Privacy Policy

1. Introduction

Welcome to BimCT Converter Engine ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using BimCT Converter Engine, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

When you create a trial account, we collect:

• Account Information: Email address, first name, last name, company name, tenant domain
• Authentication Data: Username and encrypted password (or OAuth2 provider credentials)
• Technical Information: IP address, country/location, browser type, device information

2.2 OAuth2 Provider Information

If you choose to sign up using OAuth2 (Google, Microsoft, or Autodesk), we collect:

• Your email address from the OAuth2 provider
• Your name (if provided by the provider)
• A unique identifier from the OAuth2 provider

Note: We only request the minimum necessary permissions from OAuth2 providers. We do not access your emails, files, or any other data beyond basic profile information.

2.3 Files and Usage Data

• Uploaded Files: BIM files and documents you upload for conversion
• Conversion Jobs: Information about your conversion requests and results
• Usage Statistics: Number of conversions, storage usage, access logs

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your login session
• Remember your preferences
• Protect against fraudulent activity (reCAPTCHA)
• Analyze usage patterns to improve our service

3. How We Use Your Information

We use the information we collect to:

• Provide Services: Process conversions, manage your account, and deliver results
• Communication: Send verification emails, account notifications, and support responses
• Security: Detect and prevent fraud, abuse, and security incidents
• Improvements: Analyze usage patterns to enhance our service
• Compliance: Meet legal obligations and enforce our terms of service

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: Third-party services that help us operate (e.g., email delivery, cloud hosting)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection: To protect our rights, property, safety, or that of our users

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure password storage using BCrypt hashing
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Anti-bot protection (reCAPTCHA, rate limiting)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

• Trial Accounts: Automatically expire after 30 days unless converted to paid accounts
• Unverified Accounts: Deleted automatically after 48 hours if email is not verified
• Uploaded Files: Retained according to your account's storage limits and expiration date
• Logs and Analytics: Aggregated data may be retained indefinitely for statistical purposes

7. Your Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Limit how we use your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your data for certain purposes
• Withdraw Consent: Withdraw consent at any time (does not affect prior processing)

To exercise these rights, please contact us using the information below.

8. Trial Account Limitations

Trial accounts are subject to the following restrictions:

• 30-day expiration period
• 100MB maximum storage space
• 50MB maximum file upload size
• Hybrid processing mode (2D drawings only)

After your trial expires, you will need to contact us to upgrade to a paid account or your data will be deleted.

9. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Services

Our service integrates with the following third-party services:

• Google reCAPTCHA: Anti-bot protection (subject to Google's Privacy Policy)
• OAuth2 Providers: Google, Microsoft, Autodesk for authentication
• Email Validation: Third-party APIs to detect disposable email addresses
• IP Geolocation: IP address lookup services for fraud prevention

These services have their own privacy policies, which we encourage you to review.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us