Privacy Policy

Last updated: May 15, 2026

This Privacy Policy describes how Remairk B.V. (“we”, “us”, “our”) processes personal data in connection with Slimo3D (the “Service”), including our websites, authenticated web application for CAD upload and simplification, and related APIs.

This policy is intended to meet common expectations under EU/UK data-protection law including the GDPR. It complements our Cookies Policy and our Terms of Service.

Remairk B.V. acts as data controller for personal data we determine the purposes and means for. Where we instruct hosting or payment providers purely on our behalf, they typically act as processors subject to contractual safeguards.

1. Contact

For privacy enquiries and exercising your rights:

privacy@slimo3d.com

You may also invoke your rights directly with supervisory authorities—for the Netherlands this is typically the Autoriteit Persoonsgegevens.

2. Data we process

2.1 Account and identity

Email address (login identifier, receipts, transactional messages).
Credential data when you enable email/password authentication: password stored as a one-way cryptographic hash (not plaintext).
Google sign-in identifiers when you authenticate with Google: we receive profile attributes permitted by OAuth scopes (typically including email address and identifiers required to securely link accounts).
Administrative identifiers such as roles, timestamps, verification status, billing plan fields, quotas, login security metadata.

2.2 Service content (“uploads”)

To provide analysis, previews, exports, and project/product features we process CAD files and derived outputs (“Your Content”). CAD data is principally technical—not personal data—for most customers. Where content includes personal information (names in metadata, thumbnails, drawings of individuals, etc.), that content may constitute personal data; you are responsible for obtaining any necessary lawful basis.

2.3 Usage metadata

Operational metadata such as file names/sizes/counts where available, timestamps, endpoints called, diagnostics needed to troubleshoot and secure the Service, quota counters, audit logs proportionate for security/compliance.

2.4 Technical identifiers

IP addresses, user agent/device information, referrer (where transmitted), identifiers in logs for security/abuse mitigation and reliability.

2.5 Payment data

Subscription and checkout flows are facilitated by Stripe. Stripe processes card/bank-level payment information under its own policies as an independent actor for much of that data. On our systems we commonly hold identifiers returned by Stripe (for example Customer ID, subscription identifiers) and statuses needed to authorize features.

Stripe Privacy Policy: stripe.com/privacy

2.6 Marketing communications

Where we invite you to subscribe to marketing or product updates separately from account creation—only if implemented and only if you opt in—we rely on consent for such mailings unless another lawful basis applies. You can withdraw consent at any time using the unsubscribe link or by contacting us. If a newsletter form appears on our site without a wired backend, we will not send marketing emails from that signup until expressly launched and lawfully justified.

3. Purposes and lawful bases

Purpose	Typical basis
Operate, secure, troubleshoot the Service	Performance of contract; legitimate interests (security)
Authentication and account recovery	Performance of contract; legitimate interests
Billing and entitlement checks	Performance of contract; legal obligation where applicable
Mandatory records and responding to lawful requests	Legal obligations
Optional marketing newsletters	Consent (where used)

4. Automated decision-making

We do not use automated decision-making that produces legal effects about you solely by automated processing within the GDPR meaning.

5. Sharing and subprocessors

We do not sell your personal data. We share limited information with recipients where needed:

Stripe: payment facilitation and invoicing workflows.
Hosting / infrastructure providers: where we store backups, databases, queues, CDN, observability—as configured for your deployment region.
Transactional email sending: depending on deployment we may relay email through an SMTP/email provider strictly to deliver transactional messages (verification/password reset).
Google OAuth: only as you initiate sign-in flows; Google operates under its privacy terms for data it processes directly.
Professional advisers and authorities: when required by law or to protect legitimate legal interests proportionately.

We endeavour to impose written processing terms on processors requiring them to safeguard data and assist with compliance obligations.

6. International transfers

Some providers maintain operations outside the EU/EEA. Where personal data transfers outside the EU/EEA occur, we use appropriate safeguards where required—for example EU Standard Contractual Clauses (SCCs) or reliance on adequacy decisions—alongside supplementary measures where warranted.

7. Retention

We retain data only so long as needed for stated purposes:

Accounts: for the lifetime of your account unless you request deletion sooner and we can honor it legally.
Uploaded models and derivatives: according to subscription tier limits and housekeeping jobs published in-app (tier descriptions may cite session-only retention for free usage and numbered-day retention on paid tiers).
Legal/financial logs: longer where accounting or statutory retention requires.
Security logs: short to medium rolling retention balancing investigation needs and minimization.

8. Security

We implement commercially reasonable safeguards (encryption in transit via HTTPS where configured, hashing of passwords where applicable, access controls). No online service can guarantee absolute security; you transmit data at your discretion.

9. Your rights

Subject to law, you may have rights including access, rectification, deletion, restriction, objection, portability, and withdrawal of consent for consent-based processing. To exercise rights, contact privacy@slimo3d.com. We verify requests proportionately to guard fraud.

10. Age limitation

The Service described in our Terms targets users at least sixteen (16) years old. If you believe a child supplied personal information, contact us to request removal.

11. Open source and third-party software

Slimo3D incorporates independent open-source components (see notices in Terms). Using them does not change how we describe your privacy here—but upstream projects maintain their own license texts.

12. Changes

We may revise this Privacy Policy materially. Updates will carry a refreshed “Last updated” date and, where prudent, supplementary notice inside the Service or via email.

13. Questions

Email privacy@slimo3d.com for clarification.