BiMA·gov Privacy Policy

Last updated: 2026-04-21

This Privacy Policy describes how BiMA·gov ("we", "us", "our") collects, uses, and shares information when you use the BiMA·gov software and services (collectively, the "Service").

1. Data we collect

Category	What	Why
Account data	Email, license key, tier, billing address	Authenticate and fulfill subscription
Ticketing data	Ticket summaries and descriptions you submit	Generate change requests
Model shape metadata	Counts of tables, measures, columns (no names, no DAX, no values)	Generate accurate CRs; improve priors
CR history	Generated CR specs, validation outcomes, timestamps	Audit log and rollback
Telemetry (opt-out)	Anonymized error type + scrubbed stack trace	Diagnose production failures
Payment data	Handled by Stripe; we store only the Stripe customer ID	Process subscriptions
Usage logs	IP address, user agent, request path, timestamp	Security, abuse prevention

We do not collect DAX expressions, table names, column names, or cell values. The bima.exe client scrubs these before any network transmission, and the server double-checks and rejects payloads that leak identifiers.

2. How we use data

Provide the Service - authenticate, bill, deliver the functionality you purchased.
Improve the Service - anonymized telemetry informs classifier accuracy, performance, and bug triage.
Security - detect and prevent abuse (rate limiting, quota enforcement).
Communicate - transactional email only (license delivery, receipts, service alerts). No marketing without opt-in.

3. Data sharing

We share data only with the third parties necessary to run the Service:

Stripe - payment processing
Resend - transactional email
Fly.io - hosting
Cloudflare (optional) - CDN / DNS
Crisp (if enabled) - support chat
Plausible (marketing site only) - privacy-first web analytics. Cookie-free, IP-anonymized by default. Plausible's data policy.

We do not sell personal data. We do not share data with advertisers.

3a. Analytics

The public marketing site (bimagov.com, /landing.html, /pricing.html, /blog/, etc.) uses Plausible for aggregate traffic analytics. Plausible does not set cookies and does not collect any personally identifiable information by default. IP addresses are hashed and discarded. No data is ever shared with third parties.

Plausible is only loaded when window.BIMA_PLAUSIBLE_DOMAIN is configured on the deployed site. Self-hosted or development instances do not load the script at all.

Custom events we record: lead.submit (which form was submitted), pricing.toggle (monthly vs annual), cta.click (which CTA was clicked), activation.start, activation.complete. No email addresses or customer identifiers are attached to these events.

4. Data retention

Category	Retention
Account data	Duration of subscription + 7 years
CR history	Duration of subscription + 90 days
Telemetry	30 days (rolling)
Usage logs	90 days
Payment data	Per Stripe's retention policy

5. Your rights

You have the right to access, correct, delete, export, and object to processing of your data. Opt out of telemetry via governance.json (telemetry: false) or BIMA_TELEMETRY=0. To exercise any right, email [email protected].

6. International transfers

If you are in the EU, UK, or another jurisdiction with cross-border transfer restrictions, your data may be processed in the United States or other jurisdictions where our infrastructure providers operate. We rely on standard contractual clauses where applicable.

7. Security

We use HTTPS for all network traffic, Ed25519-signed JWTs for authentication, and encrypted-at-rest storage on our hosting provider. We do not guarantee that any method of transmission or storage is 100% secure; you use the Service at your own risk.

8. Children

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children.

9. Changes

We may update this Policy from time to time. Material changes will be notified at least 30 days in advance.

10. Contact

Questions or data requests: [email protected].