Skip to main content

Last updated: June 2026.

Privacy Policy

Rendervo ("we", "us", "our") operates the Rendervo platform at rendervo.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google or GitHub, we receive your profile information from those providers.

Usage Data: We collect information about how you interact with our service, including features used, content created, and performance metrics.

Session Replay (Sentry):We record a sampled, masked replay of UI sessions to debug production errors. Text content, input values, and media are masked before transmission via the Sentry SDK's replay integration (maskAllText, maskAllInputs, blockAllMedia). Sample rate: 10% of sessions plus 100% of sessions where an error occurs. Retention: ≤30 days (Sentry Team plan setting). You can opt out at any time at /settings/privacy. Lawful basis: legitimate interest (Art 6(1)(f)) — see our Legitimate Interest Assessment in section 3.5 below.

Payment Information:Payment processing is handled by Stripe. We do not store your credit card details. Stripe's privacy policy applies to payment data.

2. How We Use Your Information

3. Data Processing (GDPR)

We process personal data under the following legal bases: contract performance (providing the service), legitimate interest (improving the service, fraud prevention), and consent (marketing communications).

3.5. Legitimate Interest Assessment — Session Replay

Interest: Debugging production errors and UX optimization. Without sampled session replay, mean-time-to-resolution for client-side bugs is materially higher.

Necessity: Alternatives considered — verbose logging (high noise, no DOM context); opt-in user feedback (sub-1% sample); error-only screenshots (bigger PII surface, no temporal context). Replay with masking is the minimum-invasive option.

Balancing test: Replay is configured with maskAllText: true, maskAllInputs: true, blockAllMedia: true, plus selector-based masking for <title> and [contenteditable] surfaces. The 100% on-error replay rate captures every error session for debugging — masking above is the load-bearing safeguard. Known coverage limitation: rich-text editors using contentEditable nodes may bypass automatic masking; we ship explicit selectors for known instances.

Right to object: Real opt-out at /settings/privacy. Server-side flag persists across devices via your account; localStorage provides instant per-device effect. Either source resolving to opt-out disables replay (privacy-erring default).

Review schedule: Annually, plus on any change to sample rate, masking config, retention setting, the Sentry DPA scope, or newcontentEditable/rich-text components landing in the product.

4. Your Rights

Under GDPR and applicable privacy laws, you have the right to:

To exercise these rights, contact us at privacy@rendervo.com.

5. Sub-Processors

We use the following third-party services to operate our platform:

A full list of sub-processors with data processing details is available upon request at privacy@rendervo.com.

6. Data Retention

6.1 Account Data

We retain your account data (the name, email address, authentication credentials, and OAuth-provider profile information described in §1) for as long as your account is active, plus the period required to provide services and meet legal obligations (for example, billing records under applicable tax law). Lawful basis: GDPR Art 6(1)(b) contract performance. You may request deletion at any time through your account settings or by emailing privacy@rendervo.com. We respond within one month of receipt (GDPR Art 12(3)); this period may be extended by up to two further months for complex requests, with reasons given.

6.2 Video Library — Free Tier

Clips uploaded under the Free tier are automatically deleted 30 days after creation, measured from the clip's created_at timestamp in our system.

Five days before deletion (day 25), we send a single transactional service email warning you of the upcoming deletion so you can download the clip, upgrade your subscription, or take no action. This is a service email, not marketing, and is not opt-out-able under standard transactional-email norms — the email itself informs you of impending controller action you have a right to know about under Art 13. Lawful basis: GDPR Art 6(1)(f) legitimate interests — see §6.6 for the balancing test. Effective opt-out paths are listed in §6.6 (upgrade, data export, or account deletion).

6.3 Video Library — Creator and Business

Subscribers on the Creator or Businesstier keep their clips for the lifetime of the active subscription, subject to the plan's storage budget. Reaching the storage budget does not trigger auto-deletion; uploads pause until you free space or upgrade. See your billing settings for current plan details.

If you cancel or downgrade to the Free tier, clips uploaded under your paid subscription become subject to the Free-tier 30-day retention policy measured from each clip's original created_at timestamp. To make the new horizon visible, we send a one-time transactional service email at the moment of downgrade summarising each affected clip and its individual deletion date. Clips that are already older than 25 days at downgrade may be deleted in the next scheduled sweep without the standard 5-day warning window — the immediate downgrade-event email is the notice for that cohort. We are evaluating a richer clock-reset policy that would give every paid-created clip a full 30-day window from downgrade; until that ships, the original-created_at rule applies.

6.4 Data Export Before Deletion

Before any automatic deletion fires, you may exercise your right of access (GDPR Art 15) and your right to data portability for data you provided that we process under consent or contract (GDPR Art 20) by emailing privacy@rendervo.com. We fulfil access and portability requests within one month (GDPR Art 12(3)). We are building a self-service export tool; until it ships, the email channel above is the canonical route.

6.5 Hard Retention Ceiling

Regardless of tier, clip media stored in your video library is retained for no longer than 7 years from the clip's created_at timestamp, as a strict storage-minimisation ceiling under GDPR Art 5(1)(e). This ceiling applies to clip media only; certain other categories of personal data (for example billing records required by tax law, or security logs required for SOC 2 obligations) are retained for the period required by the applicable law and then deleted.

6.6 Legitimate Interest Assessment — Retention Monitoring & Warning

Interest: Operating the clip-retention system — scheduling and executing the deletions described in §6.2 and §6.5, enforcing tier policies, and notifying free-tier users five days before scheduled deletion so they can act before losing user-generated content.

Necessity: Without scheduled deletion, we would breach our storage-minimisation duty under Art 5(1)(e). Without a pre-deletion warning, free-tier users who do not log in regularly would lose creative work without notice. Alternatives considered (in-app banner only, push-notification only, no warning at all) fail to reach all free-tier users in the 5-day window. Email is the minimum-intrusive channel that reaches all free-tier users because a verified email address is a sign-up precondition. Art 6(1)(b) contract necessity was considered for the warning email and rejected (the free-tier Terms of Service do not require pre-deletion notice as a contractual obligation).

Balancing test:Privacy intrusion is low — the email channel is already collected at signup under contract necessity, no new PII is captured, no third-party tracking pixels or link tracking are present, the email is sent at most once per user per sweep day (idempotency-gated), and it carries no commercial offer beyond a single upgrade option to preserve the user's own data. Tier-aware retention is disclosed at signup in §6.2 and §6.3; a free-tier user who uploaded clips reasonably expects to be notified before automated deletion (GDPR Recital 47 reasonable-expectations test). The Art 5(1)(e) 7-year ceiling in §6.5 is the load-bearing safeguard for paid-tier users.

Effective opt-out path: The transactional service email itself is not opt-out-able under standard transactional-email norms. Effective opt-outs are: upgrading to a paid tier (deletion ceases entirely within storage budget, up to the 7-year ceiling); exercising your Art 15 / Art 20 right of access / portability at privacy@rendervo.com; or deleting your account under Art 17, which terminates all processing including future warning emails. Marketing emails are a separate channel and remain opt-out via the unsubscribe link in those emails (this does not affect warning emails).

Review schedule: Annually, plus on any material change to the retention windows (currently 30-day Free-tier auto-delete; lifetime-of- subscription for Creator and Business tiers, subject to storage budget; 7-year hard ceiling for all tiers), the warning-email cadence (currently five days before scheduled deletion), the operational gate RETENTION_WARNINGS_ENABLED, the email sub-processor (currently Resend), or the Google Cloud DPA scope.

7. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security assessments.

8. Contact

For privacy-related inquiries, contact us at privacy@rendervo.com.