AI & Data Policy
AI & Data Policy
Governing the responsible use of Artificial Intelligence, OCR, and Generative AI across Cableteque products.
Version 1.0 · Effective Date: 2026 · cableteque.com/legal/ai-policy
1. Purpose
Cableteque Corp uses Optical Character Recognition (OCR) and Generative AI, including Large Language Models, within its Licensed Software to reduce manual data entry and enhance the user experience. These technologies extract Bills of Materials and technical data from engineering drawings and generate intelligent recommendations within the platform.
This policy describes how AI technologies process data, what protections apply to your data, and Cableteque's commitments regarding the responsible use of AI.
This policy operates in conjunction with the Cableteque End User License Agreement (EULA), Privacy Policy, and the Mutual Non-Disclosure Agreement (MNDA). In the event of any conflict, the EULA and MNDA shall control.
2. AI Features
Generative AI - Opt-In Required
All Generative AI features are disabled by default for every account. Enabling a Generative AI feature requires the account administrator to opt in, which constitutes acceptance of the applicable AI Drawing Comprehension Feature.
2.1 BOM (Bills-of-Material) and Technical Data Extraction
Uses OCR and Generative AI to read engineering drawings and automatically populate a Bill of Materials and associated technical data, reducing manual data-entry effort. This feature is not a substitute for qualified engineering judgment.
- Inputs: Licensee-uploaded engineering drawings and technical documents.
- Processing: OCR-based text recognition followed by LLM-based structured data extraction.
- Outputs: Extracted BOM and technical data, including part numbers, manufacturers, descriptions, quantities, and measurements.
- Validation: All AI-generated output must be reviewed and validated by a qualified person before use. See Section 7.
2.2 Intelligent Recommendations
Generative AI provides suggestions and recommendations within the platform, for example, component matching and quote optimization. All such outputs are for reference only. See Section 7 for accuracy limitations.
2.3 Future AI Features
Any new AI feature or use case not described above will be reviewed and approved by Cableteque's Security Officer before release. This policy will be updated accordingly, and Licensees will be notified of material changes.
3. Data Framework: Definitions and Protections
Cableteque's data commitments are organized around three distinct categories. Understanding these categories is the foundation of this policy.
3.1 Licensee Data
All electronic data or information submitted by Licensee to the Licensed Software, including BOMs, engineering drawings, specifications, proprietary part data, Commercial Data (defined in Section 4.2), and any AI-generated outputs derived from that data. Licensee Data is fully protected under the commitments in this policy and the EULA.
3.2 Usage Data
Data about how Licensee and its authorized users interact with the platform, including clickstream data, features used, session telemetry, browser type, and performance metrics. Usage Data does not include Licensee Data or any AI-generated outputs derived from Licensee Data. Usage Data may be used to operate, maintain, and improve the Licensed Software and Cableteque's internal analytical capabilities, as described in Section 5.
3.3 Absolute Prohibitions
The following uses of data are prohibited under all circumstances:
- Using Licensee Data from one account to benefit, train on, or inform another Licensee's experience.
- Training, fine-tuning, benchmarking, or otherwise improving any AI or machine learning model, whether Cableteque's own or third-party, using Licensee Data.
- Cross-account analytics, benchmarking reports, or market-pricing insights derived from Licensee Data.
- Sharing Licensee Data with any third party except approved sub-processors under an executed Data Processing Agreement.
4. No-Training Commitment
Core Commitment
Cableteque does not use Licensee Data, including BOMs, engineering drawings, extracted technical data, Commercial Data, or any AI-generated outputs, to train, fine-tune, benchmark, or otherwise improve any artificial intelligence or machine learning model, whether proprietary or third-party. This prohibition is binding on every third-party AI provider through contract (see Section 8).
This prohibition applies to:
- All Licensee Data and documents uploaded to the Licensed Software.
- All AI-generated outputs derived from Licensee Data (e.g., extracted BOMs, technical data, recommendations).
- All Commercial Data as defined in Section 4.2.
- Usage Data when attributed to an individual Licensee account, for model training purposes.
Permitted uses of data in the context of AI operations are limited to:
- Providing, maintaining, and supporting the Licensed Software, including session-specific troubleshooting.
- Identifying trends and usage patterns using aggregated, de-identified Usage Data.
