Privacy Policy
Last updated: June 15, 2026
Renderha is an AI tool that turns sketches, photos, and CAD exports into client-ready renders, material studies, and proposal decks. This policy explains what personal data we process, why, who we share it with, and the rights you have.
1. Data we collect
- Account data — your email address, name, username, and avatar, managed through our authentication provider (Clerk) when you sign up or sign in.
- Content you provide — images you upload, the renders and material studies you generate, projects, and the proposals you assemble (including firm name and contact email you enter for recipients).
- Billing data — if you subscribe, your plan, subscription status, and a payment-processor customer/subscription identifier. We never see or store your full card number — payments are handled entirely by Stripe.
- Usage & diagnostics — limited error and event telemetry (event type, page path, browser user-agent, a pseudonymous hash of your email). We do not run advertising or third-party analytics trackers.
- Essential cookies — set by our authentication provider to keep you signed in. See our Cookie Policy.
2. How and why we use it (lawful bases)
| Purpose | Lawful basis (GDPR) |
|---|---|
| Provide the service (accounts, rendering, proposals, storage) | Performance of a contract |
| Process payments and manage subscriptions | Performance of a contract |
| Keep the service secure, prevent abuse, debug errors | Legitimate interests |
| Comply with tax, accounting, and legal obligations | Legal obligation |
| Send service communications | Legitimate interests / contract |
We do not sell or share your personal information for cross-context behavioral advertising, and we do not use your content to train third-party foundation models beyond what is necessary to generate your requested output.
3. AI processing of your images
To generate renders and analyses, the images and prompts you submit are sent to our AI sub-processors (currently fal.ai, OpenAI, and Google models accessed via fal). They process the content to return your result. See the full list and links on our Subprocessors page. Do not upload images you are not permitted to process, and be aware that uploaded photos may incidentally contain identifiable people; we do not perform facial recognition.
4. Sharing
We share personal data only with: (a) the sub-processors listed on our Subprocessors page, acting on our instructions; (b) authorities where required by law; and (c) a successor in the event of a merger or acquisition. Proposals you publish via a share link are visible to anyone who has that link.
5. International transfers
Our providers are located in the United States. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses and equivalent safeguards offered by those providers.
6. Retention
- Account, project, render, and proposal data: kept until you delete it or close your account.
- Diagnostic telemetry: retained for approximately 90 days.
- Billing/transaction records: retained as required for tax and accounting (typically several years), in de-identified form after account deletion where possible.
7. Your rights
Depending on where you live (EU/UK GDPR, California CCPA/CPRA, and similar laws), you may have the right to access, correct, delete, port, or restrict processing of your data, and to object or opt out. You can:
- Export your data and delete your account directly from your data & privacy choices page.
- Contact us at privacy@renderha.ai for any other request.
We do not sell or share personal information, so there is nothing to opt out of for that purpose; we honor Global Privacy Control signals where applicable. You may lodge a complaint with your local data-protection authority.
8. Security
We protect data with encryption in transit (HTTPS/HSTS), row-level access controls, scoped server-side keys, signed payment/identity webhooks, and least-privilege database access. No system is perfectly secure; if a breach affects your data we will notify you and the relevant authorities as required by law.
9. Children
Renderha is a professional tool intended for users aged 18 and over and is not directed to children. We do not knowingly collect data from children.
10. Saudi Arabia (PDPL)
If you are in the Kingdom of Saudi Arabia, the Personal Data Protection Law (PDPL) and its implementing regulations, overseen by the Saudi Data & AI Authority (SDAIA), apply to our processing of your personal data.
- Lawful basis & consent. We rely primarily on your consent and on performance of our contract with you. You may withdraw consent at any time, without affecting processing carried out before withdrawal.
- Your rights. You have the right to be informed, to access your data and obtain a copy of it, to request correction, and to request destruction of your data. Exercise these from your data & privacy choices page or by emailing privacy@renderha.ai.
- Transfers outside the Kingdom. Our service providers (see Subprocessors) are located outside Saudi Arabia, primarily in the United States. We transfer personal data abroad only as permitted by the PDPL’s Regulation on Personal Data Transfer Outside the Kingdom — under appropriate safeguards (such as contractual safeguards with the recipient), following a transfer risk assessment, and limited to the minimum data necessary.
- Sensitive data & minors. We do not knowingly process sensitive personal data or the data of minors through the service.
- Representative & complaints. Our representative in the Kingdom is [KSA representative — to be appointed]. You may also lodge a complaint with SDAIA via the National Data Governance Platform.
11. Changes & contact
We will post material changes here and update the date above. Questions or requests: privacy@renderha.ai.