Privacy Policy

as of 04.03.2026

1. Introduction

Welcome to 360-for-you.com (the "Website"). This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The data controller responsible for this Website is:

360ForYou
Schumannstr. 8
40237 Düsseldorf, Germany

E-mail: info@360-for-you.com
Call center: +49302239952360 (German and English)
More information about the Website Owner: https://ru.360-for-you.com/about-us

2. What data do we collect and why?

We collect and process the following categories of personal data:

Data Purpose Legal basis Retention
Name, email address Account management and notifications Contract (Art. 6(1)(b)) Until account deletion
Password (hashed) Authentication Contract (Art. 6(1)(b)) Until account deletion
Email verification status Account security Contract (Art. 6(1)(b)) Until account deletion
Profile picture Personalization Consent (Art. 6(1)(a)) Until removed by user or account deletion
Uploaded files (panoramas, point clouds, CAD, etc.) Service provision Contract (Art. 6(1)(b)) Until project deletion or account deletion
Comments in projects Collaboration Contract (Art. 6(1)(b)) Until deleted by user or account deletion
Payment information (processed by Stripe) Subscription management Contract (Art. 6(1)(b)) Until account deletion
IP addresses, server logs Security, abuse prevention Legitimate interest (Art. 6(1)(f)) 30 days
Last login date Account security Legitimate interest (Art. 6(1)(f)) Until account deletion
Consent timestamp Proof of consent (GDPR compliance) Legal obligation (Art. 6(1)(c)) Until account deletion

3. How do we collect user data?

  • Directly from you: When registering, creating projects, uploading files, or contacting support.
  • From authentication providers: If you sign in with Google or Microsoft, we receive your name, email address, and profile picture from the provider.
  • Automatically: Our servers collect IP addresses and technical data in server logs for security purposes.

4. Third-party services and international data transfers

We use the following third-party services to provide our website. Your data may be transferred to countries outside the European Economic Area (EEA). Where applicable, these transfers are protected by Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework.

Service Purpose Data transferred Location
Stripe, Inc. Payment processing Email, payment details Ireland
Google OAuth Authentication Email, name, profile picture USA
Google Cloud Vision API Object detection in panoramas (optional) Panorama images USA
Autodesk Model Derivative API CAD file conversion (optional) CAD files USA
OpenStreetMap (OSMF) Map tiles and geocoding (when georeferenced) IP address UK
OpenTopoMap Topographic map tiles (when georeferenced) IP address Germany
Esri ArcGIS Online Map tiles (when georeferenced) IP address USA
Microsoft Bing Maps Map tiles (when georeferenced) IP address USA
OpenAI AI Assistant Messages sent to chat USA
OpenAI Coordinate system detection Coordinate system descriptions (no personal data) USA
SMTP email provider All notifications Email address, name, payment details, project details, etc. EU
Telegram (Telegram Messenger Inc.) All notifications (optional) Email address, name, payment details, project details, etc. UAE (Dubai)

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use third-party analytics, advertising, or tracking services.

5. Cookies and Tracking Technologies

We use only essential first-party cookies required for login and session management. These cookies are strictly necessary for the functioning of our website. We do not use third-party cookies, tracking pixels, fingerprinting, or any other tracking technologies.

6. Data security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Passwords are hashed using industry-standard algorithms (PBKDF2)
  • Two-factor authentication (2FA) is available for all accounts
  • CSRF protection on all forms
  • Content Security Policy (CSP) headers
  • Rate limiting on authentication endpoints
  • All cookies are set with Secure, HttpOnly, and SameSite attributes
  • All resources are self-hosted (no external CDN dependencies)

7. Your rights under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15): you can export all your personal data from your profile page at any time.
  • Right to rectification (Art. 16): you can update your name, password, and other profile information at any time.
  • Right to erasure (Art. 17): you can delete your account from your profile page. All your personal data, uploaded files, comments, and associated records will be permanently and immediately deleted.
  • Right to data portability (Art. 20): you can export your data in a machine-readable JSON format from your profile page.
  • Right to restriction of processing (Art. 18): you have the right to request that we restrict the processing of your personal data in certain circumstances (e.g. while accuracy is disputed).
  • Right to object (Art. 21): you have the right to object to processing based on legitimate interests (Art. 6(1)(f)), such as server log retention. We will stop such processing unless we have compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3)): you can withdraw your consent at any time by deleting your account. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully.

8. Data breach notification

In the event of a personal data breach likely to pose a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, if required, inform affected users without undue delay.

9. Contact information

If you have any questions or concerns regarding data protection, or wish to exercise any of your rights, please contact us:

10. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. All changes will be published on this page with an updated date. If we make significant changes that affect your rights, we will notify you via email or a notice on our Website. We encourage you to review this page periodically.

AI Assistant
Hello! Feel free to ask any questions about virtual tours, point clouds, 3D Gaussian Splatting, 3D models, using the website, payments, and more. I'll either find the answer or forward your question to our support team.
Our AI could not answer your question. Our support team will be happy to answer your question. Please provide your email address. We do not use email for newsletters. We only use it to answer your question.