PRIVACY POLICY

3D Model Viewer

Power BI Custom Visual

 

Effective Date

April 2026

Last Updated

April 2026

Developer

Abdalla Dabes, P.E, PSP, PMP

Organization

Abdalla AI Solutions


 

Introduction

This Privacy Policy explains how the 3D Model Viewer Visual for Microsoft Power BI ("the Visual") handles data and protects your privacy. We are committed to full transparency: the Visual processes 3D model files and mapped report data entirely within your Power BI environment and does not transmit any content to the developer or to any third-party service.

The Visual is designed for report authors and end-users who need to display architectural, engineering, construction, and product-design geometry alongside their Power BI data. All 3D rendering, geometry parsing, and data binding occur locally in the browser — within the sandboxed custom visual framework that Microsoft provides.

Data Collection and Usage

What Data the Visual Accesses

The Visual only processes data that you explicitly provide:

        3D model file content supplied through the Choose File control in the upload area (OBJ, STL, PLY, FBX, glTF, GLB, and IFC geometry including vertex data, object names, IFC GlobalIds, IFC types, material definitions, and associated property sets)

        3D model content retrieved from a URL you enter in the Load from URL field, or from a URL returned by a column mapped to the Model URL Field data role

        Power BI field values mapped through the Fields pane (Element ID, Category, Tooltip fields, Model URL Field)

        Format pane settings configured by the user (background colour, grid/axes visibility, interaction toggles, highlight opacity, legend position and typography, category colours, unmatched-element appearance, Copy IDs button visibility)

        Transient interaction state during the active session (camera position, current selection, hover target, legend filter state)

What Data We Do NOT Collect

✓  No personal information of any kind

✓  No user behaviour analytics or usage tracking

✓  No transmission of model data, element IDs, or report fields to external servers or third parties

✓  No cookies, browser history, or device information

✓  No IP addresses or system specifications

✓  No project names, building identifiers, material properties, or geometry sent externally

✓  No background syncing or hidden data operations of any kind

Data Processing

Local Processing Only

All data processing occurs entirely within your Power BI environment:

        3D file parsing — OBJ, STL, PLY, FBX, glTF, GLB, and IFC geometry — is performed client-side within the Power BI visual sandbox using the Visual's built-in Three.js-based loaders; no external parsing service is used

        IFC property extraction (IFC type, name, tag, description, level, area, volume, and material assignments) is computed in-memory from the loaded geometry

        Scene rendering, camera controls, selection highlighting, legend computation, tooltip composition, and category colouring are all performed locally by the Visual's rendering engine

        When a model is loaded from a URL, the request is made directly from the user's browser to the URL host; the Visual is not an intermediary and the developer does not see the request or its contents

        Element-to-data matching (joining rows from the Power BI dataset to geometry by Element ID) is computed in-memory from data already supplied to the Visual by Power BI

        No geometry, element IDs, IFC properties, category values, or tooltip data leave your Power BI tenant or organisation boundaries through the Visual

        Format settings and persisted model data are stored using Power BI's built-in property persistence mechanism (persistProperties API)

URL Loading and Network Requests

The Visual supports loading 3D model files from a URL that you provide (typed into the upload area, or returned by a data column mapped to the Model URL Field). When this feature is used:

✓  The HTTP request is issued by the user's browser to the host you specified (for example, SharePoint, OneDrive, or an Azure Blob endpoint)

✓  Authentication is handled entirely by the browser and the target host; the Visual does not see, store, or transmit credentials

✓  The request does not pass through any server controlled by the developer

✓  No additional telemetry or analytics request is made alongside the model fetch

If the Load from URL feature is not used, the Visual makes no network requests whatsoever.

Clipboard Access

The optional Copy IDs button uses the browser's Clipboard API to place a tab-separated element inventory onto the user's local clipboard. The clipboard payload is generated entirely in-memory from the currently loaded model and never transmitted anywhere. If the Clipboard API is unavailable, the Visual falls back to a transient in-page textarea that is removed immediately after the copy. Access to the clipboard is governed by the browser's security model and requires a user-initiated click.

