smallbimPRO
Crafted DesignProfessional DrawingsSmart BOQ

Privacy Policy

Last updated: March 1, 2026

SmallBIM Studio ("Company" or "we") is committed to protecting the personal data of our users. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the website pro.smallbimstudio.com and Small BIM PRO software, in compliance with the Personal Data Protection Act B.E. 2562 (PDPA).

1. Data We Collect

We collect the following personal data:

1.1 Data You Provide Directly

  • Full name
  • Email address
  • Password (encrypted)
  • Social account data (Google, GitHub) when signing up via these methods
  • Payment evidence (bank transfer slips)

1.2 Automatically Collected Data

  • Device information (machine name, Machine ID, Revit Version)
  • IP Address
  • Website visit data (pages visited, device type)
  • Session usage data
  • Cookies and similar technologies

2. Purpose of Data Use

We use your personal data to:

  • Create and manage user accounts
  • Verify identity and maintain account security
  • Manage licenses and software usage rights
  • Verify and approve payments
  • Prevent unauthorized use (e.g., verifying the number of activated machines)
  • Improve and develop our services
  • Analyze website usage to improve user experience
  • Communicate, notify, and send relevant updates
  • Comply with applicable laws and regulations

3. Legal Basis for Data Processing

We process your personal data on the following legal bases:

  • Contractual performance: To provide services as requested (account registration, license management)
  • Consent: For sending newsletters and using non-essential cookies
  • Legitimate interest: To prevent fraud and improve services
  • Legal obligation: When the law requires data retention

4. Disclosure of Data to Third Parties

We may disclose your personal data to third parties in the following cases:

  • Infrastructure providers: Supabase (database and authentication), Vercel (website hosting)
  • Authentication providers: Google, GitHub (when signing up with social accounts)
  • Email service provider: Resend (for sending notification emails)
  • As required by law: When ordered by government agencies or courts

These service providers may store data on servers located outside of Thailand. We take appropriate measures to ensure your data is protected.

5. Cookies and Tracking Technologies

We use the following technologies:

  • Essential cookies: For authentication (session) and website functionality
  • Local Storage: Stores anonymous session IDs for usage analytics

We do not use third-party cookies for advertising purposes.

6. Data Retention Period

  • Account data: Retained for the duration the account is active, and deleted within 90 days after account cancellation
  • Payment data: Retained as required by law (no less than 5 years)
  • License and activation data: Retained for the duration the license remains valid
  • Website visit data: Retained for no more than 1 year

7. Data Subject Rights

Under the Personal Data Protection Act (PDPA), you have the following rights:

  • Right of access: Request to view your personal data that we have collected
  • Right of rectification: Request to correct your data to be accurate and up to date
  • Right of erasure: Request deletion of your personal data when no longer necessary
  • Right of restriction: Request temporary restriction of personal data processing
  • Right to object: Object to data processing in certain cases
  • Right to data portability: Request to receive your data in a machine-readable format
  • Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal

To exercise your rights, please contact us via the channels in Section 11. We will process your request within 30 days.

8. Data Security

We implement the following security measures:

  • Data encryption in transit (SSL/TLS)
  • Password encryption with bcrypt
  • Row Level Security (RLS) in the database to restrict data access
  • API rate limiting
  • Multi-level administrator authentication

9. Children's Data

Our services are not designed for individuals under the age of 20. We do not intentionally collect personal data from minors. If we discover that minor data has been collected unintentionally, we will delete such data immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on the website with the date of the update. If there are significant changes, we will notify you via email or website notification.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights under the PDPA, please contact us at:

  • Email: smallbim.studio@gmail.com
  • Website: pro.smallbimstudio.com