- Improving the Licensed Software and Cableteque's internal analytical capabilities using de-identified Usage Data, including component matching, pricing analytics, and quoting performance. See Section 5 for Licensee-specific enhancement.
- Creating aggregated, anonymized data for lawful business purposes.
5. Within-Account Enhancement
Cableteque may use a Licensee's own Licensee Data to improve that Licensee's experience within their own account, for example, by recognizing components, suppliers, or configurations the Licensee commonly specifies or enriches, and applying those patterns to pre-populate or suggest data within that same account.
This use is strictly within-account. Licensee Data from one account is never used to benefit, inform, or improve the experience of any other Licensee. This does not constitute training, fine-tuning, or benchmarking any foundational AI or machine learning model.
Opt-Out
Licensees who prefer that their Licensee Data not be used for within-account enhancement may opt out at any time by contacting support@cableteque.com. Opting out may affect the personalization features available within the account.
6. Proprietary Data Protections
6.1 Component Library
The rules governing Cableteque's shared component library, including what may be added to the library, how commercially available component specifications are handled, and the auto-designation of all Licensee Data as proprietary, are set out in the Data Use provision of the EULA, which is the binding contractual commitment on this topic.
In summary, commercially available, off-the-shelf component specifications (manufacturer part numbers, public datasheets, technical parameters) may be added to or used to enrich the shared library when encountered during platform use, and are used to backfill missing component data for Licensees. Licensee-proprietary data is never added to the shared library. See the EULA for the complete and governing terms.
6.2 Commercial Data
"Commercial Data" means information about a Licensee's commercial relationships and procurement terms, regardless of how it enters the platform. This includes:
- Negotiated supplier pricing, discounts, and rebates.
- Supplier identities and proprietary supplier relationships.
- Payment terms, Licensee-specific minimum order quantities, and lead-time agreements.
- Quote pricing, Licensee-specific cost structures, and margin data.
Commercial Data - Protected by Default
Commercial Data is treated as Confidential, logically segregated by Licensee identifier, and accessible only to authorized Cableteque personnel for service delivery. Cableteque will not use Commercial Data to train AI models, generate cross-Licensee recommendations, or produce benchmarking analytics derived from Licensee pricing or supplier data.
7. Regulated Content
7.1 Commercial Instance
Important: The commercial instance of the Licensed Software is not authorized to process Controlled Unclassified Information (CUI), ITAR-restricted data, or other export-controlled content. Licensees must not submit such content to the commercial instance.
7.2 Cableteque Secure GOV Instance
The Cableteque Secure GOV instance is purpose-built to process CUI- and ITAR-controlled technical data and operates within FedRAMP-authorized cloud environments. GOV instance customers are subject to additional controls and terms described in their governing agreement.
| Control | Description |
|---|---|
| Transient Processing | Source documents are deleted immediately upon completion of AI processing. |
| Access Restriction | Access limited to U.S. Persons; Tier 1 controls enforced. |
| Encrypted Transit / Storage | All data at rest and in transit is encrypted; Cableteque manages volume keys. |
| No AI Training | Absolute prohibition on the use of GOV instance data for any AI training. |
| Audit Logging | All access and processing events are logged and available for compliance review. |
| Data Residency | Processing confined to approved U.S. geographic regions per applicable regulations. |
| Authorized Hosting | GOV instance hosted exclusively in FedRAMP-authorized environments (see Section 11). |
8. AI Output Accuracy
Important Notice to All Users
AI-generated output, including BOM and technical data extraction results, component recommendations, and any other AI-assisted data, is for reference only. It does not constitute engineering certification, professional advice, or a guarantee of accuracy. All outputs must be reviewed and validated by a qualified person before use in any engineering, manufacturing, quoting, or procurement process.
Cableteque acknowledges the following known limitations of its AI features:
- AI processing does not guarantee 100% accuracy. Output may be incomplete, incorrect, or have missing items.
- Large or highly complex drawings (approximately over 4,000 square inches) may yield lower accuracy.
- Processing times vary. Complex files may take 30 minutes or longer.
- AI features are in active development. Capabilities, supported file types, and behavior may change over time.
- AI features do not perform engineering design validation, quality inspection, or manufacturing certification.
