Privacy Policy — Variato
1. Introduction
This privacy policy describes how AvantLeap processes personal data in connection with the Variato Revit add-in. Variato is an Autodesk® Revit® add-in that compares a host Revit document against a linked Revit model and identifies elements that are new, deleted, or repositioned between the two. This policy covers all versions of Variato distributed through the Autodesk App Store and applies to all users who install and run the add-in.
2. Who is the data controller
AvantLeap is the data controller for any personal data processed by Variato.
Contact: Email: support@avantleap.com Website: https://www.avantleap.com
3. What data the add-in processes
3a. Data stored locally
Variato does not write any data to local files. All comparison results exist transiently in memory during execution and are applied directly to the open Revit document:
- Graphic overrides are applied as Revit view settings on selected views inside the host Revit file. These are Revit-native properties, controlled entirely by the user, and contain no personal data.
- Shared parameter values (
NEW,DELETED, orMODIFIED) are written to existing parameters on Revit elements inside the host Revit file. These are non-personal, categorical text values.
No configuration files, log files, databases, or application-specific files are written to the user's machine.
3b. Data transmitted externally
Variato transmits one piece of personal data to an external service:
| Data item | Destination | Purpose | Frequency |
|---|---|---|---|
Autodesk Login User ID (userid) |
Autodesk App Store entitlement API (https://apps.autodesk.com/webservices/checkentitlement) |
Verify that the current user holds a valid licence for Variato on the Autodesk App Store | Once per Revit session (result is cached for the session lifetime) |
The Autodesk Login User ID is an identifier assigned by Autodesk to each registered Autodesk account. It is provided to the add-in by the Revit application at runtime via the Autodesk entitlement API. It is not a name, email address, or government identifier, but it is considered personal data under GDPR because it can be used to identify a natural person through Autodesk's systems.
The entitlement API response (IsValid, UserId, AppId, Message) is used only to determine whether access is permitted. The response is cached in memory for the duration of the Revit session and is discarded when Revit closes. No response data is written to disk or transmitted to AvantLeap systems.
3c. Data not collected
Variato does not collect, store, or transmit any of the following:
- Names, email addresses, or contact details
- IP addresses
- Telemetry, usage analytics, or error reporting
- Revit model content, geometry, or project data
- Machine identifiers or hardware fingerprints
- Crash reports or diagnostic logs
4. Legal basis for processing
| Processing activity | Legal basis (GDPR Article 6) | Detail |
|---|---|---|
| Transmitting the Autodesk Login User ID to the App Store entitlement API | Legitimate interest (Article 6(1)(f)) | AvantLeap has a legitimate interest in verifying that users have a valid licence before granting access to the add-in. This processing is proportionate — only the minimum required identifier is transmitted, and only once per session. |
5. Data storage and security
Variato does not operate any server infrastructure or databases. The only external transmission is the entitlement API call described in section 3b, which is made directly to Autodesk infrastructure over HTTPS. AvantLeap does not receive, store, or log the Autodesk Login User ID or the API response.
The Revit files in which Variato writes graphic overrides or shared parameter values remain under the user's and their organisation's control at all times. AvantLeap has no access to these files.
6. Data sharing
AvantLeap does not sell, rent, or share personal data with third parties, with the following exception:
- Autodesk Inc. — the Autodesk Login User ID is transmitted to the Autodesk App Store entitlement service solely to verify licence validity. Autodesk processes this data under its own privacy policy. Autodesk is the operator of the entitlement API; AvantLeap does not control how Autodesk handles data on its systems.
No other third-party services, SDKs, or APIs receive personal data from Variato.
7. Data retention
Variato does not retain personal data. The Autodesk Login User ID is held in memory only for the duration of the Revit session and is not persisted after Revit closes. Uninstalling Variato removes all add-in files from the machine. No residual data files are left on uninstall.
8. Your rights under GDPR
| Right | How it applies to Variato |
|---|---|
| Right of access (Article 15) | AvantLeap does not hold personal data about users. Contact support@avantleap.com if you believe otherwise. |
| Right to rectification (Article 16) | AvantLeap does not store personal data and therefore has nothing to correct. The Autodesk Login User ID is sourced directly from Autodesk — contact Autodesk to amend your account details. |
| Right to erasure (Article 17) | AvantLeap does not retain personal data. Uninstalling Variato removes all add-in files. No further erasure action is required. |
| Right to restriction of processing (Article 18) | Processing is limited to a single, session-scoped API call. You can prevent this processing by not running Variato. |
| Right to data portability (Article 20) | AvantLeap does not hold personal data in a format that can be ported. |
| Right to object (Article 21) | You may object to the entitlement check by contacting support@avantleap.com. Note that disabling the entitlement check would prevent the add-in from functioning. |
To exercise any right, contact support@avantleap.com. AvantLeap will respond within 10 business days.
9. International data transfers
The Autodesk App Store entitlement API is operated by Autodesk Inc., a company headquartered in the United States. Transmitting the Autodesk Login User ID to this API constitutes a transfer of personal data outside the European Economic Area. This transfer is covered by Autodesk's Standard Contractual Clauses and data transfer mechanisms as documented in the Autodesk Privacy Statement (https://www.autodesk.com/company/legal-notices-trademarks/privacy-statement). AvantLeap relies on Autodesk's compliance framework for this transfer.
No other international data transfers occur.
10. Children's privacy
Variato is a professional tool for use in architectural, engineering, and construction workflows. It is not directed at individuals under the age of 16. AvantLeap does not knowingly collect personal data from anyone under 16. If you believe a person under 16 has used the add-in and personal data has been transmitted, contact support@avantleap.com.
11. Changes to this policy
AvantLeap may update this privacy policy when the add-in is updated or when legal requirements change. The effective date at the top of this document will be updated on each revision. Continued use of Variato after a policy update constitutes acceptance of the revised terms. Users are encouraged to review this page periodically.
12. Contact
For privacy-related questions, requests, or complaints:
Email: support@avantleap.com Website: https://www.avantleap.com Response time: AvantLeap aims to respond to all privacy-related requests within 10 business days.
Appendix — Technical compliance summary
This appendix is intended for data protection officers, IT security teams, and enterprise procurement reviewers.
| Item | Detail |
|---|---|
| Data controller | AvantLeap |
| Data processor (external) | Autodesk Inc. (entitlement API only) |
| Personal data processed | Autodesk Login User ID |
| Legal basis | Legitimate interest (GDPR Article 6(1)(f)) — licence verification |
| Retention | Session memory only; no persistence |
| Transfer mechanism | HTTPS to Autodesk App Store entitlement endpoint; covered by Autodesk's SCCs |
| Third-party SDKs | Newtonsoft.Json 13.0.1 (local JSON parsing only — no data collection) |
| Telemetry / analytics | None |
| Local file writes | None |
| ExtensibleStorage use | None |
| Network calls | One HTTPS GET per Revit session to https://apps.autodesk.com/webservices/checkentitlement |
| Uninstall residual data | None — clean uninstall removes all add-in files |
| GDPR compliance scope | EEA users; Autodesk transfer covered by Autodesk's SCCs |