Privacy Policy for Plateau Last updated: {{DATE}} Plateau (“we”, “our”, “us”) operates the website https://plateau.ar and provides a cloud-based 3D model viewer, configurator, AR tools, and related services (“Services”). This Privacy Policy explains how we collect, use, store, and protect your information when you use our Services. By accessing or using Plateau, you agree to the terms of this Privacy Policy. ⸻ 1. Information We Collect 1.1 Account Information When you create an account, we collect: • Full name • Email address • Password (hashed and salted – never stored in plain text) • Company name (if provided) • Subscription plan and billing details 1.2 Authentication & Security • JWT tokens stored in your browser (localStorage) • Email verification status • Login timestamps and device/IP metadata (for security and fraud prevention) 1.3 Uploaded Content When you upload models or media, we store: • 3D model files (.glb, .gltf, textures, thumbnails, etc.) • Preview thumbnails generated by you • Metadata you enter (title, description, variants, etc.) Files are stored in Google Cloud Storage, inside your dedicated model folder. 1.4 Usage & Analytics Data We automatically collect: • Number of downloads/views of your models • File size of downloads • API calls performed • AR interactions • Viewer interactions (e.g., variants switched) • Request timestamps These logs are used for: • Usage-based billing • Performance optimization • Security monitoring • Improving user experience 1.5 Billing Information Payment and subscription processing is handled by Stripe, not Plateau. We never store your full credit card details. Stripe may collect: • Card details • Billing address • VAT numbers / tax details • Subscription history • Usage records for metered billing Stripe processes this data under its own Privacy Policy. ⸻ 2. How We Use Your Information We use your data to: Provide and Improve the Service • Host and display your 3D models • Process uploads, conversions, thumbnails, and AR assets • Secure your account and authenticate access • Calculate usage (downloads, bandwidth, API calls) Billing and Subscription Management • Process payments via Stripe • Generate invoices • Enforce model limits and bandwidth usage • Notify you of overage fees or subscription changes Support & Communication • Send transactional emails (verification, reset, receipts) • Notify you of updates or system changes • Provide technical support Analytics • Monitor platform performance • Detect abuse or suspicious usage • Provide analytics dashboards to you We never sell your data. ⸻ 3. Legal Basis (GDPR) We only process your data when one of the following applies: • Performance of a contract (your subscription/custom use) • Your consent (e.g., email verification) • Legitimate interests (security, analytics, fraud prevention) • Legal compliance (tax, financial reporting) ⸻ 4. How Your Data Is Stored 4.1 Storage Locations • Google Cloud Storage for model files and thumbnails • MongoDB Atlas (EU region) for account & metadata • Stripe for payment information 4.2 Security Measures We use: • Fully encrypted databases (at rest and in transit) • Signed URLs for accessing model and image files • Hashed and salted passwords • Server-side validation and sanitization • Regular backups • Strict bucket-level access (no public access) Uploads, downloads, and all API requests are secured via HTTPS. ⸻ 5. Sharing of Information We do not sell or share your personal information with third parties except: 5.1 Service Providers We share necessary data with: • Stripe – billing and payment • Google Cloud – file storage, hosting • Email provider – sending verification & transactional emails These providers comply with strict data protection requirements. 5.2 Legal Requirements We may disclose information if required by: • Law • Court order • Government authority Only when legally obligated. ⸻ 6. Data Retention We retain: Type of Data Retention Period Account data Until you delete your account Billing records Minimum 7 years (legal requirement) Download logs Used for monthly billing; retained for tax & audit Model files Until you delete them or your account is terminated You may delete your models at any time. ⸻ 7. Your Rights (EU GDPR) You have the right to: • Access your personal data • Correct inaccurate information • Delete your account and data • Export your data • Withdraw consent • Object to processing • File a complaint with your local Data Protection Authority To exercise your rights, email us at: 📧 support@plateau.ar ⸻ 8. Cookies & Tracking Plateau uses: Essential Cookies • Authentication (JWT stored in localStorage) • Session tokens • Security / CSRF protection Analytics Cookies • Google Analytics (anonymous event tracking) You can disable cookies, but some features may stop working. ⸻ 9. Children’s Privacy Plateau is not intended for children under 16. We do not knowingly collect data from children. ⸻ 10. Third-Party Links Our pages may embed external websites (e.g., AR content, iframes). We are not responsible for their privacy practices. ⸻ 11. International Data Transfers Some services we use (Stripe, Google Cloud) may process data outside the EU, but always with appropriate safeguards such as Standard Contractual Clauses (SCCs). ⸻ 12. Changes to This Policy We may update this Privacy Policy. Changes will be posted on this page with an updated date. ⸻ 13. Contact If you have questions about this Privacy Policy or your data: 📧 support@plateau.ar 📍 Rotterdam, The Netherlands