Application Privacy Policy
Last updated: [DATE] · Applies to the Partimation and CastDFM applications (app.partimation.com)
1. Controller
The controller for the hosted application is MetaBinary Limited, a company registered in Ireland (CRO 806119, VAT IE4698974FH), Office 40 — Boxworks, 40–44 Patrick Street, Waterford, X91 X3KF, Ireland. Contact: [email protected]. As an EU-established controller we are not required to appoint an EU representative, and we have not appointed a Data Protection Officer.
2. What we process
- Account data — your email, a salted hash of your password (we never store the password itself), your role, plan, and preferences.
- Content you upload — 3D models (STL/STEP), drawings (DXF/PDF), and any tolerances, notes or rates you enter.
- Analysis records — the results we compute (findings, quotes, simulation outputs) and metadata such as a geometry fingerprint (a hash of the shape) used to recognise and de-duplicate parts.
- Feedback — accept/override decisions and quote-vs-actual figures you choose to submit.
- Billing references — subscription and customer identifiers from Stripe. We do not receive or store your card details; Stripe handles payment data directly.
- Technical logs — standard security/reliability logs.
3. Your CAD files & results — your data
The parts you upload and the results we produce are yours. We process them to provide the service to you. You can export them and delete them at any time (see Your rights). We do not sell them, and we do not share them with other customers.
4. Training & the shared model
Partimation improves its recommendations with a machine-learning model. Where local calibration is used, it is trained on your own records to tune your prices and predictions — not shared with other customers. The vendor-provided base model is trained on aggregate, non-identifying signals and is distributed as a signed file; it is not built from your identifiable uploads. [Confirm this description matches deployed behaviour before publishing.]
5. Purposes & lawful basis
| Purpose | Lawful basis |
|---|---|
| Provide the app you signed up for | Performance of a contract |
| Billing & subscription management | Contract; legal obligation (tax) |
| Security, abuse prevention, logs | Legitimate interests |
| Product improvement / calibration | Legitimate interests (your own data) / consent where required |
6. Processors we use
- Hosting — Hostinger International Ltd (application servers, currently located in the United States) with Cloudflare, Inc. as CDN/security in front of the service.
- Payments — Stripe (Stripe Payments Europe / Stripe, Inc. as applicable to your region).
- Email — Resend, Inc. (transactional email).
Each is engaged under a data-processing agreement. [Counsel: attach/reference the DPAs.] Where personal data of EEA/UK users is processed outside the EEA/UK (our application servers are currently US-located), we rely on the EU–US Data Privacy Framework where the provider is certified, or on the Standard Contractual Clauses, with appropriate supplementary safeguards.
7. Security
Passwords are hashed with a memory-hard function (scrypt) and never stored in the clear. Access is over TLS. Sessions use signed, expiring tokens. The application runs in isolated containers on virtual servers; administrative access is limited to key-based SSH for named administrators, and backups are encrypted and rotated per the retention section below.
8. Retention
We keep account and content data for as long as your account is active. When you delete your account we remove your profile and associated analysis records; some entries may persist in encrypted backups for up to 30 days before rotation. Billing records are kept as required by Irish tax law (6 years).
9. Your rights & how to exercise them
EU/UK (GDPR) and California (CCPA/CPRA) rights apply, including access, correction, deletion, portability, restriction/objection, and (California) opt-out of sale/share — which we do not do.
- Export — download your data from Account → Export my data in the app.
- Delete — remove your account and records from Account → Delete account.
- Anything else — email [email protected]. You may complain to your supervisory authority (Ireland: the Data Protection Commission).
10. On-prem installs
If you run Partimation on-premises or air-gapped, you are the controller of all data in your install; it stays on your hardware and does not reach us. Licences and updates are exchanged as signed files, with no runtime connection back to us.
11. Contact
Privacy: [email protected]. We may update this policy; material changes are notified in-app and dated here.