Privacy Policy

1 Introduction

Rendara Systems LLC ("Rendara," "we," "us," "our") is a Texas-based company that operates the Rendara API Generator platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using Rendara, you consent to the data practices described in this policy.

2 Information We Collect

• Account Information: When you register, we collect your email address, username, and a hashed version of your password. We never store plaintext passwords. Passwords are hashed using bcrypt with a minimum cost factor of 12.
• Generated Code: API code you generate through our platform is stored encrypted at rest using AES-256 (Fernet). You retain full ownership of all code generated by the service.
• Usage Data: We collect anonymised usage metrics including generation counts, feature usage, and error rates to improve the service. We do not track you across third-party websites. We do not use advertising trackers or third-party analytics cookies.
• Payment Information: If you subscribe to a paid plan, payment is processed by Stripe. We store only your Stripe customer ID and subscription status — never your card number, CVV, or bank details.

3 How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the service
• Process transactions and manage billing
• Send transactional emails (password resets, account notifications, deployment status updates)
• Monitor for abuse, fraud, and security threats
• Enforce our Terms of Service and Acceptable Use Policy
• Develop new features based on anonymised usage patterns

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4 Legal Basis for Processing (GDPR Art. 6)

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service.
• Legitimate Interest (Art. 6(1)(f)): Security monitoring, fraud prevention, abuse detection, service improvement, and anonymised analytics.
• Consent (Art. 6(1)(a)): Any future marketing communications will only be sent with your explicit opt-in consent.

5 Data Sharing

We share data with:

• Anthropic (LLM processing) — Zero Data Retention enabled
• Stripe (payment processing)
• AWS (deployment hosting)
• Resend (transactional email)
• Sentry (error monitoring, PII scrubbed)

6 International Transfers

If you are in the EEA or UK, your data may be transferred to the US. We rely on Standard Contractual Clauses (SCCs) for such transfers.

7 Data Retention

• Account data retained while active, deleted 30 days after deletion request
• Generated code deleted with account
• Audit logs: 90 days rolling
• Payment records: 7 years (tax law)
• Anonymised analytics: indefinitely
• Deployed APIs: torn down after 30 days inactivity

8 Your Rights (GDPR & CCPA)

• Right of Access
• Right to Rectification
• Right to Erasure
• Right to Data Portability (JSON export)
• Right to Restriction
• Right to Object
• Rights related to Automated Decision-Making

9 How to Exercise Your Rights

In-app GDPR tools (data export and deletion in account settings) or email contact@rendarasystems.com. Response within 30 days.

10 Cookies

We use a single HttpOnly session cookie for authentication. No tracking cookies, no advertising cookies, no third-party analytics.

11 Children

Service not intended for anyone under 16. We do not knowingly collect data from children under 16.

12 Changes to This Policy

Material changes: 30 days' notice via email or in-app banner.

13 Contact Us

Data Controller: Rendara Systems LLC

Location: Texas, United States

Email: contact@rendarasystems.com