FIMIT logoFIMIT← Back to site

Legal

Privacy Policy

Last updated 2026-06-25

This Privacy Policy explains how FIMIT ("we", "us") collects, uses and protects personal data when you use the FIMIT 3D scanning service — the iOS app and the web dashboard at https://app.fim-it.com. FIMIT is the data controller. We are sole trader (autónomo) established in Spain and operate under the EU General Data Protection Regulation (GDPR).

Who we are

FIMIT is the controller responsible for your personal data. For any privacy question, or to exercise your rights, contact us at info@fim-it.com.

Data we collect

We collect the following categories of data:

  • Account data — your name, email address, phone number, organization name and type, and role.
  • Scan content — the 3D LiDAR scans, floor plans, room measurements, project details and files you create or upload.
  • Billing data — subscription and transaction records. Card details are handled directly by Stripe; we never see or store them.
  • Usage and technical data — log data, device and browser information, and IP address, used for security and to operate the service.

How we use your data (purposes)

We use personal data to:

  • Provide and operate the FIMIT service (create your account, store and render your scans, manage your organization and projects).
  • Process subscriptions, payments, taxes and invoices.
  • Send service communications (confirmations, password resets, important notices).
  • Keep the service secure, prevent abuse, and debug problems.
  • Comply with our legal and accounting obligations.

Legal basis for processing

We rely on the following GDPR legal bases (Art. 6):

  • Performance of a contract — to provide the service you signed up for.
  • Legal obligation — to keep accounting/tax records as required by Spanish and EU law.
  • Legitimate interests — to secure, maintain and improve the service (balanced against your rights).
  • Consent — where we ask for it explicitly (you can withdraw consent at any time).

Sharing and sub-processors

We do not sell your personal data. We share it only with the service providers (sub-processors) needed to run FIMIT, each bound by a data-processing agreement, and with authorities where the law requires it. Our current sub-processors:

  • Supabase — Application hosting, PostgreSQL database, authentication and file storage (European Union (Frankfurt region)).
  • Stripe — Payment processing and subscription billing (we never store card numbers) (EU/US — transfers covered by Standard Contractual Clauses).
  • Brevo — Transactional email (sign-up confirmation, password reset, notifications) (European Union).
  • Cloudflare — Web hosting, content delivery and DNS for the dashboard (Global edge network — transfers covered by Standard Contractual Clauses).

International transfers

Your data is hosted in the European Union. Where a sub-processor processes data outside the EU (for example Stripe or Cloudflare), the transfer is protected by the European Commission’s Standard Contractual Clauses or an equivalent safeguard.

Data retention

We keep account and scan data for as long as your account is active. When you or your organization is deleted, data moves to Trash and is permanently anonymized after 30 days. Financial records (invoices/transactions) are retained for the period required by Spanish tax and accounting law, even after account deletion.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, port and object to the processing of your personal data, and to withdraw consent. FIMIT provides in-product account deletion and anonymization so you can exercise the right to erasure directly. To make any other request, email info@fim-it.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es).

Security

We protect your data with encryption in transit, hashed passwords, strict per-organization database isolation (row-level security), and access controls. No system is perfectly secure, but we work to protect your information and will notify you and the authorities of a breach where the law requires.

Children's data

FIMIT is a business tool not intended for children. We do not knowingly collect data from anyone under 16.

Changes to this policy

We may update this policy as the service evolves. We will post the new version here and update the "last updated" date; significant changes will be communicated to you.

Contact

Questions about this policy or your data? Email info@fim-it.com.

Terms of Service