Legal

Privacy Policy

Effective date: April 16, 2026  ·  Last updated: April 16, 2026

Overview

BeyondAEC ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at beyondaec.com or use our subscription visualization services. Please read this policy carefully. If you do not agree with its terms, please discontinue use of the site.

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date above. Continued use of the site after changes constitutes your acceptance of the revised policy.

Data We Collect

Information You Provide Directly

  • Account registration data: name, company name, email address, password (hashed)
  • Billing and subscription information (processed by Stripe — we do not store raw card data)
  • Order details: project name, service type, file uploads (CAD, DWG, DXF, PDF, JPG)
  • Contact form submissions: name, email, company, message, attached files
  • SMS opt-in consent when you provide your phone number

Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, timestamps
  • Device identifiers and session tokens
  • Cookie data (see Cookies section below)

Information from Third Parties

  • Payment status and subscription events from Stripe webhooks
  • Authentication tokens when signing in via supported identity providers

How We Use Your Data

We use the information we collect to:

  • Create and manage your account and subscription
  • Process orders, deliver renders, and track project status
  • Send transactional emails (order confirmations, render delivery, invoice receipts)
  • Send SMS notifications when you have opted in (see SMS / A2P Messaging section)
  • Respond to inquiries submitted through the contact form
  • Improve and optimize site performance and user experience
  • Comply with legal obligations and enforce our Terms of Service
  • Detect, prevent, and address fraud or security incidents

We do not sell your personal information to third parties. We do not use your data for advertising or marketing profiling beyond direct communications related to your account.

Third-Party Services

We share data with trusted third-party services only as necessary to operate our platform:

  • Stripe — Payment processing. Stripe may collect your card details and billing address subject to the Stripe Privacy Policy.
  • DigitalOcean — Cloud hosting and database infrastructure. Data is stored in secure, SOC 2 Type II certified data centers.
  • Email delivery provider (Resend / SendGrid) — Used to send transactional and notification emails on our behalf.
  • SMS provider — Used to deliver opt-in text message notifications. Carriers are not liable for delayed or undelivered messages.

Each third-party service has its own privacy policy governing how they handle your data. We encourage you to review them. We are not responsible for the privacy practices of these providers beyond our contractual obligations with them.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Account and billing data: retained for the life of the account plus 7 years for tax/legal purposes
  • Order files and renders: retained for 12 months after project completion, then purged unless you request extended storage
  • Contact form submissions: retained for 24 months
  • Log data: retained for 90 days
  • SMS opt-in records: retained for the duration of the program plus 4 years (TCPA requirement)

When you close your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it longer.

Your Rights

GDPR (EEA / UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request erasure ("right to be forgotten") where legally permissible
  • Restrict or object to processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local supervisory authority

CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your CCPA rights

To exercise any of these rights, contact us at privacy@beyondaec.com. We will respond within 30 days (GDPR) or 45 days (CCPA) of receiving a verifiable request.

Cookies

We use cookies and similar tracking technologies to:

  • Essential cookies — Required for authentication, session management, and security (e.g., NextAuth session cookies). Cannot be disabled.
  • Analytics cookies — Help us understand how visitors interact with the site (page views, navigation paths). Used in aggregate only.

You can control cookie settings through your browser preferences. Disabling essential cookies will prevent you from logging in or using authenticated features.

We do not use advertising cookies or cross-site tracking cookies. We do not share cookie data with advertising networks.

SMS / A2P Messaging

Consent: By providing your mobile phone number and opting in, you expressly consent to receive text messages from BeyondAEC regarding your account, orders, and service updates. Consent is not a condition of purchase. Message and data rates may apply.

Message Types

  • Order status updates (submitted, in progress, delivered)
  • Render completion and delivery notifications
  • Revision request confirmations
  • Account and billing alerts

Message Frequency

Message frequency varies based on your account activity. You may receive up to 5 messages per order event. You will not receive promotional or marketing SMS messages unless you separately opt in to a marketing program.

Opt-Out / Opt-In

  • Reply STOP to unsubscribe from all messages at any time
  • Reply START to re-subscribe after opting out
  • Reply HELP for assistance
  • You may also manage SMS preferences in your account dashboard under Billing & Notifications

Carrier Disclaimer

Carriers are not liable for delayed or undelivered messages. Supported carriers include but are not limited to AT&T, T-Mobile, Verizon, Sprint, Boost Mobile, MetroPCS, and US Cellular. SMS is available for US and Canada numbers.

Data Shared with SMS Providers

Your mobile number is shared with our SMS delivery provider solely for the purpose of delivering messages you have opted into. We do not sell your phone number. SMS opt-in data is not shared with third parties for marketing purposes. Your privacy choices related to SMS are independent of other data processing activities.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

BeyondAEC

Email: privacy@beyondaec.com

General contact: beyondaec.com/contact

For GDPR requests, please include "GDPR Request" in the subject line. For CCPA requests, include "CCPA Request."