Privacy Policy

Last updated: November 01, 2025

Renderly ("we," "our," or "us") is committed to protecting the privacy and security of our enterprise customers and their data. This Privacy Policy explains how we collect, use, protect, and handle information when you use our programmatic video generation platform and API services.

1. Information We Collect

Enterprise Account Information

Business Details: Company name, business address, industry, and tax information
Contact Information: Names, email addresses, and phone numbers of authorized users
Billing Information: Payment details, invoicing addresses, and transaction history
API Credentials: Account tokens, API keys, and access permissions

Technical Usage Data

API Usage: Request volumes, endpoint usage, response times, and error rates
Video Generation: Template usage, render times, credit consumption, and output metrics
System Performance: Infrastructure performance, processing queues, and service availability
Integration Data: Webhook configurations, callback URLs, and integration patterns

Content and Media Assets

Input Media: Images, videos, audio files, and text content submitted for processing
Template Data: Custom templates, configurations, and variable definitions
Generated Videos: Rendered video outputs and associated metadata
Processing Logs: Render job status, error logs, and processing history

2. How We Use Your Information

Service Delivery

Video Processing: Render videos based on your templates and input data
API Operations: Authenticate requests, manage rate limits, and process webhooks
Credit Management: Track usage, process billing, and manage subscription plans
Quality Assurance: Monitor service performance and optimize rendering processes

Business Operations

Account Management: Manage enterprise accounts and user permissions
Customer Support: Provide technical assistance and resolve integration issues
Billing and Payments: Process payments, generate invoices, and manage credits
Security Monitoring: Detect suspicious activity and prevent unauthorized access

Platform Improvement

Performance Analytics: Analyze system performance and identify optimization opportunities
Feature Development: Understand usage patterns to guide product development
Capacity Planning: Scale infrastructure based on demand forecasting
Service Reliability: Monitor system health and prevent service degradation

3. Data Security and Protection

Enterprise-Grade Security

Data Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
Access Controls: Role-based permissions and multi-factor authentication
Network Security: VPC isolation, firewall protection, and DDoS mitigation

Data Processing Standards

Secure Processing: All content is processed in isolated, secure environments
Temporary Storage: Input media is automatically deleted after successful rendering
Backup Procedures: Encrypted backups with automatic retention policies
Audit Trails: Comprehensive logging of all data access and processing activities

Infrastructure Security

Cloud Security: AWS enterprise security controls and monitoring
Vulnerability Management: Regular security assessments and patch management
Incident Response: 24/7 security monitoring and incident response procedures
Business Continuity: Disaster recovery and backup procedures

4. Data Retention and Deletion

Content Retention

Input Media: Deleted immediately after successful video generation
Generated Videos: Available for download for 30 days, then automatically deleted
Failed Jobs: Error data retained for 7 days for debugging purposes
Template Data: Retained while your account is active

Account Data

Business Information: Retained while your account is active and for 7 years after termination for legal compliance
Usage Analytics: Aggregated, anonymized data may be retained indefinitely
Billing Records: Retained for 7 years for tax and legal compliance
Support Data: Customer communications retained for 3 years

Data Deletion Rights

Account Deletion: Complete account and data deletion within 30 days of request
Selective Deletion: Ability to delete specific templates, jobs, or content
Right to be Forgotten: Compliance with GDPR and similar privacy regulations
Data Portability: Export your data in standard formats upon request

5. Third-Party Services and Integrations

Infrastructure Providers

Amazon Web Services (AWS): Cloud infrastructure, storage, and processing
Cloudflare: Content delivery network and DDoS protection
MongoDB Atlas: Database hosting and management

Payment Processing

Stripe: Credit card processing and subscription management
PayPal: Alternative payment processing
Invoicing: Automated billing and invoice generation

Monitoring and Analytics

DataDog: System monitoring and performance analytics
Sentry: Error tracking and application monitoring
PostHog: Privacy-focused product analytics

Authentication Services

Auth0: Enterprise single sign-on (SSO) integration
Google Workspace: OAuth integration for business accounts
Microsoft Azure AD: Enterprise directory integration

6. Enterprise Privacy Rights

Data Access and Control

Data Access: View all data associated with your account
Data Correction: Update or correct inaccurate information
Data Portability: Export your data in machine-readable formats
Processing Restriction: Limit how we process your data

Compliance and Governance

GDPR Compliance: Full compliance with European data protection regulations
CCPA Compliance: California Consumer Privacy Act compliance
HIPAA Ready: Business Associate Agreements available for healthcare customers
Data Processing Agreements: Comprehensive DPAs for enterprise customers

Legal Basis for Processing

Contractual Necessity: Processing required to provide our services
Legitimate Interest: Business operations and service improvement
Consent: Explicit consent for marketing communications
Legal Obligation: Compliance with applicable laws and regulations

7. International Data Transfers

Data Residency

Primary Processing: Data processed in AWS US-East regions
Regional Options: EU data residency available for enterprise customers
Data Localization: Compliance with local data residency requirements
Cross-Border Transfers: Standard Contractual Clauses for international transfers

8. Marketing and Communications

Business Communications

Service Updates: Platform updates, maintenance notifications, and feature announcements
Billing Notices: Payment confirmations, invoice notifications, and credit alerts
Security Alerts: Security incidents, policy changes, and compliance updates
Support Communications: Technical support, account management, and customer success

Marketing Preferences

Opt-In Marketing: Explicit consent required for promotional communications
Unsubscribe Options: Easy unsubscribe from all marketing communications
Preference Management: Granular control over communication types
Business-Only: No personal use marketing for enterprise accounts

9. Children's Privacy

Renderly is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via:

Email Notification: Direct notification to account administrators
Platform Notices: In-app notifications and dashboard alerts
Website Updates: Posted changes with effective dates
API Documentation: Updated privacy documentation for developers

11. Contact Information

General Support: support@renderly.video

Business Address

Veseytechnology Ltd,. co 26D - Tran Thi Hoa street, An Binh ward, Bien Hoa city, Dong Nai province, Vietnam.

By using Renderly, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.