Privacy Policy

We collect the minimum data needed to run Renovato: your account email and password hash, the renders and content you upload, the generations you run, and basic usage metrics. We do not sell your data. We do not train AI models on your uploads.

We share data with the third parties that physically power the Service — Paddle (payments), AI providers (generation), Vercel and our hosting providers (delivery), and Cloudflare R2 (object storage). We retain account data while you have an active subscription, and uploaded content for 30 days after deletion.

You have the right to access, correct, export, and delete your data. Email hello@renovato.ai with the request.

The detailed sections below are the legally operative version.

The data controller for the personal data described in this Policy is Renovato AI(“Renovato”, “we”, “us”). You can reach us at hello@renovato.ai.

For payment data, Paddle.com Market Limited acts as Merchant of Record and is an independent controller for billing data. See paddle.com/legal/privacy.

We collect three categories of data:

A. Account data. Email address, password (stored as a salted hash, never plain), display name, optional profile photo, organisation/team membership.

B. Service-use data. Renders, photos, sketches, and floor plans you upload; text prompts and parameters you submit; generated outputs (images, videos, 3D models); your project structure and node graph; credit ledger; activity logs (timestamps, IP for security, user-agent for support).

C. Billing data. Handled by Paddle as Merchant of Record. Paddle stores cardholder data and tokenizes it; we receive only the subscription identifier, tier, status, and billing email. We do not see your full card number.

We do not collect biometric data, sensitive demographic data, or precise location. We do not use third-party advertising trackers or marketing pixels.

We use your data to:

• Provide the Service: authenticate you, process generations, store outputs, deliver them back to you.
• Bill you: deliver subscription information to Paddle so they can charge your card and remit VAT/sales tax.
• Communicate with you: transactional emails (account, billing, security), support, and product changelog notifications.
• Improve reliability and safety: aggregate usage metrics, error tracing, abuse detection.
• Comply with legal obligations: tax records via Paddle, response to lawful authority requests.

We do not use your uploaded content or generated outputs to train AI models — neither our own models, nor those of third-party providers. We pass content to providers only at the moment of inference.

For users in the European Economic Area or the United Kingdom, our legal bases for processing are:

• Contract — processing necessary to provide the Service you subscribe to.
• Legitimate interest — security, fraud prevention, aggregate analytics, product improvement, where balanced against your privacy rights.
• Legal obligation — tax records, VAT/sales tax compliance via Paddle, lawful requests.
• Consent — for any optional marketing email (we do not send marketing email by default).

We share data with the third parties that physically deliver parts of the Service. They act as data processors (handling data on our instructions) except where noted as independent controllers.

• Paddle.com Market Limited — Merchant of Record. Independent controller for billing data. UK / EU.
• AI providers — OpenAI (US), Google (US/EU), ByteDance (US/Singapore for Seedream/Seedance), Kling (Singapore/CN), and open-source model hosts (typically US/EU). Renders and prompts you submit are sent to these providers at inference time.
• Vercel — frontend hosting and edge delivery. US.
• Railway (or equivalent) — backend application and database hosting. US/EU regions.
• Cloudflare — DNS and Cloudflare R2 object storage for uploads and outputs. Global edge.
• Resend (or equivalent) — transactional email delivery. EU.
• Plausible / Vercel Analytics — privacy-friendly aggregate analytics. EU/US. No cross-site tracking.
• Sentry (or equivalent) — error monitoring. US.

We do not sell personal data. We do not share data with advertising networks. We do not use data brokers.

Our service providers are located in the United States, the European Union, the United Kingdom, and other regions. Where data is transferred outside the EEA / UK, we rely on appropriate safeguards — typically Standard Contractual Clauses (SCCs) or, where the provider is certified, the EU-US Data Privacy Framework.

We retain data as follows:

• Account data — for as long as your account is active, plus 90 days after closure (to allow recovery and dispute handling).
• Uploaded content and outputs — kept while in your account; deleted within 30 days of explicit deletion or account closure.
• Billing records — retained by Paddle and by us for 7 years where required for tax law (UK/EU).
• Activity logs — 90 days for security and abuse investigation, then aggregated or deleted.
• Backups — encrypted backups roll over within 30 days; deleted data is purged from backups in that window.

You have the following rights under GDPR, UK GDPR, and CCPA:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion (the “right to be forgotten”), subject to legal retention obligations.
• Portability — receive your data in a machine-readable format.
• Object — to processing based on legitimate interest.
• Withdraw consent — for any consent-based processing.
• Complain — to your local data-protection authority. In the UK, that is the ICO (ico.org.uk).

To exercise any right, email hello@renovato.ai with the request and the email address on your account. We respond within 30 days.

California residents (CCPA): we do not sell your personal information. You may also request a list of categories of personal information we have shared, by emailing the same address.

We use a small number of cookies and local-storage entries:

• Session cookies — to keep you logged in. Required for the Service to function.
• Preference storage — local storage for editor settings (theme, panel sizes, last-opened project). Stays in your browser.
• Analytics — Plausible / Vercel Analytics use anonymous, cookieless tracking by default. No cross-site identifiers.

We do not use third-party advertising cookies, marketing pixels, or social-media trackers.

We protect data in transit with TLS, at rest with provider-level encryption (AES-256 on Cloudflare R2 and our database). Passwords are stored as salted bcrypt hashes; we cannot recover your plaintext password.

Access to production systems is restricted to authorised engineers, via SSO with hardware-backed 2FA. Every access is audit-logged. We do not allow database snapshots to leave the production environment.

No system is perfect. If you suspect a security issue, email hello@renovato.ai with the details. In the event of a breach affecting your data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR.

The Service is not directed at children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect data from children. If you become aware that a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. For material changes, we will notify you by email and update the “Last updated” date at the top of the page at least 14 days before they take effect. Material changes that expand processing of your data will be opt-in where required by law.

For privacy questions, data-subject requests, or to update your preferences, email hello@renovato.ai with “privacy” in the subject line. We respond within 30 days.

See also the Terms of Service and the Refund Policy.