Privacy Policy

Privacy Policy Last updated: 26 December 2025 1. Controller and Contact The controller responsible for the processing of personal data on this website and in the SimplifyMesh service within the meaning of the EU General Data Protection Regulation (GDPR) is: Nicolas Mogicato Nicolas Mogicato Software Solutions Wiesenstr. 10 88276 Berg Germany Email: support@simplifymesh.com Questions about this Privacy Policy or about how personal data is processed can be sent to the postal address above or to support@simplifymesh.com. 2. Scope of this Privacy Policy This Privacy Policy explains how SimplifyMesh (operated by Nicolas Mogicato) processes personal data when individuals: - use the SimplifyMesh application, - create or use an account, - purchase or use paid plans, - communicate by email or other channels. 3. Categories of Data Processed SimplifyMesh may process the following categories of personal data: 3.1 Account and Contract Data - Name (if provided) - Email address - Password (stored only in hashed form) - Plan and subscription details (e.g. Starter, Professional, Professional Plus, Business, Enterprise) - Billing-related information (e.g. invoices, plan changes, cancellations) 3.2 Payment Data Payments for paid plans are handled by third-party payment service providers. Full credit card numbers are never stored in SimplifyMesh systems. Stripe Payments Europe, Ltd. and, where applicable, Stripe, Inc. act as the payment service provider. Stripe processes your payment data (such as name, email address, billing address, partial card details, transaction IDs) to complete payments for SimplifyMesh. Data may be transferred to countries outside the EU/EEA; such transfers are based on standard contractual clauses and other safeguards implemented by Stripe. The payment provider may process, for example: - name, - email address, - billing address, - partial payment card details, - transaction IDs and timestamps. SimplifyMesh receives from the payment provider a confirmation that a payment has been made or failed, and limited information necessary for invoicing and accounting. Regional pricing and currency selection: the service may pre-select a display currency based on your approximate location (e.g. IP address or country headers) for convenience, but the payment provider (Stripe) uses your billing address to determine the legally correct currency and taxes at checkout. If your billing address differs from the detected location, the provider may adjust the currency accordingly. Using VPNs or proxies can influence the detected currency; disabling them helps ensure your local pricing is applied. 3.3 Mesh Files and Technical Content When you use the service, SimplifyMesh processes: - 3D mesh files that you upload (e.g. OBJ, STL, PLY, GLB), - simplified output files generated by the service, - metadata necessary to process these files (e.g. file size, format, processing parameters). 3.4 Technical Usage Data and Logs When you visit the Website or use the service, the following may be collected automatically: - IP address - date and time of access - URLs accessed and pages viewed - browser type and version - operating system - referrer URL - basic usage metrics (e.g. number of simplifications performed, plan usage) These data are typically stored in server logs and are required for the secure operation of the Website and service. 3.5 Communication Data If you contact SimplifyMesh (e.g. by email), the following are processed: - your email address, - the content of your message, - any additional information you provide (e.g. name, company, project details). 3.6 Job Metadata and Dashboard History When you run simplification jobs, limited metadata is generated to help you review recent activity. This includes: - job ID, status and format, - the original filename associated with the job, - timestamps and processing metrics. Only the filenames of your five most recent jobs are surfaced in the Dashboard's "Recent Jobs" widget. You can delete any entry (and its associated filename) yourself at any time via the Delete button on the Jobs page; this immediately removes it from the recent list. 3.7 Anonymized Processing Telemetry To improve the quality and user experience of the service, SimplifyMesh stores anonymized telemetry derived from completed jobs. This telemetry may include file format, file size, vertex and face counts, texture presence (yes/no), output mode, LOD reduction range, and processing time. It is stored without account identifiers, job IDs, filenames, or IP addresses and cannot be used to reconstruct your files. 4. Purposes and Legal Bases of Processing Personal data is processed only where allowed by the GDPR. Depending on the situation, the legal basis is in particular: 4.1 Performance of a Contract (Art. 6(1)(b) GDPR) Data is processed to provide and operate the service and fulfil contractual obligations, for example: - creating and managing your account, - providing mesh simplification and related features, - processing subscription payments and managing plans, - providing customer support. 4.2 Compliance with Legal Obligations (Art. 6(1)(c) GDPR) Data is processed where necessary to comply with legal obligations, for example: - accounting and tax documentation requirements, - storage obligations under commercial and tax law. 4.3 Legitimate Interests (Art. 6(1)(f) GDPR) Data is processed to pursue legitimate interests of the service provider, for example: - ensuring the security and stability of the systems, - preventing abuse and unauthorized use of the service, - analyzing basic usage (e.g. which plans are used, capacity planning), - improving service quality and user experience using anonymized processing telemetry, - improving and developing the service. These interests are balanced against your interests and fundamental rights. Where your interests override the service provider's interests, this legal basis is not used. 4.4 Consent (Art. 6(1)(a) GDPR) Where consent is requested (for example for optional email marketing or optional analytics), the data is processed only on the basis of that consent. Consent can be withdrawn at any time with effect for the future. 5. Mesh Files and Data Retention 5.1 Processing of Mesh Files Mesh files are processed automatically to provide the simplification service. They are used only to: - perform the requested simplifications, - generate the corresponding output files, - maintain and improve the service (e.g. troubleshooting and quality improvements, to the extent technically necessary and legally permissible). 5.2 No Permanent Storage of Mesh Files SimplifyMesh does not intend to permanently store mesh files after processing is completed. As a rule: - input files and generated output files are kept only as long as necessary to perform the simplification, make the results available for preview and download (currently up to 24 hours after a job completes), and ensure the security and stability of the systems, - you can delete a job at any time via the Jobs page, which removes stored files for that job earlier, - after that, files are deleted or overwritten. You remain responsible for backing up your own original and processed files. 