Privacy policy.

The data controller for personal data processed via ifcreport.app is Jarre Dev CommV, Paardestraat 64, 9000 Gent, Belgium. For any privacy-related question — access, correction, deletion, complaint — contact info@jarre.dev.

ifcreport.app handles two kinds of data, in very different ways:

• Your IFC models. Parsed in your browser, in a Web Worker. They are not uploaded to our servers, never leave your device, and we have no technical means to read them. The PDF report is also generated client-side.
• Your account data. Email address, authentication identifiers, billing details and minimal report metadata (file name, schema version, total element count, summary counts) are stored on our servers so that we can give you access to your account, bill you, and show your past reports.

We do not set tracking cookies on visitors and we do not collect any personal data about you simply for browsing the site. We use Plausible Analytics, which is cookieless and stores only aggregate, anonymous statistics (referrer, country, browser, OS, screen size). Plausible explicitly does not use any kind of personal identifier, fingerprint or cross-site tracking, and its data is hosted in the EU.

When you create an account or subscribe to ifcreport Pro, we collect and store the following:

• Email address — required to create the account and to send transactional email (receipts, billing notices, account recovery).
• Authentication identifiers — an opaque user id and, where you sign in with Google, a stable subject identifier from that provider.
• Billing information — only metadata: a Stripe customer id and your subscription status. Card numbers, billing addresses and tax identifiers are stored by Stripe, not by us.
• Report metadata — for each report you save: a name you choose, the IFC schema version, project name (if present in the file), total element count, and a summary breakdown by class. The IFC file itself is never stored.
• Branding fields (Pro) — an optional company name and logo URL you supply to brand the PDF.
• Free-tier usage counter — the number of free reports you have generated this month, used to enforce the free limit.

We process your personal data on two legal bases under the GDPR:

• Contract. We need to process your account and billing data to provide the service you signed up for (Article 6(1) (b)).
• Legitimate interest. We process minimal, non-identifying technical telemetry (error reports, aggregate analytics) to keep the service stable and secure (Article 6(1)(f)). You can opt out of error telemetry from your browser using any standard ad-blocker or DNT setting; we do not override these signals.

We use a small number of vetted third-party services to run ifcreport.app. None of them ever receive your IFC models — only the account/billing data needed for their function:

• Clerk — authentication and session management. Receives email and identity-provider data. Hosted in the United States.
• Stripe — payments and billing portal. Receives email, billing/tax details and payment information you enter at checkout. Hosted in the United States and Ireland.
• Neon (PostgreSQL) — application database. Stores the account, report metadata and free-tier counters described above. EU region.
• Vercel — application hosting and edge network. Receives standard server-side request data (IP, user-agent) for transient operational logs. The functions that handle your requests run in EU regions where possible.
• Plausible Analytics — cookieless aggregate analytics for the marketing site. EU-hosted; no personal data.
• Sentry — error and performance monitoring. Receives error stack traces with request context. We strip authentication headers, cookies, and known sensitive query parameters before events leave the runtime; user identifiers are limited to the opaque account id.

A current list of subprocessors is available on request from info@jarre.dev.

Where a subprocessor is located outside the European Economic Area (notably Clerk, Stripe and Sentry, which operate from the United States), transfers are protected by the Standard Contractual Clauses adopted by the European Commission, and the relevant supplementary measures provided by each vendor.

We retain your account data, report metadata and branding settings for as long as your account exists, and only for as long as is necessary to provide the service. When you delete your account, we permanently remove your account record and report metadata without undue delay.

Billing records held by Stripe are retained per Stripe’s own policy and applicable accounting law (typically seven years). Error telemetry in Sentry is retained for 90 days and then automatically purged.

Under the GDPR you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability. To exercise any of these rights, email info@jarre.dev. We respond to all verified requests within one month.

You also have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence. In Belgium that is the Data Protection Authority.

We may update this policy from time to time, for example when adding or replacing a subprocessor. Material changes will be announced at the top of this page, and where the change affects your rights, by email to your registered address before the change takes effect.

For any privacy question, write to info@jarre.dev. For general support, write to support@ifcreport.app.