Privacy Policy

Who we are

This policy explains how rendrd (“rendrd”, “we”, “us”), the operator of rendrd.io, collects and uses personal information when you use our service (the “Service”). We are the data controller for that information. For any privacy question or to exercise your rights, contact us at privacy [at] rendrd [dot] io.

Information we collect

Information you give us

• Account information: your email address, and a normalised form of it that we use to enforce free-tier limits across address variants. We sign you in with email links rather than storing passwords.
• Billing information: if you take a paid plan, our payment provider processes your payment details. We receive a customer reference and your plan status, not your full card details.
• Page content: the HTML, text, images, and links you publish through the Service.
• Reports and correspondence: information you provide when you report a page or contact us.

Information we collect automatically

• Request data: when you publish a page or submit a report, we record your IP address, approximate location, network provider (ASN), and browser user-agent, to detect and investigate abuse, fraud, and other breaches of our Terms.
• Page analytics: for the owner of each page we record privacy-friendly, cookieless usage statistics: total views, an estimate of unique visitors, the country a visit came from, the referring website, and the device type. We do not use cookies for this and we do not track visitors across sites. To estimate unique visitors we generate a hash that rotates each day and is not linked to anyone’s identity; a visitor’s IP address and full user-agent are used only to compute that hash and are not stored in the analytics record.

How we use your information

• to provide and operate the Service, including hosting and serving your pages;
• to sign you in and manage your account;
• to send service messages such as link confirmations, expiry warnings, and security notices;
• to send product-update email, only if you have opted in, which you can stop at any time;
• to give page owners aggregate, cookieless analytics for their own pages;
• to keep the Service safe and lawful, detecting and investigating abuse, fraud, and prohibited content;
• to take payment for paid plans;
• to comply with our legal obligations and respond to lawful requests.

Our legal bases (UK and EU GDPR)

We rely on the following legal bases to process your personal information:

• Performance of a contract: to provide the Service to account holders.
• Legitimate interests: to keep the Service secure and lawful (abuse and fraud detection and content moderation), to give owners aggregate analytics for their own pages, and to send basic service communications. We balance these interests against your rights.
• Legal obligation: to comply with the law, including responding to and reporting unlawful content.
• Consent: where we ask for it, such as optional marketing. You may withdraw consent at any time.

Automated content moderation

To keep the Service safe and lawful, we process the content of pages you publish, including their text and images, through automated safety systems. Content may be sent to specialist providers for analysis, and we retain the result as a moderation record. We do this on the basis of our legitimate interest in preventing illegal and abusive use of the Service and to comply with our legal obligations. These systems may flag, pause, or remove content; a human review is available on request through abuse [at] rendrd [dot] io.

Cookies and tracking

We use a single, strictly necessary cookie to keep you signed in. We do not use advertising or cross-site tracking cookies, and our page analytics are cookieless. Because we do not operate a cross-site tracking system, we do not respond to “Do Not Track” browser signals.

Who we share information with

We do not sell your personal information. We share it only with the categories of service provider that help us run the Service, and where the law requires it:

• Cloud hosting, page storage and content delivery.
• Database hosting, located in the EU (Frankfurt).
• Transactional email delivery.
• Automated content moderation.
• Outbound-link threat checking.
• Payment processing, for paid plans.

We may also disclose information in connection with a business sale or reorganisation, or to law enforcement and other authorities where we are required or permitted to do so.

International transfers

Some of our providers are based outside the UK and the EEA. Where personal information is transferred internationally, we rely on appropriate safeguards, such as an adequacy decision, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses, to protect it.

How long we keep information

• Account email: while your account is active and for a limited period afterwards.
• Page content: until the page expires or you delete it, plus a short period in routine backups.
• Moderation records: kept as a record that a safety check was carried out.
• Request and abuse data (IP, ASN, user-agent): up to 12 months.
• Page analytics: up to 90 days.

When we no longer have a legitimate need to hold your information, we delete or anonymise it.

How we keep information safe

We use appropriate technical and organisational measures to protect personal information. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

Your rights

If you are in the UK, EU, or EEA, you have the right to:

• access the personal information we hold about you;
• have inaccurate information corrected;
• have your information erased;
• restrict or object to how we process it;
• receive your information in a portable format;
• withdraw consent where we rely on it.

To exercise any of these, email privacy [at] rendrd [dot] io. You can also unsubscribe from optional emails using the link in any such message. If you believe we have handled your information unlawfully, you can complain to the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

California residents

If you are a California resident, the CCPA gives you specific rights. In the past twelve months we have collected the categories of personal information described above: identifiers (such as email and IP address), internet activity (such as page views and referrers), and approximate geolocation. We collect these to operate and secure the Service.

You have the right to:

• know what personal information we collect and how we use it;
• request deletion of your personal information;
• opt out of the sale of personal information; and
• not be discriminated against for exercising your rights.

We have not sold personal information in the preceding twelve months and do not sell it. To make a request, email privacy [at] rendrd [dot] io; we may need to verify your identity before we act.

Virginia residents

If you are a Virginia resident, the VCDPA gives you the right to confirm whether we process your personal data, to access and correct it, to request its deletion, to obtain a copy of it, and to opt out of targeted advertising, the sale of personal data, and certain profiling. We do not sell personal data or use it for targeted advertising.

To exercise these rights, email privacy [at] rendrd [dot] io. We will respond within 45 days (extendable once by a further 45 days where reasonably necessary). If we decline, you may appeal by emailing hello [at] rendrd [dot] io; if you remain unsatisfied, you may contact the Virginia Attorney General.

Children

The Service is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us at privacy [at] rendrd [dot] io and we will delete it.

Changes to this policy

We may update this policy from time to time. The “last updated” date above shows when. Where changes are material, we will take reasonable steps to bring them to your attention.

Contact

For any privacy question, or to exercise your rights: