Security and Privacy Overview (Beta stage)

1) Summary

Bimful is a plugin for Autodesk Revit 2025 and 2026. During the current beta we designed data handling to be as minimal as possible. All BIM content and calculations remain on the user’s machine. Only basic account and project listing information is stored in our cloud, hosted in the EU. Any temporary data that the plugin holds locally exists only for the duration of the current Revit session and is discarded automatically when Revit is closed. When a user maps a material, the plugin writes two parameters into that material inside the Revit file (an PQID and an PQMaterialActive flag); these remain inside the user’s file.

2) Data We Do Not Collect or Store

Local data on the user’s machine (ephemeral)

  • The plugin may keep working data in memory or temporary storage only during the active Revit session; it is deleted when Revit closes.

  • When a user maps a material, the plugin writes two parameters to that material within the Revit file: PQID (identifier) and PQMaterialActive (boolean). These persist only inside the user-controlled .rvt file to support mapping behavior and are not uploaded.

3) Data We Do Collect and Store

Purpose: account management and basic project listing during beta.

Data Category
Fields
Source
Storage Location

Profile details

Text entered by the user (e.g., name, email, organization)

User input

EU‑North region

Project details

Project name/description (text) and optional cover image

User input

EU‑North region

We do not ingest any BIM models, parameters, quantities, or geometry.

4) Hosting & Data Location

  • Primary application database and storage are hosted in the EU‑North region.

  • No intentional cross‑border transfers occur for profile or project listing data.

5) Sub‑processors

We use a small number of vendors to operate the service:

Vendor
Role
Data handled
Region & Notes

Supabase

Managed Postgres database, authentication, and object storage for cover images

Profile details; project text; project cover image; authentication tokens

Hosted in EU‑North.

Google Analytics (GA4)

Product analytics for website/app usage (aggregated)

Pseudonymous analytics identifiers; page/app events

IP anonymization enabled; ad features disabled.

We do not share personal data with advertising networks. No BIM content is sent to any vendor.

6) Security Measures

Access Controls

  • Principle of least privilege; role‑based access.

  • Access to customer data limited to a minimal, need‑to‑know operations group.

Application Security

  • For the beta stage: currently we provide beta users with hard‑coded credentials.

7) Data Retention & Deletion

  • Profile & Project listing data are retained while the account is active.

  • Upon a verified deletion request, we remove these records from the active database, and they roll off scheduled backups after the retention window noted above.

  • Analytics data follows the retention period configured in GA4 (default 14 months unless configured otherwise).

  • Local temporary data (on the user’s machine) exists only for the current Revit session and is cleared automatically when Revit closes.

  • Material mapping parameters in the Revit file (PQID, PQMaterialActive) remain within the .rvt file until the user removes or overwrites them in Revit; they are not synchronized to our servers.

8) Cookies

We use only what’s necessary for authentication and optional analytics.

Cookie
Provider
Purpose
Typical Expiry

_ga / _ga_*

Google Analytics (GA4)

Distinguish users for usage statistics

Up to 2 years

_gid (if present)

Google Analytics (GA4)

Short‑term user differentiation

24 hours

Controls: Users will be able to decline analytics cookies; service continues to function.

9) Compliance & Privacy

  • GDPR: We act as a Data Controller for profile/project listing data entered by users. Users may exercise access, correction, or deletion rights via support.

  • Legal basis: performance of a contract (providing the service) and legitimate interests (service operation & security).

  • DPA: A standard Data Processing Agreement is available on request.

  • Incident response: If we become aware of a personal‑data breach likely to result in risk to individuals, we will notify customers without undue delay and, where applicable, within GDPR timelines.

10) Privacy and GDPR Contact

  • Security/Privacy contact: [email protected]

  • Responsible entity: Redux Ltd., Liuben Karavelov 61, Dobrich, Bulgaria

11) Local Installation Footprint (Revit Plugin Files)

During beta, the plugin installs only a small set of files through a .msi installer. No background services, drivers, or kernel components are installed. Total size: ~1.2mb

Technology stack: The plugin is built in C# on .NET and embeds a CefSharp (Chromium) browser to render and interact with our web-based UI.

File

Type

Purpose

BIMFUL.dll

.NET assembly

Core Revit add‑in functionality

Newtonsoft.Json.dll

.NET dependency

JSON serialization used by the plugin

Resources/Bimfull_Logo_32.png

Image asset

Branding used in UI

Resources/Bimfull_Logo_32.ico

Image asset

Branding used in UI

BIMFUL.txt

Text file

List of material parameters (PQID and PQMaterialActive)

Locations:

C:/Program Files/BIMFUL

%appdata%/Autodesk/Revit/Addins/2025/BIMFUL.addin (specific for each Revit version)

%programdata%/BIMFUL (Revit browser cache)

%programdata%/BIMFUL.txt (list of shared parameters names)

Behavior:

  • These files enable the add‑in UI and logic; no additional executables or services are installed.

  • Removing these files (or uninstalling the add‑in) disables the plugin. No BIM data is left behind.

  • No temporary files are persisted beyond the current Revit session.

12) About Us (Company & Team)

We’re a small, cross‑disciplinary team of architects, engineers and software developers with deep experience building specialized tools for the AEC industry. Our work spans production‑ready plug‑ins for Revit, Archicad, Allplan and AutoCAD; web‑based project management platforms; automation utilities and scripting to streamline repetitive tasks; and interactive desktop applications built with game engines such as Unity. We prioritize pragmatic, reliable engineering and fit‑for‑workflow design. We ship tools that integrate cleanly with existing practices and respect security and privacy by design.

Legal entity: Redux Ltd. Jurisdiction of incorporation: Bulgaria Registered address: Liuben Karavelov 61, Dobrich Company registration number: 208322681 VAT ID: BG208322681