Effective: April 11, 2026
We collect the following categories of information: • Account data: email address, name, and authentication provider details when you create an account. • Usage data: pages visited, features used, solar panel placements, and energy calculations (via Google Analytics, only with your consent). • Location data: addresses or coordinates you search for to generate 3D models and solar analysis. • Payment data: processed securely by Stripe. We never store full card numbers. • Device data: browser type, operating system, screen resolution, and IP address. • Contact form data: name, email, company, phone, and message content when you reach out to us. • Solar analysis data: panel configurations, energy yield estimates, and scene snapshots submitted via quote or lead forms.
We process your data for the following purposes: • Providing the Service: generating 3D building models, running sun and shadow simulations, and estimating solar energy yield. • Account management: authentication, subscription handling, and user support. • Analytics: understanding usage patterns to improve the product (Google Analytics, only with your consent in the EU/EEA/UK). • Communications: sending transactional emails such as job notifications, solar quotes, and PDF reports via AWS SES. • Payments: processing subscriptions and purchases via Stripe. • Partner referrals: sharing your contact details with solar installation partners when you explicitly request a quote. • Legal compliance: responding to lawful requests and enforcing our Terms of Service.
If you are in the European Economic Area or the United Kingdom, our legal bases for processing your data are: • Consent: for analytics cookies (Google Analytics). You may withdraw consent at any time via the cookie banner. • Contract: to provide the Service you signed up for (account, 3D models, solar analysis). • Legitimate interest: for product improvement, fraud prevention, and security. • Legal obligation: to comply with applicable laws and regulations.
Essential cookies (no consent required): • Session cookie for authentication (managed by NextAuth.js, expires after 30 days). Analytics cookies (consent required for EU/EEA/UK visitors): • Google Analytics (_ga, _ga_*) — used to collect anonymous usage statistics. These cookies are only activated after you provide consent. Local storage: • Currency preference (st3d_currency) — remembers your preferred currency. • Cookie consent choice (st3d_cookie_consent) — remembers your cookie preferences. We do not use advertising or tracking cookies and do not sell your data to third parties.
We share data with the following service providers: • Google (Google Analytics, Google 3D Tiles): usage analytics and 3D map tile rendering. • Stripe: payment processing for subscriptions. Stripe acts as an independent data controller for payment data. • Amazon Web Services (SES, S3): email delivery and 3D model file storage in the eu-central-1 (Frankfurt) region. • Vercel: application hosting and edge network. • Neon: PostgreSQL database hosting. • Solar installation partners: your contact details and solar analysis data, only when you explicitly request a quote.
Some of our service providers (Google, Stripe, Vercel) may transfer data outside the EEA. These transfers are protected by Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission, as applicable.
• Account data: retained while your account is active. Deleted within 30 days of account deletion. • Generated 3D models: stored for the lifetime of the associated job record. • Analytics data: retained by Google Analytics for 14 months. • Contact form submissions and quote requests: retained for 24 months, then deleted. • Payment records: retained as required by tax and accounting regulations (typically 7 years).
Under the GDPR and UK GDPR, you have the right to: • Access: request a copy of your personal data. • Rectification: correct inaccurate data. • Erasure: request deletion of your data ("right to be forgotten"). • Restriction: limit how we process your data. • Portability: receive your data in a machine-readable format. • Object: object to processing based on legitimate interest. • Withdraw consent: revoke cookie consent at any time via the cookie banner. To exercise these rights, email privacy@suntrace3d.com. We will respond within 30 days.
SunTrace3D is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on the Service. Continued use of SunTrace3D after changes constitutes acceptance of the updated policy.
For privacy-related inquiries, contact us at: Email: privacy@suntrace3d.com Data Controller: SunTrace3D Governing Law: Austria