Trust & security
How Origin handles data, access, and responsibility.
Origin is a robot-agnostic physical-AI autonomy layer. This page states our posture plainly for security and procurement review. It is consistent with our privacy policy and terms.
Origin is currently available through a private pilot program; specifics are confirmed per deployment. A DPA and a security review are available on request.
Data we collect
Account details, the floor context you provide (maps, zones, work orders), robot and deployment telemetry, and product usage/analytics. We do not seek data beyond what a deployment needs.
Telemetry scope
Scoped to the specific deployment and used to observe the floor, plan safe steps, verify completion, and produce the audit log. Not repurposed across customers.
Data retention
Pilot defaults — finalized per site in the Data Processing Agreement:
- Raw camera frames
- Processed on site for context extraction; not retained by default (site-configurable)
- Derived floor context (detections, occupancy)
- 30 days
- Robot telemetry
- 90 days
- Audit & verification logs
- 12 months, then archived or deleted per the DPA
- Contact & lead data
- Until deletion is requested
Deletion requests are honored at engagement end; the audit log retains the record of the deletion itself.
Access control
Least-privilege, need-to-know access with per-deployment scoping. Administrative access is limited and logged.
Encryption & transport
Encryption in transit (HTTPS/TLS). Secrets are not exposed to robots or agents. Production credentials are held server-side.
Audit logs
Append-only, replayable records of every decision, action, and escalation — the basis for evidence-backed verification and accountability.
Incident & escalation
Uncertainty, low confidence, no-go conflicts, and robot/health anomalies escalate to a human operator. Material incidents are handled under the engagement’s agreed process.
Responsibility — you
You retain operational control and are responsible for on-site safety, supervision, no-go zones, thresholds, override, and your robots and personnel.
Responsibility — Origin
We provide the software controls: perception, planning, safety boundaries, verification, and the audit log. Origin is not a custodian of your robots or physical operations.
Sub-processors
Infrastructure, hosting, identity, and analytics providers under appropriate confidentiality and security obligations. A current list is available on request.
Analytics & cookies
Only essential cookies plus Google Analytics running in Consent Mode denied-by-default, so no non-essential tracking cookies are set unless you consent.
DPA & security review
A Data Processing Agreement and a security review (including retention specifics and sub-processor list) are available to prospective customers on request.
Security review packet
For procurement and vendor security review, we provide a packet on request:
- Sub-processor list
- Data-retention schedule
- Security review checklist
- DPA (Data Processing Agreement)
- Incident & escalation contact
Conservative by design. Origin returns decision-support and verification records — not certifications or guarantees. Contact: hello@originphysical.ai
Origin