5.3 Data Location for EU Customers If your billing address or primary establishment is in the European Union, mesh files, account data and related personal data are hosted and processed exclusively on EU-based servers that operate under GDPR-compliant agreements. Transfers outside the EU/EEA occur only if you explicitly request a feature that requires such a transfer or where there is a legal obligation to do so; in those cases appropriate safeguards are implemented. 5.4 Security of Stored Data Stored personal data is protected through appropriate technical and organizational measures, including strict access controls, TLS-encrypted transport, encryption at rest where feasible, regular security updates, and monitored infrastructure. These controls are reviewed periodically to keep pace with industry practices. 5.5 Self-hosted Analytics (Umami) To understand how the public marketing pages and dashboard are used, SimplifyMesh runs a self-hosted instance of the open-source Umami analytics platform on EU-based infrastructure under the provider's exclusive control. The tracker operates in cookieless mode and therefore does not store or read identifiers from your device. When you access the pages, Umami records technical metadata such as the truncated IP address, user-agent, page URL, referring URL, screen size, browser locale, and timestamps. The raw requests are automatically aggregated and deleted after 12 months, and only high-level statistics are reviewed (page views, conversion funnels, failed states). Processing is based on the legitimate interest in measuring reach and ensuring the stable operation of the service (Art. 6(1)(f) GDPR in conjunction with § 25(2) TTDSG). You can object to this processing at any time by contacting support@simplifymesh.com; future sessions will then be excluded from statistical analysis. 6. Retention Periods Personal data is stored only for as long as necessary for the purposes described above or as required by law. In particular: - Account and contract data: for the duration of the contract and thereafter for the limitation periods of any legal claims, and as long as required by commercial and tax law. - Billing and payment data: for the retention periods required by tax and commercial law (typically 6–10 years, depending on the jurisdiction). - Technical logs: for a short period (typically up to 3 months / 90 days) unless a longer retention is necessary for security, incident investigation, or legal purposes. - Communication data: for as long as necessary to process your request and, if applicable, for the limitation period of any related legal claims. - Mesh input and output files: stored for up to 24 hours after a job completes (or until you delete the job), then deleted. - Job metadata: retained while your account remains active so you can review your recent history. You may delete individual job entries at any time via the Delete button in the Jobs view, which removes the filename and associated dashboard reference immediately. If you close or delete your account, the remaining job metadata is deleted or permanently anonymized within 30 days unless a longer retention is required by law. - Anonymized processing telemetry: stored without direct identifiers and retained as long as needed to improve service quality and user experience. This data is not linked to your account. 7. Recipients and Data Processing by Third Parties Personal data may be shared with third parties where necessary for the purposes described above, for example: - Hosting providers (to run the Website and service) - Payment service providers (to process subscription payments) - Email providers and communication tools - External consultants (e.g. tax advisors), where legally necessary - Authorities and courts, where required by law or to protect the service provider's legal rights Service providers are selected carefully and data processing agreements are concluded where required by law. 8. International Data Transfers Primary processing for EU customers takes place on infrastructure physically located within the EU/EEA. EU-customer personal data is not transferred outside the EU/EEA unless it is strictly necessary (for example if support is requested from a non-EU location or when interacting with global payment providers) or there is a legal obligation to do so. For customers outside the EU/EEA, processing may take place on servers located either inside or outside the EU/EEA depending on the selected region and infrastructure provider, and in every case the safeguards described below apply. In other scenarios, servers or service providers may be located in countries outside the European Union (EU) or European Economic Area (EEA). If personal data are transferred to such countries, an adequate level of data protection is ensured. For payments, Stripe Payments Europe, Ltd. and, where applicable, Stripe, Inc. may process payment data in countries outside the EU/EEA and rely on EU Standard Contractual Clauses and other safeguards for such transfers. Such transfers rely on, for example: - an adequacy decision of the European Commission, or - standard contractual clauses adopted by the European Commission. 9. Your Rights under the GDPR You have the following rights with regard to your personal data, subject to the requirements and limitations under applicable law: - Right of access (Art. 15 GDPR) – to obtain confirmation whether SimplifyMesh processes your data and information about such processing. - Right to rectification (Art. 16 GDPR) – to request correction of inaccurate or incomplete data. - Right to erasure (Art. 17 GDPR) – to request deletion of your data, in particular if they are no longer necessary for the purposes for which they were collected or processed. - Right to restriction of processing (Art. 18 GDPR). - Right to data portability (Art. 20 GDPR) – to receive data you provided to us in a structured, commonly used and machine-readable format and to transmit them to another controller, where applicable. - Right to object (Art. 21 GDPR) – you can object at any time to processing of your data based on the service provider's legitimate interests, on grounds relating to your particular situation. - Right to withdraw consent (Art. 7(3) GDPR) – if processing is based on your consent, you can withdraw your consent at any time with effect for the future. You can exercise your rights by contacting support@simplifymesh.com or using the contact details above. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or the place of the alleged infringement. 10. Obligation to Provide Data Certain data are required for contractual purposes (e.g. to create an account, to process payments) or to comply with legal obligations. If you do not provide these data, the service may not be available or the contract may not be concluded/fulfilled. 11. Automated Decision-Making / Profiling No automated decision-making, including profiling, is carried out that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR. 12. Changes to this Privacy Policy This Privacy Policy may be updated from time to time, for example to reflect changes to the service or legal requirements. The current version is always available within the application. If material changes affect your rights or how personal data is processed, you will be informed in an appropriate manner (for example via email or an in-app notice).