Privacy Policy
Conjunction ("we," "us," "our") operates the web application at conjunction.pro and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
1. Information We Collect
1.1 Information You Provide
- Account data: email address, name, and profile information you provide during registration
- BIM model data: building geometry, level configurations, element parameters, and annotations you create or upload
- Issue data: bug reports, comments, and camera snapshots you submit
- Billing information: handled by Stripe — we store only transaction references, not card data
- Support communications: tickets and messages submitted through our support portal
1.2 Information Collected Automatically
- Usage data: API requests, feature usage, session duration, and browser type
- Device and connection data: IP address, user agent, and browser locale
- WebRTC metadata: session IDs for collaborative viewport features (no audio/video content)
1.3 Cookies
We use session cookies (essential, always-on), analytics cookies (opt-in, default off for EU users), and payment-cookie from Stripe. See our Cookie Policy for full detail.
2. How We Use Your Information
- Provide, maintain, and improve the Conjunction BIM platform
- Process account creation and subscription management
- Store and render your BIM models and associated data
- Send transactional emails (registration confirmations, password resets, billing receipts)
- Generate AI-assisted renders via OpenAI integration
- Detect and respond to security incidents and prohibited content
- Comply with legal obligations (law enforcement requests, court orders)
We do not sell your personal data. We do not use your BIM models to train machine learning models.
3. Data Sharing and Disclosure
3.1 Sub-processors
We share data with the following third-party service providers (each under a Data Processing Agreement):
| Provider | Service | Data Shared |
|---|---|---|
| Render | Cloud hosting | All application data |
| Neon (Neon.tech) | PostgreSQL database | All application data |
| Stripe | Payment processing | Billing name, email, transaction refs |
| OpenAI | AI render generation | Viewport images and render prompts |
| PeerJS | WebRTC signaling | Session metadata for collaborative features |
3.2 Legal Disclosures
We will disclose your information if required by law, court order, or binding regulatory request. Where legally permitted, we will notify you via email before responding to government requests.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all assets, your data will transfer under the same privacy commitments.
4. Data Retention
- Active accounts: retained until you delete your account or request deletion
- Post-cancellation: data retained for 90 days, then permanently deleted
- Audit logs: retained for 12 months
- BIM models flagged for review: retained during review; deleted within 30 days if violations confirmed
5. Security
We use TLS 1.2+ encryption in transit, bcrypt hashing for passwords, and role-based access control in the application. No security measure is 100% secure; we cannot guarantee absolute security but we implement industry-standard controls and conduct regular reviews.
6. Your Rights (GDPR and CCPA)
6.1 GDPR (EU/UK Users)
If you are located in the European Economic Area or United Kingdom, you have the right to:
- Access: request a copy of your personal data
- Rectification: correct inaccurate data
- Erasure: request deletion ("right to be forgotten"), subject to legal retention requirements
- Portability: receive your data in a structured, machine-readable format
- Restrict processing: limit how we use your data
- Object: object to processing based on legitimate interests
- Withdraw consent: at any time for consent-based processing
To exercise any right, email privacy@conjunction.pro. We respond within 30 days.
6.2 CCPA (California Residents)
California residents have the right to know what data we collect, delete data, and opt out of the "sale" of personal information (we do not sell data). To exercise your rights, email privacy@conjunction.pro.
7. International Data Transfers
If you are located outside the United States, your data is transferred to and processed in the United States. For EU/UK users, transfers are covered by Standard Contractual Clauses (SCCs) as detailed in our Data Processing Agreement.
8. Children's Privacy
Conjunction is not intended for users under 16. We do not knowingly collect data from children. If we learn that we have collected data from a minor, we will delete it promptly.
9. Changes to This Policy
We will notify you of material changes via email at least 30 days before they take effect. Non-material changes take effect immediately. The "Last updated" date at the top reflects the latest revision.
10. Contact
For privacy-related questions, contact:
Email: privacy@conjunction.pro
Postal: Conjunction, 123 Architecture Way, New York, NY 10001