ClashPilot by BIMTools

Privacy Policy

Effective Date: January 10, 2026

Last Updated: January 10, 2026

Company: BIM Tools LLC (“Company,” “we,” “us”)

This Privacy Policy describes how BIM Tools LLC collects, uses, discloses, and protects information in connection with: (a) the ClashPilot website at bimtools.com, and (b) the ClashPilot Revit add-in and related cloud APIs (“ClashPilot,” the “Services”).

1. Executive Summary (for IT/Security Review)

  • No RVT uploads: ClashPilot does not upload Revit model files (.RVT), linked models, or sheets for normal operation.
  • Minimized payload: The add-in sends a purpose-built JSON payload containing only the clash geometry/metadata required to compute coordination recommendations.
  • Encryption: API traffic is encrypted in transit (HTTPS/TLS). Data at rest is protected via standard cloud controls (and S3 server-side encryption when configured).
  • Tenant isolation: Requests are authorized per tenant/license; cross-tenant access is not permitted by design.
  • Telemetry/training: “Training” payload capture is opt-in and designed to remove direct identifiers; customers can disable or restrict it.

2. Information We Collect

2.1 Account, Licensing, and Billing

  • Account identifiers (e.g., email address) and organization information you provide.
  • License information and device identifiers used for license enforcement (e.g., a device fingerprint/“HWID”).
  • Billing records and payment status (processed through our payment provider).

2.2 ClashPilot “Job” Data Sent from the Add-in to the API

To generate clash-resolution recommendations, the add-in may transmit a minimized JSON representation of the clash context. Depending on configuration and feature usage, this can include:

  • Element categories/types (e.g., duct, pipe), system classifications, and numeric parameters (e.g., size/dimensions).
  • Geometry representations necessary for coordination (e.g., bounding boxes, locations/orientation, primitive dimensions, connectors/relationships, and neighbor context).
  • Internal element identifiers required to round-trip actions back to the local model (e.g., element IDs/Revit IDs).

2.3 Support and Plugin Feedback

If you submit feedback via the plugin, we may collect:

  • Your feedback message and basic context such as plugin version.
  • Optional diagnostic logs you choose to attach (e.g., a ZIP log bundle).
  • IP/user-agent: By default, we store hashed versions of IP address and user-agent for abuse prevention and troubleshooting. Raw IP address/user-agent may be stored only when explicitly enabled for support workflows.

2.4 Website Analytics

We may use website analytics tools to understand website performance (page views, clicks, downloads). Where enabled, these tools may use cookies or similar technologies and may collect device/browser information and approximate location derived from IP address.

2.5 Server and Security Logs

Our infrastructure (e.g., reverse proxies, load balancers) may record standard access logs (which can include IP address, timestamps, request path, and status code) for security, abuse prevention, and reliability.

3. Information We Do Not Intend to Collect

ClashPilot is designed to minimize data collection. Unless explicitly enabled for a specific workflow or support request, the Services are not intended to transmit:

  • Revit model files (.RVT), linked models, or sheet/drawing content.
  • Project/client names, addresses, facility names, or other business identifiers.
  • Free-text parameter values that may contain sensitive naming conventions (except where you explicitly include text in feedback).
  • Protected health information (“PHI”) or patient data. Do not submit PHI to the Services.

4. How We Use Information

  • Provide and operate the Services (including computing and returning clash-resolution recommendations).
  • Authenticate users/devices and enforce licensing.
  • Provide customer support and respond to requests.
  • Maintain the security of the Services (fraud/abuse detection, rate limiting, logging, incident response).
  • Improve product quality and reliability (bug fixes, performance tuning, aggregated usage metrics).
  • Optional training/quality improvement: Where enabled, use de-identified or minimized data to improve coordination heuristics and models.

5. Telemetry and Model Training

ClashPilot may collect:

  • “Safe” telemetry (counts, derived features, hashed identifiers) for product analytics and quality metrics.
  • “Training” telemetry (a scrubbed/minimized representation of clash inputs/outputs) only when you explicitly opt in and (for some deployments) only for allowlisted tenants.

If your organization requires stricter controls, contact us for enterprise configuration options (e.g., disabling training telemetry, reduced retention, or dedicated environments).

6. How We Share Information

We do not sell personal information. We may share information with:

  • Service providers/subprocessors that host or operate parts of the Services (e.g., cloud infrastructure, email delivery, billing).
  • Payment processing providers to process subscriptions and payments.
  • Legal/compliance when required to comply with law, enforce terms, or protect rights and safety.

6.1 Common Subprocessors (may vary by deployment)

  • Amazon Web Services (compute/hosting, databases, object storage, secrets management).
  • Stripe (billing/payment processing) where enabled.
  • Amazon SES or similar email services for support notifications where enabled.
  • Google Analytics (website analytics) where enabled.

7. Data Retention

We retain information only as long as necessary for the purposes described above, subject to legal requirements and customer configuration. Retention may vary by plan and deployment. In our standard configuration, we target:

  • Job metadata/results: short-lived retention intended to support polling and troubleshooting (commonly ~7 days, configurable).
  • Support/feedback artifacts: retained only as long as needed to resolve the request (often measured in days/weeks). If uploaded to customer-controlled systems, your organization’s retention policies apply.
  • Aggregated/derived telemetry: may be retained longer because it is not intended to directly identify a project or individual.

Enterprise customers may request specific retention windows and deletion procedures.

8. Security

We use administrative, technical, and physical safeguards designed to protect information, including (as applicable): encryption in transit (HTTPS/TLS), access controls, secret management, rate limiting, and monitoring. No method of transmission or storage is 100% secure; if you believe your account has been compromised, contact us immediately.

9. Your Choices and Rights

  • Telemetry controls: If telemetry/training is offered, you may be able to disable or restrict it via configuration or by contacting support.
  • Access/correction/deletion: Depending on your jurisdiction, you may have rights to access, correct, or delete certain personal information. Contact us to submit a request.
  • Analytics controls: You can limit cookies via browser settings. Some analytics providers also offer opt-out mechanisms.

10. International Transfers

If you access the Services from outside the United States, your information may be processed in the United States or other locations where we or our service providers operate. Primary hosting for ClashPilot is currently in the United States (AWS region may vary by deployment). We implement appropriate safeguards as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Continued use after changes take effect constitutes acceptance of the revised policy.

12. Contact

BIM Tools LLC, Fort Mill, South Carolina, USA. Email: eli@bimtools.com.

Home How It Works Pricing Contact Privacy Policy Terms of Service
© 2025 BIM Tools - Makers of ClashPilot. All rights reserved.