Privacy policy

BIM & Beyond (KvK 24174397), trading as “BIMboost,” sells Revit-plugin licenses and operates the customer portal at portal.bimboost.com. We are the data controller for personal data you provide while using these services. Reach us at support@bimboost.com.

We try to collect the minimum needed to deliver the Service. In practice that's:

• Account data — your email address (sign-in identifier), full name, company name. Stored on Customer and User rows in our database.
• Billing data — company name, postal address, VAT number, country code. Required to issue compliant Dutch tax invoices. Card details are NOT stored by us; they live on Stripe (our payment processor).
• License-API telemetry — the machine ID (a one-way SHA-256 hash of your Windows MachineGuid), IP address, and user-agent string of each Revit-plugin session. Used to enforce seat limits and detect abuse.
• Support tickets — anything you send to support@bimboost.com plus your sender address and our replies.
• Audit trail — administrator actions and customer self-service mutations (key regeneration, seat changes, cancellations). Forensic record only; never used for marketing.

• Performance of contract — running the Service you paid for (license issuance, billing, support).
• Legal obligation — Dutch AWR Art. 52 requires us to retain issued invoices for 7 years. Card-payment records are held by Stripe under the same obligation.
• Legitimate interest — abuse detection on the license API, security logging, and the audit trail.

We do notuse consent as a legal basis for account data — refusing the data we ask for means we can't deliver the Service. Cookies needed for sign-in are “strictly necessary” and exempt from the consent requirement under the ePrivacy directive.

We rely on the following processors. Each holds personal data under a data-processing agreement that mirrors our obligations.

• Stripe (USA + Ireland) — payments, subscriptions, tax. Standard Contractual Clauses + Data Privacy Framework.
• Neon (EU, Frankfurt region) — managed PostgreSQL database. Data never leaves the EU.
• Netlify (USA) — application hosting + scheduled functions. SCCs in place.
• Resend (USA + EU) — transactional email (welcome, trial reminders, support replies, magic-link sign-in). SCCs in place.
• Anthropic (USA) — when you use the AI chat in the support FAQ, your message and a stripped-down account context are sent to Claude for the reply. No PII unless you type it. SCCs in place.

• Account + profile data — for as long as your account is active.
• License keys — revoked on account closure, argon2 hash retained for 90 days for fraud-investigation, then purged.
• License-API leases + IP logs — 30 days, then auto-purged.
• Stripe webhook payloads — 30 days of raw payload retained for forensics, then nulled.
• Invoices — 7 years (Dutch AWR Art. 52). When you exercise your right to erasure (Art. 17), the link from invoice to customer is nulled but the invoice row survives.
• Audit log — 2 years, pseudonymised on erasure.

You can exercise the following GDPR rights at any time:

• Art. 15 (access) + Art. 20 (portability) — download a structured JSON of all personal data we hold on you via your profile page (signed in) or GET /api/account/export.
• Art. 16 (rectification) — fix incorrect data yourself on the profile page, or mail support@bimboost.com for anything you can't edit.
• Art. 17 (erasure) — request deletion of your account. A 30-day grace window applies during which you can reverse the request; thereafter your data is pseudonymised in-place (invoices retained per the AWR obligation above). Triggered from the profile page.
• Art. 21 (object)— we don't send marketing email today. If we ever do, you'll be able to opt out from the email itself.
• Complaint to the AP — you can lodge a complaint at any time with the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

All traffic is HTTPS. Database connections are TLS. License keys are stored as argon2id hashes; the plaintext copy is held only to allow you to view your key in the dashboard and will move to an envelope-encrypted column in a coming release. Passwords are never stored — sign-in is via magic-link or single-sign-on.

Material changes will be announced by email at least 14 days before they take effect. The current version always lives at this URL; the “Last updated” date at the top changes when we revise.