Privacy Policy

Effective Date: July 1, 2026

1. Introduction

RenderOps ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Information We Collect

Account information: When you sign up, we collect your email address and (optionally) your name.

Usage data: We may collect anonymised information about how you use the Service (pages visited, features used) to improve the product. This data does not identify you personally.

Payment information: Payments are processed by our Merchant of Record. We do not store your credit card number or full payment details.

Content you process: For client-side tools (CSS inliner, spam checker, etc.), your email HTML is processed entirely in your browser and is never sent to our servers.

API requests: For server-side tools (ESP sync, Mirage countdown), your content passes through our Edge servers to fulfil the request. We do not store this content beyond the duration of the request.

3. How We Use Your Information

  • To create and manage your account
  • To provide and improve the Service
  • To process payments and manage subscriptions
  • To send transactional emails (account confirmation, receipts)
  • To notify you of product updates if you opt in
  • To comply with legal obligations

We do not sell your personal data to third parties.

4. Data Storage and Security

Account data is stored in Supabase, hosted on infrastructure in the EU/US. We use industry-standard encryption (TLS in transit, AES-256 at rest).

Session tokens are stored as httpOnly cookies and are not accessible to JavaScript running in your browser, which protects against XSS attacks.

5. Third-Party Services

We use the following third-party services:

  • Supabase — database and authentication
  • OpenAI — AI content generation (Newsroom tool)
  • Payment MOR — Paddle, Stripe, or Lemon Squeezy for payment processing
  • Vercel / Render — hosting and edge infrastructure

Each service operates under its own privacy policy.

6. Cookies

We use the following cookies:

  • sb-access-token — httpOnly session cookie for authentication (expires in 7 days)
  • sb-refresh-token — httpOnly token to refresh your session (expires in 30 days)

We do not use advertising cookies or third-party tracking cookies.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of your personal data
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your account and associated data
  • Portability — request your data in a machine-readable format
  • Objection — object to certain uses of your data

To exercise any of these rights, contact us at privacy@renderops.tech. We will respond within 30 days.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

9. Children

The Service is not directed at children under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the data immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. The effective date at the top of this page will be updated.

11. Contact

For privacy-related questions, contact us at privacy@renderops.tech.