Last updated: June 2026. Publisher: Small Tiger Group (libo@smalltigergroup.com).
This policy covers bim-cli (the command-line tool) and bimcli.com (the website). The six sections below correspond to the Claude Code plugin directory's privacy-standard checklist; a reviewer can verify each point independently.
bim-cli sends anonymous usage telemetry on by default in production builds (see Section 1). No conversation data, document content, file paths, or argument values are ever sent. When you explicitly ask a driver to call an external service -- a flood zone lookup calls a FEMA API, a Google Sheets push calls Google with your OAuth token -- those calls go directly from your machine to the service; nothing passes through Small Tiger Group infrastructure.
Usage telemetry (on by default): One ping per top-level command, sent to t.bimcli.com. Opt out with DO_NOT_TRACK=1 or BIM_TELEMETRY=0.
| Field | Example | Notes |
|---|---|---|
verb |
site.flood.lookup |
Command shape only -- never argument values |
version |
0.3.7 |
bim-cli version string |
os |
windows |
OS family only, no build number |
ok |
1 |
Whether the command succeeded (0 or 1) |
err |
not-covered |
Error kind only if the command failed, never hint text or user data |
ms_bucket |
fast |
Latency bucket: fast / medium / slow |
src |
agent |
Caller type inferred from environment (agent / claude / cursor / human / ci / unknown) |
The date is recorded server-side (date only, UTC). No sub-day timestamps are sent or stored.
What is never sent: IP addresses, machine identifiers, session identifiers, file paths, argument values, document content, conversation data, or any information that could identify a person or machine.
Install ping (unconditional): One ping per install, fired by install.ps1 regardless of BIM_TELEMETRY setting. Sends only the installed version tag. The server records the date and a 2-letter country code from Cloudflare geo-IP (e.g., US). No IP address is stored.
Desire-paths log (local only): When bim-cli encounters a verb or flag it does not recognize, it writes a record to %LOCALAPPDATA%\bim-cli\logs\unknowns.jsonl on your machine. This contains only the unrecognized command shape -- no argument values, no file paths, no personal data. This file is local and never uploaded automatically.
Desire-paths upload (bim feedback, opt-in): When you run bim feedback, the local unknowns log is uploaded to t.bimcli.com. Uploaded fields: bim version, OS family, caller type, and command entries (format, verb, flags only -- no argument values). A short optional freeform note may be included. The server records a 2-letter country code from Cloudflare geo-IP. No IP address is stored.
Website (bimcli.com / mcp.bimcli.com): Cloudflare Web Analytics collects cookieless aggregate pageview counts, referrers, and browser/OS types. No individual user tracking, no cookies, no consent banner required.
Telemetry data is used solely to understand which bim-cli verbs are used, at what frequency, and with what error patterns -- to guide feature development and bug prioritization. Install ping data counts installation volume and geographic distribution. No data is used for advertising, targeting, user profiling, or resale.
All bim-cli telemetry, install, and feedback data is stored in a Cloudflare D1 database (SQLite) in the US region, processed by the t.bimcli.com Cloudflare Worker. Cloudflare acts as a data processor under its Data Processing Addendum and privacy policy. The Worker does not log or store IP addresses for any endpoint. Website analytics are stored in Cloudflare's analytics infrastructure.
Data collected by bim-cli (telemetry, install, feedback) is not shared with any third party. Cloudflare processes it as a sub-processor under their DPA. No advertising partners, analytics vendors, or data brokers receive any bim-cli usage data.
Third-party calls made on user request: bim-cli is a local, offline tool. When you explicitly invoke a verb that calls an external service, that call goes directly from your machine to the provider:
bim site verbs: flood zone and geocoding queries send address data to FEMA's National Flood Hazard Layer API and public geocoding services, governed by those providers' terms.bim google verbs: calls to Google Sheets and Google Docs APIs use your own Google OAuth credentials obtained via a local PKCE flow. The OAuth refresh token is stored locally in %LOCALAPPDATA%\bim-cli\. Credentials never touch Small Tiger Group's infrastructure.Telemetry, install, and feedback data is retained for up to 24 months, after which raw event records are deleted. Aggregate statistics derived from that data are retained indefinitely. Because records contain no identifier that could be tied to a specific person or machine, individual deletion requests cannot be fulfilled. To request bulk deletion, contact us at the address below.
The desire-paths log (%LOCALAPPDATA%\bim-cli\logs\unknowns.jsonl) is a local file; you can delete it at any time.
bim-cli does not collect personal data as defined by GDPR. bimcli.com receives standard CDN-level request data through Cloudflare. If you are a California resident: Small Tiger Group does not sell personal information. The categories of information received via Cloudflare's CDN are: internet or other electronic network activity information (IP address, browser type, pages visited). No other CCPA data categories apply.
Privacy questions and deletion requests: libo@smalltigergroup.com
Cloudflare's DPA and Standard Contractual Clauses are available at cloudflare.com/gdpr.
Set either environment variable to disable usage telemetry:
DO_NOT_TRACK=1 (also accepts DO_NOT_TRACK=true)BIM_TELEMETRY=0Either variable is checked before each command. The install ping (version + country) is unconditional -- it fires once during install.ps1 and is not gated by these variables.