No External Analytics or Remote Assets

The 3D Model Viewer makes no background network connections. It does not load fonts, analytics scripts, map tiles, CDN resources, telemetry pixels, or any remote assets. All Three.js rendering libraries and loaders are bundled directly into the Visual package. All computation and rendering are fully self-contained within the Power BI visual sandbox, with the single exception of a user-initiated model fetch when a URL is explicitly supplied.

Data Storage

Visual Format Settings

All formatting configurations (background colour, grid and axes visibility, interaction toggles, highlight opacity, legend styling, category colours, and element-IDs button visibility) are stored within your Power BI report file using Microsoft's native property persistence framework. These settings persist with the report file and are permanently cleared when the Visual is removed from the report.

Persisted Model Data

When a 3D model is imported through the Choose File control, the Visual compresses the file using the DEFLATE algorithm, encodes the result in Base64, splits it into fixed-size chunks, and stores those chunks inside the Power BI report using Power BI's persistProperties API. This allows the model to survive page navigation and to be available to colleagues opening the shared .pbix report without requiring the original file.

Important characteristics of this storage mechanism:

✓  Compressed model bytes are stored as Base64 text in metadata property slots on the Visual itself — they never leave the .pbix

✓  A file will only persist if the compressed payload fits within the available chunk slots; the Visual shows a diagnostic message when a file is too large to embed

✓  When a URL is used instead of an uploaded file, only the URL string is persisted; the file itself is re-fetched from its host each time the report is opened

✓  Replacing or clearing the model through the Visual's controls immediately overwrites the persisted chunks

No External Storage

✓  No data is stored on external servers, databases, or cloud services controlled by the developer

✓  No historical records, access logs, or audit trails are maintained by the Visual

✓  Temporary in-memory data (decoded buffers, Three.js scene objects, selection state) is released automatically when the Visual is destroyed or the report is closed

Data Security

Security Measures

        The Visual operates within Power BI's sandboxed custom visual security framework

        No network transmission of model data, element IDs, or report fields to the developer or any third party, under any circumstances

        Access is controlled entirely by Power BI's permission system, including Row-Level Security (RLS)

        Follows Microsoft Power BI custom visual security standards and certification requirements

        No additional authentication or data access beyond what Power BI explicitly grants

        The model-fetch URL feature does not bypass the browser's same-origin, CORS, or Mixed-Content protections

Sensitive Model Data

3D model files may include commercially sensitive information such as building layouts, mechanical assemblies, product designs, floor plans, asset locations, or IFC property sets with cost and contractor data. Because the Visual makes no external connections of its own and all processing is strictly local, your model data never leaves your Power BI environment through this Visual.

For reports containing sensitive 3D content, we recommend:

✓  Configuring appropriate Power BI workspace and dataset permissions

✓  Reviewing sharing and distribution settings before sending reports externally

✓  Following your organisation's data classification and handling policies

✓  Applying Power BI sensitivity labels where required by your organisation

✓  When using the URL-loading feature, ensuring the host enforces access controls appropriate to the sensitivity of the file (for example, SharePoint permissions, SAS tokens with limited scope, or private Azure Blob containers)

IMPORTANT

Embedding a model inside a .pbix file means the model travels with the report. Treat a shared .pbix as equivalent in sensitivity to sharing the source file itself. If a model must not leave a particular group or workspace, host it on an access-controlled URL rather than embedding it.

Third-Party Services

Microsoft Power BI

The Visual operates as a component within Microsoft Power BI and is subject to Microsoft's Privacy Policy and Terms of Service. Data handling within the Power BI platform is governed by your organisation's Power BI configuration and Microsoft's own security and privacy protections.

User-Specified URL Hosts

If you use the Load from URL feature, the browser issues a direct request to the host you supply (for example, SharePoint Online, OneDrive, an Azure Blob endpoint, or any HTTPS server). That host's privacy policy, access-control rules, and logging practices will apply to the request. The developer has no visibility into these requests and is not a processor of the data.

