Privacy policy
Bimly ("we") operates this service. This policy explains what information we collect when you use bimly.net and app.bimly.net, how we use it, who else sees it, and the choices you have. If anything below isn't clear, email us at support@jp-info-tech.com.
Bimly is currently in open beta. This policy may change before general availability; we will flag material changes on the landing page.
1. Information we collect
Account information
When you create an account we store your display name, email address, and a one-way Argon2id hash of your password. We never store your password in a recoverable form.
Content you upload
Files you upload (notably IFC models), the derived BIM domain data we generate from them, and anything you type into the app (issues, comments, property values, validation rules) are stored so you can use Bimly. Access is limited to workspace members you've invited and, where enabled, holders of share links you create.
Automatic technical data
Our servers log IP address, user agent, timestamps, and the URL you requested for security and debugging. These logs are rotated and kept for no longer than 30 days.
Cookies and similar
We set an HttpOnly session cookie after login to keep you signed in, and
a bimly_lang cookie to remember your language preference.
We do not use advertising cookies on the app.bimly.net domain.
2. Third-party services
- Xserver VPS — hosting.
- Google Analytics 4 — aggregate usage statistics on the marketing site only.
- Google AdSense — contextual ads outside the 3D viewer on bimly.net and, for Free-plan users, some app surfaces. A Funding Choices CMP is used for consent where required.
- Resend — transactional email (verification, password reset).
- Anthropic — when you invoke AI features (planned), limited context extracted from your model is sent to Anthropic's API. Your raw IFC files are never sent.
We will publish a full subprocessor list before we leave beta. If we add a subprocessor that sees user data, we'll update this policy and announce it.
3. How we use data
We use your data to operate the service, secure it, communicate with you about it, and improve it. We do not sell personal data. We don't train third-party AI models on your uploaded content.
4. Retention and deletion
Your content stays as long as your workspace is active. Archiving a project hides it but keeps the data; deleting a workspace removes the content from the primary database within 30 days. Backups age out on the same schedule.
5. Your rights
You can access, correct, export, or delete your account data through the app, or by emailing us. Residents of jurisdictions with specific rights (EEA/UK GDPR, CCPA, Japan APPI) can exercise those rights through the same channel.
6. International transfers
Our infrastructure is in Japan. Some subprocessors may process data in other regions (e.g. Google/Anthropic in the US). Where applicable we rely on standard contractual clauses and each subprocessor's own certifications.
7. Security
We use TLS for all traffic, Argon2id for password hashing, HttpOnly session cookies, and regular dependency scanning. We will never ask for your password by email. Report security issues to support@jp-info-tech.com.
8. Contact
Bimly · support@jp-info-tech.com · Japan.