Privacy Policy
Last updated: 18 April 2026
Who we are
AllAddin is operated by MeliUX Ltd, a company registered in England and Wales. When this policy says "we", "us", or "our", it means MeliUX Ltd.
What we collect and why
| Data | When | Why | Lawful basis |
|---|---|---|---|
| Email address, optional note | You submit the waitlist form | So we can get in touch about access | Consent (you clicked the button) |
| IP address, user-agent string | Every request to our server | Rate limiting, spam prevention, security | Legitimate interest |
| Your Revit prompt (natural-language text) | You send a command via the add-in | To generate a response from the AI model | Contract performance |
| A structured abstraction of your model context | With each prompt | Gives the AI enough context to write working code | Contract performance |
| Token hash, request timestamps, token counts | Each API call | Usage tracking, rate limits, abuse prevention | Legitimate interest |
| Snapshot of your Revit model metadata | Only when you explicitly click the cloud-upload button in the Lab pane. Never automatic. | Cross-time analytics, diff reports, and team dashboards. Contains element identifiers, categories, levels, and the parameters you selected when capturing the snapshot. Never the underlying Revit file itself. | Consent (you clicked upload) |
What we do NOT collect
- We do not collect your Revit files, drawings, or BIM models. Your files stay on your machine.
- We do not upload snapshots automatically. A snapshot leaves your machine only when you click the cloud-upload button.
- We do not use cookies, third-party tracking pixels, or third-party analytics.
- We do not share or sell your data to advertisers.
- We do not use your prompts or model metadata to train AI models.
Server-side page-view logging
We log aggregate page-view statistics server-side for the alladdin.dev website (not the AllAddin add-in). No cookies, no JavaScript beacons, no tracking pixels: a server-side middleware records one row per HTML page render with the URL path, response status, referrer host, and UTM source if present. Your IP address and user-agent string are not stored in plaintext; they are hashed with a daily-rotating salt (for unique-visitor counts) and a two-hour-rotating salt (for sessionising consecutive pageviews). Those hashes are not persistent identifiers and cannot be used to track you across days or devices. Bots (Googlebot, GPTBot, LinkedInBot, etc.) are detected from the user-agent string and flagged so we can separate crawler traffic from human traffic in our dashboards.
Sub-processors
The current list of third-party services that process personal data on our behalf is on our live sub-processor register. Each sub-processor operates under its own Data Processing Agreement, which includes UK/EU Standard Contractual Clauses (SCCs) or an International Data Transfer Agreement (IDTA) covering transfers outside the UK. The DPA link for each provider is on the register.
How long we keep it
- Waitlist entries - kept until you ask us to remove them, or until we contact you and you decline.
- Audit logs (request timestamps, token usage, IP address) - automatically pruned after 90 days.
- Security events (failed auth, rate-limit hits) - automatically pruned after 90 days.
- Prompts - not stored by us beyond the duration of the API call. Anthropic's retention policy applies to what they receive.
- Snapshots (if you uploaded any) - retained until you delete them via the add-in UI or email us a deletion request.
Your rights
Under UK GDPR you can:
- Access - ask what data we hold about you.
- Erasure - ask us to delete your data.
- Portability - ask for a machine-readable copy of your data.
- Object - object to processing based on legitimate interest.
- Complain - file a complaint with the Information Commissioner's Office (ICO).
To exercise any of these, email us at hello@alladdin.dev with "Privacy request" in the subject line. We will acknowledge within 7 days and respond in full within 30 days.
Changes to this policy
We may update this policy as AllAddin evolves. Material changes will be posted here with an updated date. We will not reduce your rights without notice.