Legal

Privacy Policy

Last updated: 2026-04-20

This policy explains what Rendra collects, why, who we share it with, and the rights you have. We aim for plain language. If something isn’t clear, email the address at the bottom and we’ll clarify.

Data controller

The data controller for personal data processed through Rendra is:

• Daniel Benisti
• Prague, Czech Republic
• Contact for privacy requests: privacy@rendra.design [placeholder — replace with a working mailbox once the domain is live]

Rendra is operated as an individual (natural person) project. No company entity, IČO, or VAT DIČ applies at this time.

What we collect

Account data

• Email address
• Name
• A hashed password (we never store the plain text)
• Profile photo, if you upload one (optional)

Usage data

• Documents you create and their full content
• API tokens you issue for your workspace
• Session cookies — essential only, used for keeping you signed in (httpOnly JWT) and for CSRF protection
• Billing information via Stripe; Rendra never sees or stores your card numbers

Rendra Refresh (optional)

• Your Anthropic API key — encrypted at rest using AES-256-GCM with a server-side master key, decrypted in memory only when you run a refresh job
• Refresh jobs you run and the proposals Claude returns, kept so you can review and accept or reject them

Legal bases (GDPR Article 6)

• Contract— creating and running your account, providing features you request, processing payments.
• Legitimate interest— operating and securing the service, preventing abuse, and improving the product based on aggregated technical signals.
• Consent— for any marketing communications, if we offer them in the future. We don’t send marketing email today.

Third-party processors

We use a small set of infrastructure providers to run Rendra. Each one processes data only on our instructions and under a data processing agreement.

• Neon— managed Postgres hosting for your account and document data; EU (Frankfurt) region. neon.tech/privacy-policy
• Upstash— Redis for rate-limit counters and ephemeral state; EU region. upstash.com/trust
• Vercel— application hosting and edge; EU (Frankfurt) region. vercel.com/legal/privacy-policy
• Stripe— payment processing; United States, covered by Standard Contractual Clauses. stripe.com/privacy
• Resend— transactional email (sign-up, password reset, billing); United States, covered by Standard Contractual Clauses. resend.com/legal/privacy-policy
• Anthropic— used only when you opt into Rendra Refresh and supply your own Anthropic API key. Anthropic sees the document sections you’ve marked as refreshable plus the instructions needed to generate a proposal. Your Anthropic account’s terms and privacy policy apply to that traffic. anthropic.com/legal/privacy
• Vercel Analytics & Speed Insights— cookieless visitor analytics + real-user performance measurements. Vercel processes your IP address and user-agent to count visits, aggregate page popularity, and report Core Web Vitals (LCP, INP, CLS). No cookies, no cross-site tracking, no profile building. We never see individual visitor IPs. Legal basis: legitimate interest in understanding how the service is used and performs. vercel.com/docs/analytics/privacy-policy
• Sentry— error monitoring. When an unhandled exception happens on the server or in your browser, Sentry receives the stack trace, the request path, your IP address, and your user-agent so we can diagnose and fix the bug. We explicitly strip authorization headers, session cookies, request bodies, and decrypted API keys before sending. No session replay. United States, covered by Standard Contractual Clauses. Legal basis: legitimate interest in keeping the service running. sentry.io/privacy

Data retention

• Account and document data is kept while your account is active. When you delete your account, we keep the data for up to 30 days so we can restore it if you ask, and to resolve disputes. After that, it’s permanently removed from primary systems; routine backups are overwritten within 90 days.
• Stripe payment events are kept for 7 years to meet Czech and EU tax and accounting requirements.

Your rights under GDPR

You have the right to:

• Access your personal data and get a copy.
• Rectifyinaccurate data — most fields you can edit yourself in settings.
• Erase your account and data; you can delete your account directly from settings.
• Portyour data — request a machine-readable export by email.
• Object to processing based on legitimate interest.
• Restrict processing in certain situations.
• Lodge a complaint with your local supervisory authority — for the Czech Republic, that’s the Úřad pro ochranu osobních údajů (uoou.cz).

Cookies

We use only essential cookies: the httpOnly JWT session cookie that keeps you signed in, and a CSRF-protection cookie. We don’t run analytics, advertising, or marketing cookies, so there’s no cookie banner to click through.

International transfers

Your data is transferred only to the processors listed above. Where a processor is outside the EU/EEA (Stripe, Resend, Sentry), transfers are covered by the European Commission’s Standard Contractual Clauses.

Data breach notification

If we become aware of a personal-data breach that is likely to result in a risk to your rights, we’ll notify the supervisory authority within 72 hours, and notify you without undue delay, as required by GDPR Article 33 and 34.

Children

Rendra is not intended for anyone under 16. We don’t knowingly collect data from under-16s. If we learn that an account belongs to someone under 16, we will delete it.

Contact for privacy requests

privacy@rendra.design [placeholder — replace with a working mailbox once the domain is live]