No Other Third Parties

✓  The Visual does not integrate with any external APIs, services, or platforms

✓  No analytics platforms, tracking scripts, CDNs, or remote assets are loaded at any time

✓  No mapping, geolocation, or AI inference APIs are used

✓  All 3D rendering is performed by Three.js bundled inside the Visual; no remote WebGL or graphics service is contacted

Data Flow Summary

#

Stage

What Happens

1

File Selection

User selects a 3D model file (OBJ, STL, PLY, FBX, glTF, GLB, or IFC) via Choose File; it is read locally by the browser file API.

2

Local Parsing

The Visual's built-in Three.js loader parses the file in-memory within the Power BI sandbox; IFC property sets, element IDs, and geometry are extracted client-side.

3

Persistence

Parsed file bytes are compressed, Base64-encoded, chunked, and stored in the Power BI report via persistProperties — never transmitted externally.

4

URL Loading (optional)

If a URL is provided, the browser fetches the file directly from the host you specified; only the URL string is persisted in the report.

5

Render & Filter

The Visual renders the scene, applies selection and category colouring, and cross-filters with other Power BI visuals locally — no server calls.

6

Settings Save

Format pane settings are stored in the Power BI report file on every change, through Power BI's persistence API.

7

Clipboard Copy

When the user clicks Copy IDs, a tab-separated element inventory is written to the local clipboard via the browser Clipboard API — no network request.

8

No Transmission

No model data, element IDs, IFC properties, or report fields ever leave the Power BI environment through the Visual.

External connections initiated by the Visual: None (URL-fetch feature is user-initiated to a user-specified host)  |  Analytics services: None  |  Data sent to developer: None

Regulatory Compliance

Regulation

Notes

GDPR

No personal data collected or processed · No cross-border data transfers initiated by the Visual · Data minimisation principles followed

CCPA

No sale or sharing of personal information · Transparent data practices · User rights fully respected

SOX

Data integrity through Power BI's native persistence · No external manipulation of model data

HIPAA

Not applicable — Visual is designed for 3D geometry and associated model metadata, not protected health information

ISO 27001

Aligned with information-security best practices at the Visual level; full compliance depends on your Power BI tenant and organisational controls

Organisational compliance remains the responsibility of your organisation. Please assess Visual usage within your specific regulatory and contractual requirements.

User Rights and Control

Right / Action

How to Exercise It

Modify Data

Replace the loaded model at any time by choosing a different file or entering a new URL, or update the mapped Power BI fields.

Clear Data

Reload a different file, clear the Model URL in the formatting pane, or delete the persisted chunks by removing and re-adding the Visual.

Reset Settings

Delete and re-add the Visual, or restore each property to its default value in the Format pane.

Delete Visual

Remove the Visual from the report canvas to permanently clear all associated format settings and persisted model data.

Control Access

Use Power BI workspace permissions and Row-Level Security (RLS) to control who can view reports containing the Visual.

Opt out of URL loading

Do not provide a URL and do not bind the Model URL Field data role; the Visual will make no network requests at all.

Contact

Developer

Abdalla Dabes, P.E, PSP, PMP

Email

AbdallaDabes@AbdallaAIsolutions.onmicrosoft.com

Organization

Abdalla AI Solutions

Privacy Inquiries

Response within 2 business days

Compliance Support

Available for enterprise requirements

Disclaimer

The Visual is provided "as-is." Security of your 3D model data depends on proper Power BI configuration and your organisation's security policies. When the Load from URL feature is used, security of the file in transit and at rest on the remote host depends on the configuration of that host (TLS, access control, logging). The developer is not liable for unauthorised access resulting from misconfigured Power BI permissions, exposed file URLs, or inappropriate sharing of reports containing sensitive model data. Users are responsible for ensuring appropriate access controls are in place before distributing reports containing 3D model content.

 

End of Privacy Policy