Privacy Policy
Last updated: June 2025
RenderedBy runs infrastructure for teams that care about security and reliability. We hold our own data practices to the same standard we apply to the platforms we build: minimal collection, strict retention limits, no data repurposing, and transparent controls.
1. Information We Collect
We collect information you provide directly to us, information generated through your use of the platform, and certain technical information necessary to operate the service.
**Information you provide:**
- Contact details (name, email address, company name, job title) submitted through our website enquiry and booking forms
- Communications you send to us by email or through support channels
- Information provided during onboarding and account setup
**Information generated through platform use:**
- Document metadata (file names, upload timestamps, processing status)
- User activity logs (login events, feature usage, human-validation decisions)
- Service and infrastructure configuration data
**Technical information:**
- IP address, browser type, and operating system
- Azure-side telemetry: request latency, error rates, infrastructure health metrics
- Cookies and similar session tokens (see Section 7)
We do not collect your data beyond what is necessary to deliver our services. Data is processed transiently where possible and retained only as long as needed (see Section 4).
2. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:
- Contract performance — processing necessary to deliver the cloud engineering services you have contracted for
- Legitimate interests — operating and improving the platform, detecting abuse, and communicating service updates, where these interests are not overridden by your rights
- Legal obligation — retaining records required by applicable law
- Consent — where we have asked for and you have provided explicit consent, such as for marketing communications
You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
3. How We Use Your Information
We use the information we collect to:
- Deliver, operate, and maintain the RenderedBy cloud services platform
- Process and extract data from documents you submit for automation
- Provide customer support and respond to enquiries
- Send transactional communications (service notifications, security alerts, deployment status)
- Monitor platform security and investigate suspected misuse
- Meet legal and regulatory obligations
- Improve the reliability and performance of our infrastructure
We do not use your data, or your clients' data, for any purpose other than delivering the services you have contracted for. We only work with reputable cloud and infrastructure sub-processors. See Section 6 for details.
4. Data Retention and Document Handling
Data handling: Any data you entrust to us is processed within your chosen cloud environment under least-privilege access, encrypted in transit and at rest. We store only what is needed to deliver the service, in the region you choose.
Structured extraction data: Retained for the duration of your subscription and deleted within 30 days of contract termination, unless a longer retention period is required by applicable law or you request earlier deletion.
Account and contact data: Retained for the duration of the commercial relationship and for a period of up to 7 years thereafter to meet financial recordkeeping obligations.
Audit logs: System-level audit logs are retained for 12 months for security monitoring purposes.
You may request deletion of your personal data at any time (see Section 9). Deletion requests affecting data subject to a legal retention obligation will be fulfilled as soon as that obligation expires.
5. Data Sharing and Disclosure
We do not sell your personal data. We do not share your data with third parties for their marketing purposes.
We share data in the following limited circumstances:
- **Sub-processors:** Infrastructure and service providers necessary to operate the platform (Microsoft Azure, AI inference providers). A full sub-processor list is published at renderedby.com/security#sub-processors. All sub-processors are bound by data processing agreements consistent with GDPR Article 28.
- **Legal requirements:** Where required by law, court order, or governmental authority, or where necessary to protect the rights, property, or safety of RenderedBy, our clients, or the public.
- **Business transfers:** In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your personal data becomes subject to a different privacy policy.
For EU/EEA clients, data is processed within EU boundaries by default (Azure West Europe — Amsterdam). Data is not transferred to countries outside the EEA without appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms).
6. Sub-processors and Cloud Providers
To deliver our services we rely on reputable cloud and infrastructure providers (for example AWS, Azure, GCP, and Hetzner). We only use sub-processors that offer appropriate security and data-protection guarantees. This means:
- Your data stays within the cloud regions and providers you approve
- We do not repurpose your data or use it for anything beyond delivering the service
- No document content is retained in inference provider logs beyond the minimum required for abuse detection under their platform terms
These guarantees are contractual obligations, not aspirational policies. Copies of the relevant Data Processing Agreements are available to enterprise clients on request.
8. Security
We implement technical and organisational measures appropriate to the risk, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256) for all tenant data
- Role-based access controls with least-privilege enforcement
- Cryptographic audit trails for all infrastructure and deployment events
- Periodic penetration testing and infrastructure security reviews
- Incident response procedures with defined notification timelines
No transmission of data over the internet is entirely secure. If you discover a potential security vulnerability, please disclose it responsibly to hello@renderedby.com.
9. Your Rights
Depending on your jurisdiction, you may have rights including:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — request deletion of your personal data (subject to legal retention obligations)
- Restriction — ask us to pause processing while a dispute is resolved
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdrawal of consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at hello@renderedby.com. We will respond within 30 days. If you are in the EEA or UK and believe we have not handled your request appropriately, you have the right to lodge a complaint with your supervisory authority (in the UK, the ICO; in Ireland, the DPC; in the Netherlands, the AP).
10. Data Processing Agreements
If you are using RenderedBy under a commercial contract, we offer a GDPR-compliant Data Processing Agreement (DPA) covering our obligations as a data processor. The DPA includes:
- Scope and purpose of processing
- Technical and organisational security measures
- Sub-processor obligations and notification procedures
- Data subject rights assistance
- Deletion and return of data provisions
Contact your account manager or email hello@renderedby.com to request or execute a DPA.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify clients of material changes by email or by a prominent notice on the platform at least 30 days before the change takes effect. The date at the top of this page reflects when the policy was last updated. Continued use of the platform after a change takes effect constitutes acceptance of the updated policy.
12. Contact and Data Controller
RenderedBy is the data controller for personal data collected through this website and the platform.
Contact: hello@renderedby.com
For data protection enquiries, please mark your subject line "Data Protection" to ensure prompt handling by the appropriate team.
Questions about this policy?
Email us at hello@renderedby.com with the subject "Data Protection" and we will respond within 2 business days.