Privacy Policy

Last updated: January 15, 2025

Introduction

At Frame (“we,” “us,” or “our”), we are committed to protecting your privacy and ensuring the security of your personal information and Building Information Modeling (BIM) data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our BIM analytics platform and related services (the “Service”).

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our Service.

Definitions

Service - Frame’s BIM analytics platform, including our web application, APIs, and related tools

Personal Data - Information that can be used to identify an individual, such as name, email address, or phone number

BIM Data - Building Information Modeling files, including CAD files, 3D models, and associated metadata uploaded to our platform

Usage Data - Information collected automatically when using our Service, including IP address, browser type, and usage patterns

Cookies - Small files stored on your device that track, save, and store information about your interactions with our Service

Data Controller - The entity that determines the purposes and means of processing Personal Data

Data Processor - The entity that processes Personal Data on behalf of the Data Controller

Information Collection and Use

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. This may include:

  • Email address
  • First and last name
  • Company name and job title
  • Phone number
  • Address, city, postal code, country
  • Authentication credentials (encrypted)
  • Payment information (processed securely through Stripe)

BIM Data and Project Files

Important: We do not store your original design files (such as .rvt, .nwd, .ifc files) or report files you generate. Original files are securely uploaded to third-party processing services to generate derivatives and extract data for analysis. Reports you create are your property and remain under your control. We only store report templates as our intellectual property.

When you use our platform, we collect and process:

  • Processed derivatives from your CAD files (not the original files)
  • Extracted metadata and properties from your models
  • 3D visualization data and viewable derivatives
  • Project documentation you create (under your ownership)
  • Annotations, markups, and comments you add
  • Report templates (our intellectual property)
  • Clash detection results and model version information

Usage Data

We automatically collect information about how you interact with our Service:

  • IP address and browser information
  • Device type and operating system
  • Pages visited and features used
  • Time spent on different sections
  • Click patterns and navigation paths
  • Error logs and performance data

Cookies and Tracking

We prioritize your privacy and only use strictly necessary cookies:

  • Authentication cookies - Essential for maintaining your login session (no consent required)
  • Security cookies - Essential for detecting authentication anomalies and protecting your account
  • No tracking cookies - We do not use any cookies for tracking or marketing purposes
  • No analytics cookies - Our analytics solution (Vercel Analytics) operates without cookies

Important: We do not require cookie consent banners because we only use strictly necessary cookies that are essential for the Service to function properly. This approach ensures both GDPR compliance and a better user experience.

Use of Data

Frame uses the collected data for various purposes:

  • To provide and maintain our Service
  • To process and analyze your BIM data
  • To generate reports and visualizations
  • To notify you about changes to our Service
  • To provide customer support
  • To gather analysis or valuable information to improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues
  • To fulfill legal and regulatory requirements
  • To process payments and manage subscriptions
  • To provide AI-powered analytics and insights

AI Data Usage: We do not use your data to train AI models, and we do not provide your data to third-party AI service providers for training purposes. AI services are used solely to provide you with analytics and insights based on your data.

Our Privacy-First Approach

No Cookie Consent Required: Unlike many websites, we don’t show cookie consent banners because:

  • We only use strictly necessary cookies essential for authentication
  • Our analytics are cookieless and privacy-preserving
  • We don’t use any marketing, advertising, or tracking cookies
  • We don’t sell or share your data with third parties for advertising

This approach ensures full GDPR compliance while providing you with an uninterrupted user experience.

Retention of Data

We will retain your Personal Data and BIM Data only for as long as necessary for the purposes set out in this Privacy Policy. We will retain and use your data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

Usage Data is generally retained for a shorter period, except when used for security, improving functionality, or legal requirements.

Transfer of Data

Your information, including Personal Data and BIM Data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Disclosure of Data

We may disclose your Personal Data in good faith belief that such action is necessary:

  • To comply with a legal obligation
  • To protect and defend our rights or property
  • To prevent or investigate possible wrongdoing
  • To protect the personal safety of users or the public
  • To protect against legal liability
  • In connection with a merger, acquisition, or sale of assets

Security of Data

The security of your data is important to us. We use commercially acceptable means to protect your Personal Data and BIM Data, including:

  • Encryption of data in transit and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure data centers with physical and digital protections
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your Data Protection Rights

General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights:

  • Right to access - Request copies of your personal data
  • Right to rectification - Request correction of inaccurate data
  • Right to erasure - Request deletion of your personal data
  • Right to restrict processing - Request restriction of processing
  • Right to object - Object to our processing of your personal data
  • Right to data portability - Request transfer of your data

Note on Cookies: Under GDPR, we are not required to obtain consent for strictly necessary cookies that are essential for our Service to function. Since we only use such essential cookies and our analytics are cookieless, no cookie consent banner is required. Your rights listed above apply to all personal data we process, regardless of our cookie usage.

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to request deletion of personal information
  • Right to non-discrimination for exercising privacy rights

Service Providers

We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Backend Service Providers

We use different backend service providers to support our applications.

Vercel: Their Privacy Policy can be viewed at https://vercel.com/legal/privacy-policy Turso: Their Privacy Policy can be viewed at https://turso.tech/privacy-policy Supabase: Their Privacy Policy can be viewed at https://supabase.com/privacy Autodesk Platform Services: Their Privacy Policy can be viewed at https://www.autodesk.com/company/legal-notices-trademarks/privacy-statement

Analytics

We use privacy-preserving analytics to improve our Service:

Vercel Analytics: A cookieless web analytics service that respects user privacy:

  • No cookies used - Uses a daily-rotating hash instead of persistent tracking
  • No cross-site tracking - Cannot track users across different websites
  • Anonymous data only - All data is aggregated and anonymized
  • Privacy by design - Cannot identify individual users

For more information on their privacy practices, please visit: https://vercel.com/legal/privacy-policy

Payments

We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

Stripe: Their Privacy Policy can be viewed at https://stripe.com/privacy

Artificial Intelligence

We may use 3rd party Artificial Intelligence (AI) service providers to provide you with some features, including but not limited to automated analytics, insights generation, and data processing.

OpenAI: Their Privacy Policy can be viewed at https://openai.com/policies/privacy-policy

Important: We do not use your data to train AI models, and we choose not to provide any usage of your data to third-party AI providers for training purposes.

Additional Information

Our Service may contain links to other sites not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children’s Privacy

Our Service is not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children under 18. If you become aware that a child has provided us with Personal Data, please contact us.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. You are advised to review this Privacy Policy periodically for any changes.

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: contact@bimframe.com

Response Time: We aim to respond to all privacy-related inquiries within 30 days.