Privacy Policy

Rendobar provides a media processing API. This policy explains what data we collect, why, and what control you have over it.

Rendobar is the data controller for information collected through the Service. You can reach us at [email protected].

What we collect

How we use it

• ✓ To run the service — process your media, track your balance, deliver results
• ✓ To send transactional emails (verification, billing)
• ✓ To prevent abuse and protect the platform
• ✓ To improve the service based on aggregate usage patterns (never individual content)

What we don't do

• ✕ We don't sell your data
• ✕ We don't train AI models on your content
• ✕ We don't analyze your media beyond processing your request
• ✕ We don't use advertising or tracking cookies

Sub-processors

We use the following third parties to operate the Service:

Data retention

Automated processing

The Service uses automated systems to process your media (transcoding, captioning, moderation, etc.). We may also use automated tools for abuse detection and content moderation. No automated decision-making with legal or similarly significant effects is performed on your personal data.

Security

We protect your data with encryption in transit (TLS) and at rest. API keys are hashed before storage. Media files are stored in isolated object storage with time-limited access URLs. Access to production systems is restricted and logged.

If we discover a data breach that affects your personal data, we will notify you and any applicable regulatory authority within 72 hours as required by law.

Cookies

The dashboard uses a single session cookie for authentication. It is strictly necessary and cannot be disabled. This website uses no tracking cookies, no third-party analytics, and no advertising pixels.

International data transfers

Your data may be processed in the United States and other countries where our sub-processors operate. Where data is transferred outside the EEA, we rely on Cloudflare's and our sub-processors' standard contractual clauses and data processing agreements to ensure appropriate safeguards.

Legal basis for processing (GDPR)

If you're in the EEA or UK, we process your data under these legal bases:

• → Contract performance: Processing your media, managing your account, billing
• → Legitimate interest: Security, fraud prevention, service improvement
• → Legal obligation: Billing records, compliance with law enforcement requests
• → Consent: Where specifically required, such as optional marketing communications

Your rights

You can:

• → Access or export your data in a portable format
• → Correct inaccurate information
• → Delete your account and all associated data
• → Object to or restrict processing for specific purposes
• → Withdraw consent where processing is based on consent
• → Lodge a complaint with your local data protection authority

To exercise any of these rights, email [email protected]. We'll respond within 30 days.

California privacy rights

If you're a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, email [email protected].

Children's privacy

The Service is not intended for anyone under 18. We don't knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes

If we make material changes, we'll notify you by email or dashboard notification at least 30 days in advance.