Your BIM model contains proprietary design IP. We handle it accordingly.
Architecture firms upload federated models containing unreleased project geometry, owner program data, and subconsultant coordination records. Your model files are encrypted in transit and at rest, isolated per tenant, and never used to train AI models.
How we protect your model data
All data in transit is encrypted with TLS 1.3. Model files stored at rest are encrypted with AES-256. Encryption keys are managed separately from data stores using AWS KMS.
Each firm's project data is logically isolated at the tenant level. Bimvyne staff can only access customer data with explicit written authorization from the customer, logged in our access audit trail.
Your model files, clash data, and project records are not used to train Bimvyne's AI models. Training uses synthetic geometry datasets only. This is a contractual commitment, not a best-effort policy.
Model files are deleted from storage after analysis completes. Project clash records and reports are retained for 12 months from last activity, then permanently deleted. On cancellation, all data is deleted within 30 days.
All accounts support multi-factor authentication. Firm tier includes SAML SSO integration. Session tokens expire after 24 hours of inactivity. Admin role required to add team members or access billing.
Bimvyne runs on AWS in the us-east-1 and us-west-2 regions. We use AWS services with SOC 2 Type II certification. Data residency is US-only. We do not use third-party subprocessors that host your model data outside AWS.
Security FAQ
Bimvyne is designed with SOC 2 controls in mind and runs on AWS infrastructure that holds SOC 2 Type II certification. We have not yet completed our own SOC 2 audit. If your firm requires SOC 2 attestation as a procurement requirement, contact us at [email protected] to discuss our current controls documentation and timeline.
We can execute a Data Processing Agreement (DPA) with Enterprise tier customers. Custom BAA arrangements for HIPAA-regulated data are not in scope for Bimvyne's current product — our product is designed for AEC BIM data, not healthcare records.
Model files uploaded to Bimvyne are stored temporarily in AWS S3 (us-east-1) during analysis processing. After analysis completes, the raw model file is deleted. Clash results and project metadata are retained in encrypted databases in us-east-1. No customer data is stored outside the US.
Contact [email protected] with your firm account name and the specific projects you want deleted. We will confirm deletion within 5 business days. You can also delete individual projects from the project settings page in your account dashboard.
Security inquiry or disclosure?
Contact our security team at [email protected]. For vulnerability reports, use the same address — we respond within 2 business days.