Skip to content

Legal · GDPR

Privacy Policy

How we handle personal data on material-take-off.com and in the Material Take-Off plugin, in line with the EU General Data Protection Regulation (GDPR).

Last updated: 2 June 2026 · Material Take-Off is in public beta.

This policy explains what personal data we collect, why, on what legal basis, who we share it with, and the rights you have under the GDPR. It covers both the website (material-take-off.com) and the Material Take-Off Claude plugin.

1. Data controller

The controller responsible for your personal data is:

blackmirror media gmbh (trading as nio energy)
Cobenzlgasse 79, 1190 Vienna, Austria
FN 475645 d, Commercial Court Vienna · VAT ID ATU72557958
Email: contact@blackmirror.at

We have not appointed a Data Protection Officer, as we are not legally required to do so. For any data-protection matter, contact us at the address above.

2. The plugin: data processed locally vs. sent to us

Your IFC models stay on your device

The plugin reads and processes your IFC building models locally on your own machine. Your model geometry and the resulting Excel take-off are not uploaded to us.

Registration and usage heartbeat

So we can administer the beta and understand how the plugin is used, the plugin sends a small amount of data to our server when you first run it and periodically thereafter:

  • your email address (as provided to, or detected by, Claude Code);
  • a device fingerprint (a non-reversible identifier for your installation);
  • usage counts and timestamps (e.g. number of take-offs run) and basic platform information.

Legal basis: our legitimate interest in operating, securing and improving a beta product, and in understanding who is using it (Art. 6(1)(f) GDPR). You can ask us to delete this data at any time (see section 7).

Material matching via Claude

Material matching is performed with the help of Claude. When you run a take-off, the material descriptions and quantities involved are processed by Anthropic as part of your use of Claude, under Anthropic's own terms and privacy policy. We do not receive your model through this process. Please review Anthropic's privacy policy for details of how it handles your prompts.

3. The website: what we collect

Server logs (hosting)

The website is hosted on Cloudflare Pages. When you visit, our hosting provider automatically processes technical data needed to deliver the site and keep it secure, including your IP address, the requested URL, timestamp, referrer and browser/user-agent. Legal basis: legitimate interest in delivering and securing the website (Art. 6(1)(f) GDPR).

Analytics

We use Google Analytics (provided by Google) to understand how the site is used (e.g. page views, referrers, approximate location, device and browser). Google Analytics sets cookies and processes data such as your IP address. We load it with Google Consent Mode: analytics only run after you accept via our cookie banner; if you decline, no analytics cookies are set. Legal basis: your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time (see Cookies below).

Feedback & pilot sign-up form

If you submit the feedback / pilot form, we collect the information you provide (such as your name, email address, company and message) so we can respond to you, manage the beta and the pilot programme, and follow up. The form is provided by HubSpot (EU data centre), which processes the submission on our behalf. Legal basis: your consent and/or our legitimate interest in responding to your enquiry and running the pilot programme (Art. 6(1)(a)/(f) GDPR); where the contact relates to entering into an agreement, Art. 6(1)(b).

Email

If you email us, we process your message and contact details to handle your request. Legal basis: legitimate interest in responding to you (Art. 6(1)(f) GDPR), or performance of a (pre-)contractual step (Art. 6(1)(b)).

4. Cookies and consent

When you first visit, we show a cookie banner. Google Analytics cookies are only set if you choose Accept; if you choose Decline, no analytics cookies are set. Your choice is stored locally in your browser so we don't ask again — you can change it by clearing your browser storage for this site, which makes the banner reappear. The embedded HubSpot form may also set cookies from HubSpot when it loads, used to operate and secure the form. You can block or delete cookies in your browser settings; the rest of the site will continue to work.

5. Who we share data with (processors)

We share personal data only with service providers acting as our processors, or where the law requires it:

  • Cloudflare, Inc. — website hosting and content delivery.
  • Google — Google Analytics, where you have consented.
  • HubSpot — the feedback / pilot sign-up form and CRM (EU data centre).
  • Anthropic — Claude, which performs material matching when you use the plugin (acting under its own terms with respect to your prompts).

6. International transfers

Some of these providers are based in, or process data in, countries outside the EU/EEA (including the United States). Where that happens, transfers are safeguarded by appropriate measures such as the EU Standard Contractual Clauses and/or the providers' certification under the EU–US Data Privacy Framework.

7. Your rights under the GDPR

You have the right to:

  • Access the personal data we hold about you (Art. 15);
  • Rectify inaccurate or incomplete data (Art. 16);
  • Erase your data ("right to be forgotten") (Art. 17);
  • Restrict processing (Art. 18);
  • Data portability — receive your data in a portable format (Art. 20);
  • Object to processing based on legitimate interests (Art. 21);
  • Withdraw consent at any time, where processing is based on consent (without affecting prior processing).

To exercise any of these rights, email contact@blackmirror.at. You also have the right to lodge a complaint with a supervisory authority — in Austria, the Datenschutzbehörde (dsb.gv.at).

8. How long we keep data

We keep personal data only as long as needed for the purposes above: beta registration and usage data for the duration of the beta and a reasonable period thereafter; enquiry and pilot-form data for as long as needed to handle your request and our ongoing relationship; and server logs for a short period for security. We delete or anonymise data when it is no longer needed, or earlier on a valid erasure request.

9. Changes to this policy

We may update this policy as the product evolves. The current version is always published here with a "last updated" date.

10. Contact

For any privacy question or request, contact contact@blackmirror.at.