Last updated: 28 February 2026
1. Controller and Contact
The controller responsible for data processing under applicable data protection laws (including the Swiss Federal Act on Data Protection (revDSG) and the EU General Data Protection Regulation (GDPR)) is:
bimover
Michael Huber
Hammer 19
5000 Aarau
Switzerland
Email: support@bimover.ch
2. Scope of This Privacy Policy
This Privacy Policy applies to:
- the use of our applications (“Apps”)
- our website at bimover.ch, including subdomains
We aim to process only the data required to operate authentication, licensing, purchases, support and security.
3. Data We Process
Depending on your usage, we process the following categories of personal data:
- Apple Sign in subject identifiers (SIWA subject) and email address (including Apple relay email, if used)
- internal account identifier (
usr_...) - licensing and entitlement records (license tier, grants, redeem/transfer code status, eligibility status, add-on download counters/timestamps)
- payment/commerce records (transaction references, order status, line-item references, optional customer email, webhook reconciliation records)
- security/session records (API session token hashes, device ID, optional device metadata, last-used timestamps, limited request metadata such as IP-derived network information for pricing/tax preview and fraud controls)
- audit and operations records (request IDs, event logs, security-relevant events)
We do not build advertising profiles and we do not use analytics or marketing pixels on our website.
4. Cookies and Similar Technologies
Our website uses strictly necessary cookies for account login/session management:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
bimover_web_session | Keeps you logged in to your website account | Up to 30 days or until logout | Essential, first-party |
bimover_web_device | Stable device identifier for secure web session issuance | Up to 365 days | Essential, first-party |
These cookies are required to provide the login/account service requested by you.
Cookie attributes used for these cookies include HttpOnly and SameSite=Lax; Secure is used on HTTPS/production.
We do not use analytics/marketing cookies.
If you use third-party login/checkout components (Apple/Paddle), those providers may use their own technologies under their own policies.
5. Sign in with Apple (Unified Account for Apps and Website)
We use Sign in with Apple for website authentication and app authentication. The same identity is used across website and supported apps; we do not operate a separate app/web account-linking model.
When you sign in, we process:
- Apple subject identifier
- email address (or Apple relay address)
We do not process passwords. Authentication is performed by Apple.
App login claim flow
When app login is started from a supported app, the website can issue a short-lived app-login claim token.
For this flow, we generate a short-lived token (default: 15 minutes), store only a hash of that token server-side, and complete app login after successful claim confirmation from the matching app bundle.
The deep link payload contains technical claim context (for example bundle_id and a claim token).
Purpose:
- sign the app into your existing website account identity
- allow the app to retrieve the correct license and entitlement state
6. Licensing, Eligibility and Account Data
To operate licensing, we process:
- account ID, app bundle ID, SIWA-linked identity records
- license/entitlement state and hierarchy (for example trial/personal/professional)
- redeem and transfer code lifecycle (unused/redeemed/revoked)
- eligibility requests (for example educational eligibility), including token hash/hint and status data
This processing is required to enforce license rules, entitlement integrity, and anti-abuse controls.
7. Payments, Refunds and Paddle
Payments are handled by Paddle (Merchant of Record). Paddle processes payment method and invoicing data.
From Paddle transactions/webhooks, we may process and store:
- transaction IDs and order references
- order and line-item references
- status changes (including refund/chargeback events)
- optional customer email
- webhook payload data required for reconciliation, tax/accounting evidence, fraud prevention, and refund-based license revocation
For checkout handoff, generated checkout URLs may include technical query parameters such as transaction ID, state, and optional customer email. For localized pricing/tax preview before checkout, we may pass request IP-derived network information to Paddle.
We use this data to ensure purchased entitlements and refunds are reflected correctly (including piece-accurate revocation logic).
We do not store full card numbers or CVV.
Paddle policy: https://www.paddle.com/legal/privacy
8. Security, Session and Audit Logging
We process technical security/session data, including:
- API token hashes (not plaintext token storage)
- device/session metadata (device ID, optional device name/platform/version)
- session usage/revocation timestamps
- audit/security events with request identifiers
Error and audit logs may include operational request context (for example bundle ID, offer code, request ID, and status/error codes). Sensitive token/secret fields are redacted in structured error logging. Audit logs are used for security monitoring, incident handling, and legal defense.
9. Data Sharing
We do not sell personal data.
Data may be shared with:
- Apple (authentication)
- Paddle (payments, merchant-of-record functions)
- infrastructure/service providers required to operate our services (for example hosting/network delivery), under applicable confidentiality and data protection obligations
- authorities or courts where legally required
10. International Transfers
Depending on provider infrastructure (for example Apple, Paddle, hosting/network providers), data may be processed outside Switzerland/EU/EEA.
Where required, transfers are based on applicable legal transfer mechanisms and safeguards.
11. Data Retention
We retain data only as long as necessary for the stated purposes and legal obligations.
Typical retention logic:
- web session cookie: up to 30 days
- web device cookie: up to 365 days
- app-login claim token validity: short-lived (default 15 minutes); expired/consumed tokens become unusable (related hashed records may remain until operational cleanup)
- eligibility request token validity: limited lifetime (default 14 days unless resolved earlier); related request records may be retained for support, anti-abuse, and audit/legal needs
- account/licensing/payment records: for contract execution, fraud/security controls, and legally required accounting/tax retention periods
- audit logs: operational retention windows (default cleanup policy targets 6 months unless longer retention is required)
You may request deletion of your data at any time, unless retention is legally required.
12. Legal Basis for Processing
Under GDPR, processing is generally based on:
- Article 6(1)(b) GDPR (contract performance)
- Article 6(1)(c) GDPR (legal obligations, where applicable)
- Article 6(1)(f) GDPR (legitimate interests: secure service operation, fraud prevention, entitlement integrity)
Under Swiss law, processing is based on lawful purpose, proportionality, transparency and data security under the revised FADP (revDSG).
13. Your Rights
Depending on applicable law, you may have rights to:
- access your data
- rectification
- deletion
- restriction or objection
- data portability (where applicable)
Contact: support@bimover.ch
You may also contact the competent supervisory authority.
14. Changes to This Privacy Policy
We may update this Privacy Policy as our services evolve or legal requirements change.
The current version is always published on our website.