Privacy Policy

Last updated:

1. Controller

BIModular EIRL, 75007 Paris France, privacy@BIModular.com, is the data controller for personal data processed via BOMSync.

2. What we collect

  • Account data: name, email, company, role.
  • Usage/technical data: logs, device/browser info, IP (security/fraud prevention).
  • Customer Data: project/BOM content you or your organization upload (processed under your instructions).
  • Communications data: email/SMS/chat metadata (timestamps, delivery status, sender/recipient) when we send notifications via Azure Communication Services (“ACS”) and, if enabled, a backup email provider (e.g., SendGrid).

3. Purposes & legal bases (GDPR)

  • Provide and secure the service (Art. 6(1)(b),(f)).
  • Account management, support, billing (Art. 6(1)(b)).
  • Transactional communications (password resets, invitations, security alerts) via ACS or an approved processor (Art. 6(1)(b),(f)).
  • Improve features/analytics with aggregated or pseudonymised data (Art. 6(1)(f)).
  • Legal compliance and enforcement (Art. 6(1)(c),(f)).

4. Sharing

We share personal data with processors under contract, including:

  • Microsoft Azure & Azure Communication Services (EU regions where feasible; global fallback) for hosting, storage, logging, and email/SMS/chat delivery.
  • [Optional] SendGrid for transactional email delivery if enabled.
  • Other support/monitoring tools as necessary (listed in our DPA/Sub-processor schedule).

We do not sell personal data.

5. International transfers

Where data leaves the EEA/UK, we use lawful safeguards (e.g., EU SCCs, UK IDTA, adequacy decisions). Microsoft’s and any backup provider’s transfer mechanisms apply.

6. Retention

We retain personal data only as long as needed for the purposes above or to meet legal obligations. Communications metadata may be retained for deliverability, fraud prevention, and audit.

7. Your rights

Under GDPR you may request access, rectification, erasure, restriction, portability, and object to processing. You may complain to your local authority (e.g., CNIL in France). Contact: [privacy@domain].

8. Security

We maintain appropriate technical and organizational measures (encryption in transit/at rest, access controls, logging). No method is 100% secure.

9. Cookies & analytics

We use necessary cookies for authentication/session management. Optional analytics cookies are used only with consent.

10. Sub-processors

Our current sub-processors are listed in the Data Processing Addendum and may include Microsoft Azure, Azure Communication Services, and (if enabled) SendGrid.

11. Children

The service is not directed to children under 16.

12. Changes

We may update this policy; material changes will be notified in-app or by email.

13. Contact

privacy@BIModular.com · BIModular EIRL, 75007 Paris France.