Privacy Policy

Who we are

TB Structures OÜ is a company registered in the Republic of Estonia, registry code 16260418. We are the data controller for the personal data described below. Contact: support@tbstructures.com.

What we collect and why

We collect only the personal data we need to sell you a licence, deliver the software, and meet our legal and tax obligations.

1. Purchase and billing data (handled by Paddle) When you buy our software, payment is processed by Paddle.com Market Ltd. or Paddle.com Inc. as merchant of record. Paddle collects your name, billing address, VAT number (if applicable), email address, and payment details directly. Paddle is an independent data controller for this data. Their practices are set out in the Paddle Privacy Policy. We receive from Paddle only what we need to issue your licence (typically: company name, contact email, VAT number, billing country, transaction reference). Lawful basis: performance of a contract (Art. 6(1)(b) GDPR).

2. Licence registry We maintain an internal licence registry containing, per licence: customer/firm name, contact email, VAT and company-registry numbers, billing address, licence term, Paddle transaction reference, and unit price. This serves as the authoritative record of who owns which licence and for how long. Lawful basis: performance of a contract (Art. 6(1)(b) GDPR) and compliance with Estonian tax-record retention obligations (Art. 6(1)(c) GDPR).

3. Hardware identifiers (for licence activation) To bind a licence to a specific machine, we ask you to run a short PowerShell script that computes a hardware-identifier blob on your computer. The script reads a small number of stable hardware identifiers (Windows Machine GUID, C: volume serial number, primary physical network-adapter MAC address, and CPU ID), together with audit metadata (hostname, username, OS version, CPU brand string), and emits a base64-encoded blob. You email that blob to us; we use it to generate your signed .lic file. The script is plain-text PowerShell. Your IT team can read every line in under a minute. The script does not make any network call - the blob only reaches us when you yourself send it by email. Lawful basis: legitimate interest (Art. 6(1)(f) GDPR) - enforcing the licence terms and preventing unauthorised use.

4. Support correspondence If you email us, we retain the correspondence for as long as needed to resolve your enquiry and for a reasonable period afterwards for record-keeping. Lawful basis: legitimate interest (Art. 6(1)(f) GDPR).

What we do NOT collect

No telemetry. The installed software does not phone home. It does not report usage, crashes, project contents, or anything else over the network.
No analytics inside the product. We do not run Google Analytics, Mixpanel, Amplitude, Hotjar or similar tools inside TimbyrNode.
No tracking of `.tce` session files, project data, or CAD models. These never leave your computer unless you choose to share them.

AI and machine-learning processing

We get asked whether any of the data above ends up in AI training datasets or LLM prompts. The short answer is no. In detail:

No training use. We do not use your personal data, purchase records, or hardware identifiers as training data for any AI model, large language model, or machine-learning system - neither ours nor any third party’s. We do not sell, share, or license customer data to AI vendors, model-training programmes, or data brokers. Lawful-basis limit: Art. 6(1)(b) GDPR confines our processing to what is necessary to deliver the software; AI training is outside that scope and outside your reasonable expectations as a customer.
Internal AI tool use. Like most modern software teams, we sometimes use AI coding assistants (e.g. Claude, GitHub Copilot) while developing and debugging TimbyrNode. Before pasting anything into such a tool we redact hardware identifiers, email addresses, company names, and any value that could identify you or your machine - a hardware identifier in a debug log is replaced with `HWID-REDACTED` before it leaves our workstation.
No AI inside the product. TimbyrNode contains no LLM features, no AI-assisted design suggestions, and makes no outbound calls to any AI API. Nothing you model, calculate, or export inside TimbyrNode is observed, transmitted to, or inferred by any AI system.
Licence validation stays local. The only network call the installed software makes is an HTTPS `HEAD` request to a public website to read its response `Date` header - used purely as a tamper-resistant clock for expiry checks. No licence data, hardware identifier, or project data is transmitted.

Where data is stored and who can access it

Licence-registry and support data is held on systems controlled by TB Structures OÜ in the European Union, with cloud backup using a mainstream provider (Microsoft OneDrive / Google Drive / Dropbox - all bound by EU Standard Contractual Clauses). Access is restricted to the directors of TB Structures OÜ. We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

Paddle processes payment data on its own infrastructure - see the Paddle Privacy Policy.

How long we keep your data

Licence registry and invoicing records: duration of your subscription + 7 years after the last transaction (Estonian tax-law retention obligation).
Support correspondence: up to 3 years after the last contact, unless related to an ongoing contractual matter.
Hardware-identifier blobs: held only as long as the corresponding licence is active, then anonymised in our internal logs.

Your rights under the GDPR

You have the right to:

access the personal data we hold about you
rectify inaccurate or incomplete data
erase your data (subject to our legal retention obligations above)
restrict or object to certain processing
data portability in a structured, machine-readable format
withdraw consent where we rely on consent
lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, https://www.aki.ee/en)

To exercise any of these rights, email support@tbstructures.com. We respond within 30 days.

Cookies and website analytics

tbstructures.com is hosted on Wix. Wix sets technical cookies required for the site to function and uses its own built-in visitor analytics (page views, traffic sources, aggregated device data), which we use to understand overall site usage. We do not run any third-party tracking or advertising tools - no Google Analytics, no Google Tag Manager, no Meta/Facebook Pixel, no Hotjar, no LinkedIn Insight Tag, no advertising cookies. This is a deliberate choice: our customers are structural engineers, and ad-tech on a professional-software site erodes trust.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to active customers and posted on this page with a new effective date.

Contact

Questions about this Privacy Policy or your personal data: TB Structures OÜ, Republic of Estonia Email: support@tbstructures.com

TB STRUCTURES