Privacy Policy
Last updated: 16 April 2026
Who we are
AllAddin is operated by Meliux Ltd, a company registered in England and Wales. When this policy says "we", "us", or "our", it means Meliux Ltd.
What we collect and why
| Data | When | Why | Lawful basis |
|---|---|---|---|
| Email address, optional note | You submit the waitlist form | So we can get in touch about access | Consent (you clicked the button) |
| IP address, user-agent string | Every request to our server | Rate limiting, spam prevention, security | Legitimate interest |
| Your Revit prompt (natural-language text) | You send a command via the add-in | To generate a response from the AI model | Contract performance |
| A structured abstraction of your model context | With each prompt | Gives the AI enough context to write working code | Contract performance |
| Token hash, request timestamps, token counts | Each API call | Usage tracking, rate limits, abuse prevention | Legitimate interest |
| Snapshot of your Revit model metadata | Only when you explicitly click the cloud-upload button in the Lab pane. Never automatic. | Cross-time analytics, diff reports, and team dashboards. Contains element identifiers, categories, levels, and the parameters you selected when capturing the snapshot. Never the underlying Revit file itself. | Consent (you clicked upload) |
What we do NOT collect
- We do not collect your Revit files, drawings, or BIM models. Your files stay on your machine.
- We do not upload snapshots automatically. A snapshot leaves your machine only when you click the cloud-upload button.
- We do not use cookies, tracking pixels, or third-party analytics.
- We do not share or sell your data to advertisers.
- We do not use your prompts or model metadata to train AI models.
Sub-processors
We use the following third-party services to operate AllAddin:
| Service | What they see | Where |
|---|---|---|
| Anthropic (Claude API) | Your prompt text + model-context abstraction | US |
| Railway | Server logs, database (waitlist, audit logs) | US |
| Sentry | Error reports (no PII by default) | US |
Each sub-processor operates under its own publicly-available Data Processing Agreement, which includes UK/EU Standard Contractual Clauses (SCCs) or an International Data Transfer Agreement (IDTA) covering transfers to the United States. Links to the current DPAs for each provider are available on request.
How long we keep it
- Waitlist entries - kept until you ask us to remove them, or until we contact you and you decline.
- Audit logs (request timestamps, token usage, IP address) - automatically pruned after 90 days.
- Security events (failed auth, rate-limit hits) - automatically pruned after 90 days.
- Prompts - not stored by us beyond the duration of the API call. Anthropic's retention policy applies to what they receive.
- Snapshots (if you uploaded any) - retained until you delete them via the add-in UI or email us a deletion request.
Your rights
Under UK GDPR you can:
- Access - ask what data we hold about you.
- Erasure - ask us to delete your data.
- Portability - ask for a machine-readable copy of your data.
- Object - object to processing based on legitimate interest.
- Complain - file a complaint with the Information Commissioner's Office (ICO).
To exercise any of these, email us at hello@alladdin.dev with "Privacy request" in the subject line. We will acknowledge within 7 days and respond in full within 30 days.
Changes to this policy
We may update this policy as AllAddin evolves. Material changes will be posted here with an updated date. We will not reduce your rights without notice.