Privacy Policy
NexionTools is committed to protecting your privacy. This policy explains how we collect, use, store, and safeguard your personal information.
Effective: May 7, 2026
General Information
Data Controller
- NexionTools is the data controller for personal data processed through our services. For data protection inquiries, contact: privacy@nexiontools.com.
- Data Protection Officer: Not required under BDSG §38 (fewer than 20 persons involved in automated data processing). For all data protection matters, please contact privacy@nexiontools.com.
1. Information We Collect
- Account Information: When you create an account, we collect your name, email address, and optionally your company name. This information is necessary to provide our services.
- Payment Information: Payment data (credit card numbers, billing addresses) is collected and processed exclusively by our authorized payment processor, which acts as the Merchant of Record for all NexionTools purchases. NexionTools does not store or have access to your full payment details.
- Licensing Data: We collect device identifiers (a SHA-256 hash derived from hardware serial numbers and, as a fallback, a hash that may include the Windows username) to manage license activations and enforce device limits as part of our subscription model. The raw hardware identifiers never leave your machine — only the irreversible hash is transmitted.
- Usage Analytics: Our Revit plugins may collect anonymized usage data, including tool names used, execution duration, plugin version, host application version (Revit version), and operating system version. This data is tied to your client account and helps us improve our products (legal basis: Art. 6(1)(f) GDPR — legitimate interest in product improvement). You can opt out of analytics collection at any time through the plugin settings.
- Support Communications: When you submit support tickets, we collect the content of your messages, attachments, and any information you provide to resolve your inquiry.
- Website Analytics: We use standard web analytics to understand how visitors interact with our website, including pages visited, time spent, and general geographic region.
2. How We Use Your Information
- To provide, maintain, and improve our services, including license management, plugin updates, and customer support.
- To process payments and manage subscriptions through our authorized payment processor.
- To send transactional communications such as subscription confirmations, license key deliveries, renewal reminders, and support responses.
- To analyze product usage patterns and improve our Revit® plugins and services.
- To detect, prevent, and address fraud, abuse, or security issues.
- To comply with legal obligations and enforce our Terms of Service.
- We do not sell, rent, or share your personal information with third parties for their marketing purposes.
Processing & Third Parties
3. Payment Processing
- All payments for NexionTools subscriptions are processed by our authorized payment processor, which acts as our Merchant of Record.
- The payment processor is responsible for collecting payment information, processing transactions, managing refunds, and handling tax compliance (VAT/GST/sales tax) in accordance with their own privacy policy.
- When you make a purchase, your payment data is transmitted directly to the payment processor. NexionTools receives only a transaction reference, subscription status, and the payout amount — never your full card details.
- We recommend reviewing your payment processor's privacy policy for details on how they handle your payment data.
4. Our Plugins and Your Data
- NexionTools plugins run entirely within your local Autodesk® Revit® environment.
- Our plugins do not transmit your Revit® project data, model files, BIM content, or any proprietary design information to NexionTools servers or any third party.
- The only data transmitted from our plugins to our servers is: (a) license validation requests containing your license key and device ID, (b) version check requests, and (c) anonymized usage analytics (tool name, execution time).
- All data processed by our plugins within Revit® remains entirely within your local environment.
5. Data Sharing and Third-Party Services
- Our authorized payment processor — Payment processing, tax compliance, and invoicing (Merchant of Record).
- Vercel — Website and application hosting.
- Cloudflare R2 — Secure storage for plugin installers.
- Resend — Transactional email delivery (account verification, support notifications).
- Sentry — Application error monitoring and performance tracking (no personal data is shared, only anonymized error reports).
- We only share the minimum data necessary for each service to function. All third-party services are selected based on their data protection standards and compliance with applicable privacy regulations.
Security & Tracking
6. Cookies and Tracking
- Essential Cookies: Used for authentication, session management, and language preferences. These are necessary for the website and portal to function.
- Analytics Cookies: Used to understand website usage patterns. You can opt out through your browser settings.
- We do not use advertising cookies, retargeting pixels, or third-party marketing trackers.
7. Data Security
- All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
- Passwords are hashed using industry-standard bcrypt algorithms and are never stored in plain text.
- Access to personal data is restricted to authorized personnel on a need-to-know basis.
- We conduct regular security reviews of our infrastructure and codebase.
- License keys are transmitted over encrypted connections and validated server-side.
8. Data Retention
- Account data is retained for the duration of your account's existence plus any legally required retention period.
- Payment records are retained as required by tax and financial regulations (typically 7 years).
- Support tickets are retained for 3 years after resolution for quality assurance and legal compliance.
- Usage analytics are retained in aggregated, anonymized form indefinitely for product improvement.
- Device registration data (hardware ID hash, device label) is retained while your license is active, plus 30 days after license expiration or account deletion.
- License verification logs are retained for 90 days for security monitoring and abuse prevention.
- If you delete your account, your personal data will be removed within 30 days, except where retention is required by law.
Rights & Legal
9. Your Rights
- Access: You have the right to request a copy of the personal data we hold about you.
- Correction: You can update your account information at any time through the client portal, or request that we correct inaccurate data.
- Deletion: You can request deletion of your account and personal data by contacting us. Note that this will terminate your subscription and revoke all licenses.
- Portability: You can request your data in a structured, machine-readable format.
- Objection: You can object to the processing of your data for specific purposes.
- To exercise any of these rights, contact us at privacy@nexiontools.com.
10. International Data Transfers
- NexionTools uses infrastructure hosted in various locations globally to deliver its services. Specifically: Vercel (website hosting, USA/EU), Cloudflare R2 (file storage, EU), Resend (email, USA), and Sentry (error monitoring, USA).
- Transfers of personal data to countries outside the European Economic Area (EEA) are protected by Standard Contractual Clauses (SCCs) as adopted by the European Commission, or by the service provider operating under an EU adequacy decision.
- You can request details about the specific safeguards in place for any data transfer by contacting privacy@nexiontools.com.
11. Children's Privacy
- Our services are designed for professional use and are not directed at individuals under the age of 16.
- We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.
12. Changes to This Policy
- We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws.
- Material changes will be communicated via email to registered users or through a prominent notice on our website.
- The "Effective Date" at the top of this policy indicates when it was last updated.
- We encourage you to review this policy periodically.
13. Contact Us
- For questions about this Privacy Policy, data requests, or privacy concerns, contact us at: privacy@nexiontools.com.
Policy Contents