Licensees are solely responsible for any decisions, actions, or outcomes based on AI-generated output. These limitations are described in further detail in the AI BOM Feature Addendum, which Licensees must execute before accessing AI features.
9. Third-Party AI Providers
Where Cableteque uses third-party AI providers to deliver features, the following requirements apply:
- A Data Processing Agreement (DPA) must be in place before any Licensee Data is transmitted to a third-party AI provider.
- DPAs explicitly prohibit the third party from using Licensee Data to train, fine-tune, or improve any AI model.
- Providers are subject to security due diligence and must demonstrate compliance with applicable data protection standards.
- Licensee Data transmitted to third-party providers is encrypted in transit and subject to the same classification controls as all other production data.
- The Security Officer maintains an approved provider registry. No unapproved provider may receive Licensee Data.
- DPAs are reviewed annually or upon any material change to the provider's services.
10. Data Retention
AI-processed data, including inputs and outputs, is subject to the same retention practices as all Licensee Data, as described in Cableteque's Privacy Policy.
| Data Type | Retention | Deletion |
|---|---|---|
| GOV instance source drawings | Transient - deleted immediately after processing | Secure deletion on completion |
| AI-generated BOM and technical output | Active subscription - per Privacy Policy | Secure deletion per policy or on request |
| Commercial Data | Active subscription - per Privacy Policy | Secure deletion per policy or on request |
| Usage Data (aggregated / de-identified) | Reasonable period per operational needs | Per Privacy Policy |
| AI pipeline logs | Minimum 1 year, per operational requirements | Per Privacy Policy |
Upon termination or expiration of a subscription, Licensees have 30 days to request retrieval or deletion of their Licensee Data. After this period, Cableteque reserves the right to permanently delete Licensee Data. Early deletion requests during the subscription term are honored within a reasonable period, subject to applicable legal retention obligations.
11. Security Controls
AI pipelines and components are treated as production systems and are subject to the same security controls applied across the Cableteque platform, including:
- Encryption at rest and in transit for all AI-processed data, using Cableteque-managed keys.
- Logical segregation of Licensee Data at the database and API layer using a unique Licensee identifier. AI output from one account is never exposed to another.
- Access to AI production systems is disabled by default and requires an approval process.
- Continuous logging and security monitoring across all AI pipeline infrastructure.
- Industry-standard security inspection, including anti-virus and vulnerability scanning of AI software components prior to deployment.
- No direct administrative access to production AI data by Cableteque employees.
Any suspected security incident involving AI-processed data should be reported immediately to support@cableteque.com.
12. Compliance Posture
Cableteque maintains the following compliance frameworks for its AI-enabled platform and data-handling practices.
| Framework | Status | Scope | Notes |
|---|---|---|---|
| FedRAMP Moderate Equivalency | In-Process (2026) | GOV Instance | 3PAO: Ignyte Assurance Platform (accredited, A2LA Cert. 6081.01). RAR in progress; full certification expected by end of 2026. |
| NIST 800-53 Moderate Baseline | Controls Implemented | GOV Instance | FedRAMP Marketplace RAR in progress. Security Assessment Report (SAR) expected Q2 2026. |
| SOC 2 Type II | Aligned - Practices in Place | All Instances | Formal certification in progress. |
Cableteque's compliance posture is evolving. For the most current compliance documentation or to request the Ignyte 3PAO letter, contact legal@cableteque.com.
13. Privacy and Contact
This AI & Data Policy operates in conjunction with Cableteque's Privacy Policy, which governs the collection, use, and sharing of information when you use the Licensed Software. Key data uses in connection with AI workflows are summarized below.
| Data Type | Description | Purpose |
|---|---|---|
| Session & Interaction Data | Clickstream data, features used, time on pages, session telemetry | Troubleshooting, error reproduction, and product improvement (de-identified) |
| Device & Log Data | IP address, browser type, OS, crash reports | Security monitoring and performance analysis |
Consistent with the Privacy Policy, data collected in AI workflows is used only to provide and support the Licensed Software, for troubleshooting, and for aggregated and de-identified product improvement. Cableteque does not sell Licensee Data.
In the event of any conflict between this AI & Data Policy and the Privacy Policy regarding the treatment of Licensee Data or Commercial Data, the EULA and MNDA shall control.
For questions about this policy or to exercise a data right, contact:
support@cableteque.com | cableteque.com/legal