Go back

BIMobject Cloud - Current Security Statement ("Security Statement")

User Security

Authentication: User data on our database is logically segregated by account-based access rules. BIMobject issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.

Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.

Single Sign-On: For our Team Collaboration accounts, BIMobject supports SAML 2.0 integration, which allows you to control access to BIMobject across your organization and define authentication policies for increased security.

Data Encryption: Certain sensitive user data, such as account passwords, are stored in encrypted format.

Data Portability: BIMobject enables you to export your data from our system in a variety of formats so that you can back it up or use it with other applications.

Data Residency: All BIMobject user data and the BIMobject platform, is stored on servers located within the European Union (EU).

Physical Security

All BIMobject information systems and infrastructure are hosted in world-class data centres. These data centres include all the necessary physical security controls you would expect in a data centre in 2019, (e.g., 24×7 monitoring, cameras, visitor logs, entry requirements). In addition, these data centres are SOC 1, 2 and 3 accredited. For more information, visit here


Connectivity: Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.

Power: Servers have redundant internal and external power supplies. Data centres have backup power supplies and are able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.

Uptime: Continuous uptime monitoring, with immediate escalation to BIMobject staff for any downtime.

Failover: Our database is replicated in real-time and can failover in less than an hour.

Backup Frequency: Backups occur daily at multiple geographically disparate sites.

Network Security

Vulnerability Management

Organizational & Administrative Security

Software Development Practices

Compliance and Certifications

Handling of Security Breaches

Despite our best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. Though we take all measures we see as necessary, we cannot guarantee absolute security. In the event of a security breach, we will where appropriate, notify our affected users and, where required, the data protection authority.

We have a well-developed internal response procedure which aims to minimise negative impact and respond in the appropriate way. Our breach notification procedures are consistent with our obligations under the data protection laws applicable to us including the GDPR and in particular Article 33 and Article 34 thereof.

Response actions can vary depending on the nature of the compromise but may include providing email notices or posting a notice on our website if a breach occurs.

Changes to this Security Statement

We reserve the right to update or make changes to this Security Statement at any time.