy): Retained while your subscription is active. Deleted within 30 days of cancellation upon request.
- License key records: Managed by Lemon Squeezy per their retention policy.
To request deletion of any information we hold, contact megumi@exiton.net. We will comply within 30 days.
8. Children's Privacy
EXITON products are designed for professional engineers. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
9. Governing Law
This privacy policy is governed by the laws of Japan, including the Act on the Protection of Personal Information (個人情報の保護に関する法律). For users in the EU/EEA, we process personal data on the basis of contractual necessity (license validation) and legitimate interest (server logs for security). You have the right to access, correct, or delete your personal data by contacting us.
10. Policy Changes
We may update this privacy policy from time to time. Changes will be posted here with a new effective date. Material changes (such as new data collection) will be communicated via the application or our website. Continued use of EXITON after changes constitutes acceptance.
11. Contact
Questions about our privacy practices?
Data Controller: Nakamura Megumi (個人事業)
Email: megumi@exiton.net