Informativa sulla privacy

⚠ Beta-period document

The add-in data-handling sections of this notice reflect terms reviewed on 2026-06-13. Website-specific data flows (Beta download-email registration, contact form, and site cookies) have not yet undergone a separate legal review. For any urgent privacy questions, contact info [аt] aec.codes.

This notice describes how the AEC.codes QTO add-in handles data during the public Beta. The add-in is published by MAW EOOD (Bulgaria), trading as AEC.codes.

What data the add-in stores

What network calls the add-in makes

  1. Update check. Once per Revit session, the add-in performs GET https://aec.codes/qto/version.php over HTTPS to check whether a newer release is available.
  2. License tier resolution. Once per Revit session, the add-in performs GET https://aec.codes/qto/license_check.php over HTTPS to determine whether your account has an enabled gated-feature entitlement; during Beta, gated features such as XPWE export are enabled manually at no charge.
  3. Anonymous install statistics. Once per Revit session, the add-in performs POST https://aec.codes/qto/telemetry.php sending a small JSON payload with: an anonymous install identifier, the current Revit year, the list of Revit years where QTO is installed on this machine, the add-in version, and the .NET runtime version. You can opt out of this call in QTOSetup → About.
  4. Product announcements. At most once per 24 hours (not per session), the add-in performs GET https://aec.codes/qto/news.json over HTTPS to retrieve product news, version releases, fixes, and important notices displayed in the What's New window. No query string, body, cookie, or identifier is sent; the same scrubbed access-log contract applies (no IP recorded). Which items you have already seen and when the last fetch occurred are stored locally on your machine and are never transmitted. You can turn off this call via the "News and announcements" toggle in QTOSetup → About. Legal basis: legitimate interest (Art. 6(1)(f) GDPR); you may object at any time under Art. 21 by disabling the toggle.
  5. Bug reports (opt-in). Submissions you make via the in-app feedback flow or the feedback form include the content you typed plus, optionally, your email address if you provide one.

All add-in network requests carry a structured User-Agent header of the form AECCodes-QTO/<version> (Revit/<year>; dotnet/<runtime>).

Beta download registration

When you download the Sum Sorcery Beta installer, we ask for your email address. We process this data on the following bases:

Data stored: email address, opt-in flag, installer version, truncated IP (/24 IPv4 / /64 IPv6), timestamp. No full IP is retained. Data is held for the duration of the Beta programme and deleted within 90 days of the V1.0 general release.

What the server records

For each request from the AEC.codes QTO add-in, the server records:

The server does not record: your IP address, your Autodesk Account ID, your Windows username, your machine name, your project name, your model contents, or any other identifying information.

Why: we count active installations to (a) plan support resources, (b) prioritise bug fixes by version distribution, (c) decide which Revit years remain supported. Legal basis: legitimate interest under GDPR Article 6(1)(f).

Retention: telemetry records are retained for at most 12 months and then purged.

Anonymous install identifier

To count distinct installations (rather than just sessions), the add-in generates a random identifier on first run and stores it locally at:

%LOCALAPPDATA%\AEC.codes\QTO\install-id

This identifier is a UUID v4: a random 128-bit number with no link to your name, email, IP, or any other personal data. It is generated locally on your machine and is shared by the add-in across all Revit versions installed for the same Windows user account, so that a user with QTO on Revit 2025, 2026, and 2027 counts as one installation, not three.

You can reset this identifier at any time by deleting the file above; a new random identifier will be generated on the next add-in launch.

Under Recital 26 GDPR, identifiers that are not linked to any natural person are considered anonymous data and fall outside the scope of personal data protection. The legal basis for collecting it is legitimate interest under Article 6(1)(f) — running a sustainable software service.

Revit-year scanning

To report which Revit versions you have QTO installed in, the add-in performs a narrow filesystem check: it tests whether the file AECcodes.addin exists in each subfolder of:

%APPDATA%\Autodesk\Revit\Addins\

Only the existence of that one file in that one directory tree is checked. No file contents are read; no other directories are scanned; no add-ins other than QTO are detected.

How to opt out of install statistics and news

Open QTOSetup in Revit and go to the About section. Two optional calls can each be disabled independently:

The update-check and license calls cannot be disabled in-app — they are required for the add-in to work. They do not record any personal data.

What the add-in does NOT do

Data you submit voluntarily

If you submit a bug report or contact us by email, we use the information solely to triage, reproduce, and respond to your report. We retain emails for as long as we maintain a working record of the issue.

To exercise your GDPR rights or contact our Data Protection Officer: Send a privacy request

Your rights (GDPR)

As MAW EOOD is established in the European Union, the add-in's data handling is subject to GDPR. You have the right to access, correct, and request deletion of any personal data we hold, and to lodge a complaint with the Bulgarian Commission for Personal Data Protection.

Contact

Questions about this Privacy notice? Send a privacy request

This Beta 1 privacy notice is provisional. Last updated 2026-06-13.