Skip to main content
Skip table of contents

Security - Overview

Introduction

This document is intended to provide users of ShapeDiver with an overview of the data security
and data privacy objectives associated with its products and services.

What follows is relevant for those persons in IT administration, legal, marketing or
process-oriented roles, where such roles entail interaction with processes requiring data
protection and GDPR.

The Company

ShapeDiver is run by ShapeDiver GmbH, a limited liability company based in Vienna, Austria. It was founded by Mathias Höbinger, Alexander Schiftner, and Mathieu Huard in November 2015 and entered the market with its SaaS solutions in early 2017.

Most of our team members live and work in Vienna, but since we have switched to a fully remote work environment, more and more of our newer colleagues work with us remotely from many different countries.

ShapeDiver is owned by its founders and team, as well as our seed investor Thornton Tomasetti through their investment arm TTWIIN.

Products & Services

ShapeDiver’s products and services consist of two segments:

  • SaaS services for hosting, processing, and accessing parametric models on cloud infrastructure;

  • and consulting our customers through

    • development of parametric models optimized for use with the ShapeDivers SaaS platform

    • counseling on the optimal architecture of their solutions and

    • connecting them with certified implementation partners.

We believe that parametric models offer unique advantages for anyone building online applications that require any kind of geometry processing, and we’re committed to helping our customers achieve the best possible solution for their business.

Data Access, Storage, and Control

The security of your data is very important to us. To develop a trusting relationship with all of our users and customers, we try to be as transparent as possible about what data we process and how, as well as the security measures we’re taking to protect it.

Roles and Responsibilities

ShapeDiver acts as a data processor in the context of the GDPR for all of the data we receive from our users. We don’t claim ownership over any data we receive, and our customers remain the data controllers at all times. We process this data purely based on customer instructions. If you require a data processing agreement for your collaboration with ShapeDiver, please contact us at contact@shapediver.com.

Types of personal data we store

User Account Data

Type of Data

For each registered user of the ShapeDiver platform, we store the personal information provided during registration to provide our services. Users may edit this data at any time.

Required data
  • Full Name

  • Email Address

  • Username

  • Password

  • Date of registration

Optional Data

Optionally we also store additional personal data to publish on a user’s public profile page. This data is not required for using the platform, and users can edit and remove this data at any time.

  • Location (City, Country)

  • Website URL

  • Social Media Account identifiers (Rhino Account, LinkedIn, Twitter, Facebook)

  • Short description or biography

  • etc

Mode of Storage

User account data is stored in a database hosted in our virtual private cloud on Amazon Web Services (AWS) infrastructure. Encryption is used to secure this data at rest and in transit.

Data Access
Controlled by User

All user account data listed above, except a user’s email address and password, is published on the user’s public profile page on the ShapeDiver Platform unless the user opts out of this feature by changing their profile’s visibility to private or organization access level. Users may opt-in to show the email address on their public profile page.

Organization Administrators

Administrator users of an organization account can access the user account data except for passwords for users of their organization account for account maintenance and providing support.

ShapeDiver Platform Administrators

Administrator users of the ShapeDiver Platform can access the user account data of all or some registered users for platform maintenance and providing support. This access is provided on a need-to-know basis and under strict confidentiality requirements.

System Engineers

Some of our software developers and DevOps staff have access to the cloud infrastructure storing the user account data. This access is provided on a need-to-know basis and under strict confidentiality requirements.

Subscription-related Data

Type of Data

For each registered user of the ShapeDiver Platform who registers for a free trial period or subscribes to one of our plans, we store and process subscription-related data. Encryption is used to secure this data at rest and in transit.

Mode of Storage

We store this data using the service provider Chargebee, which acts as a data processor for us. We also store some of this data, excluding payment and credit card data, in a database hosted in our virtual private cloud on Amazon Web Services (AWS) infrastructure.

Data Access
Sales, Accounting

Members of our sales and accounting staff have access to information about current and historic subscriptions, the billing information of our customers, as well as their payment history. Credit card information is hosted by our subscription management provider Chargebee, a PCI DSS certified company, and our credit card processing provider Stripe (also PCI DSS certified). No one at ShapeDiver can access this information.

ShapeDiver Platform Administrators

Administrator users of the ShapeDiver Platform can access the subscription-related data of all or some registered users for platform maintenance and providing support. This access is provided on a need-to-know basis and under strict confidentiality requirements.

System Engineers

Some of our software developers and DevOps staff have access to the cloud infrastructure storing subscription-related data. This access is provided on a need-to-know basis and under strict confidentiality requirements.

Usage-related Data

Type of Data

For each registered user of the ShapeDiver Platform, we store and process data related to the usage of the ShapeDiver Platform. This includes event data related to actions taken on the ShapeDiver Platform, events related to subscription-related data, events related to parametric 3D models uploaded by the user, etc.

Mode of Storage

We store this data using the service provider customer.io, which acts as a data processor for us. We also store some of this data in a database hosted in our virtual private cloud on Amazon Web Services (AWS) infrastructure. Encryption is used to secure this data at rest and in transit.

Data Access
Sales and product management

Selected team members of our sales and product management teams can access the usage-related data of all or some registered users to improve our products and services, assist registered users in their onboarding process, and offer them suitable upgrades to their subscriptions. This access is provided on a need-to-know basis and under strict confidentiality requirements.

ShapeDiver Platform Administrators

Administrator users of the ShapeDiver Platform can access the usage-related data of all or some registered users for platform maintenance. This access is provided on a need-to-know basis and under strict confidentiality requirements.

System Engineers

Some of our software developers and DevOps staff have access to the cloud infrastructure storing the usage-related data. This access is provided on a need-to-know basis and under strict confidentiality requirements.

Other types of data we store

Parametric 3D models and related metadata

Type of Data

For each parametric 3D model uploaded to one of our Geometry Backend systems (typically, this upload happens using the ShapeDiver Platform), we store the parametric 3D model itself, as well as metadata related to its inputs and outputs, computational requirements, etc.

Mode of Storage

Model-related data is stored in object storage and databases hosted in our virtual private cloud on Amazon Web Services (AWS) infrastructure. Encryption is used to secure this data at rest and in transit.

Data Access
Controlled by User

The user may control the level of access to this data using the ShapeDiver Platform. Fine-grained access control is available to customers only.

System Engineers

Some of our software developers and DevOps staff have access to the cloud infrastructure storing the model-related data. This access is provided on a need-to-know basis and under strict confidentiality requirements.

Input and output data of parametric 3D models

Type of Data

For each parametric 3D model operated on one of our Geometry Backend systems, we store the output data generated by computations of the model, and input data required to run these computations.

Mode of Storage

Input and output data is stored in object storage and databases hosted in our virtual private cloud on Amazon Web Services (AWS) infrastructure. Encryption is used to secure this data at rest and in transit.

Data Access
Controlled by User

The user may control the level of access to this data using the ShapeDiver Platform. Fine-grained access control is available to customers only.

System Engineers

Some of our software developers and DevOps staff have access to the cloud infrastructure storing the input and output data. This access is provided on a need-to-know basis and under strict confidentiality requirements.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.