Privacy Policy
Last updated: March 20, 2026
1. Introduction
RenderAPI ("Service", "we", "us") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, how it is processed, and your rights regarding that data.
2. Data We Collect
Account data — When you sign up, we collect your email address and assign you a user ID. If you subscribe to a paid plan, Stripe collects your payment information; we store only your Stripe customer ID and subscription ID.
API keys — We store a SHA-256 hash and a short prefix of each API key. Plaintext keys are shown once at creation and are never stored.
Render inputs — When you make an API request, we receive the URL or HTML you submit. URLs are logged in the renders table. HTML content is not stored; we record only a boolean indicating that HTML was provided.
Render outputs — Generated screenshots and PDFs are uploaded to Cloudflare R2. They are accessible via a unique URL and expire after 24 hours by default.
Usage data — We track daily aggregate counts (screenshots, PDFs, total renders, bytes) per user for billing and plan enforcement.
Server logs — Standard request logs (IP address, user agent, timestamp, status code) are generated by our web server. These are retained for operational and security purposes.
3. Third-Party Processors
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database and authentication | Email, user ID, API key hashes, usage records, render metadata |
| Stripe | Payment processing and subscription billing | Email, plan selection, metered usage counts |
| Cloudflare R2 | Object storage for rendered files | Screenshot and PDF file content (auto-deleted after 24h) |
| Plausible Analytics | Privacy-friendly website analytics (self-hosted) | Page views — no cookies, no personal data |
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Data Retention
- Rendered files — 24 hours (or the cache_ttl you specify, max 24h), then deleted from R2.
- Render metadata — Retained while your account is active, for usage history and debugging.
- Usage records — Retained while your account is active, for billing and plan enforcement.
- Account data — Retained until you request account deletion.
- Server logs — Retained for up to 90 days.
5. Your Rights (GDPR)
If you are in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate data.
- Erasure — Request deletion of your account and associated data ("right to be forgotten").
- Portability — Request your data in a structured, machine-readable format.
- Restriction — Request that we limit how we process your data.
- Objection — Object to processing based on legitimate interests.
To exercise any of these rights, contact us at support@renderapi.dev. We will respond within 30 days.
6. Legal Basis for Processing
We process your data on the following legal bases:
- Contract — To provide the Service you signed up for and process payments.
- Legitimate interest — To monitor service health, prevent abuse, and improve the Service.
- Legal obligation — To comply with applicable laws (e.g., tax, fraud prevention).
7. Security
We protect your data through:
- API keys hashed with SHA-256 before storage.
- All traffic encrypted via TLS (HTTPS).
- SSRF protection blocking access to private/internal networks.
- Rate limiting to prevent abuse.
- SSH key-only server access (password authentication disabled).
8. Cookies
The RenderAPI marketing site and API do not use cookies. Our self-hosted Plausible Analytics instance collects anonymous page-view data without cookies or personal identifiers.
9. Children
The Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
For privacy-related questions or data requests, contact us at support@renderapi.dev.