Privacy Policy

RendShot (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our HTML-to-image rendering API and related services.

1. Information We Collect

We collect the following types of information:

• Account information: Email address and hashed password when you create an account.
• API usage data: Request timestamps, response status codes, rendering parameters, and monthly usage counts associated with your API keys.
• Generated images: HTML templates you submit and the resulting rendered images are temporarily stored to fulfill your requests.
• Technical data: IP addresses, user agent strings, and request metadata collected automatically for security and rate-limiting purposes.

2. How We Use Information

We use your information to:

• Provide, maintain, and improve the Service
• Authenticate requests and enforce rate limits and usage quotas
• Process payments and manage your subscription
• Send transactional emails such as account verification, password resets, and usage alerts
• Monitor for abuse, fraud, and security threats
• Generate aggregated, anonymized analytics to improve service reliability and performance

3. Third-Party Services

We use the following third-party service providers to operate the Service. Each provider processes data only as necessary to provide their specific function:

• Neon — PostgreSQL database hosting for account data, API keys, and usage records
• Stripe — Payment processing for subscription billing (we do not store your full card details)
• Sentry — Error tracking and application performance monitoring
• Cloudflare R2 — Object storage for generated images with CDN delivery
• Resend — Transactional email delivery for account notifications
• Upstash — Redis-based rate limiting and caching

4. Data Retention

We retain your data according to the following schedule:

• Account data: Retained for as long as your account is active, and deleted within 30 days of account closure.
• Generated images: Automatically deleted after 7 days on the Free plan and after 30 days on the Pro plan. Enterprise retention periods are set by contract.
• Usage logs: Aggregated monthly usage data is retained for billing purposes. Detailed request logs are purged after 90 days.

5. Data Security

We implement industry-standard security measures to protect your data. API keys are stored as SHA-256 hashes and are never logged or displayed in full after creation. All data is transmitted over TLS. Passwords are hashed using bcrypt. We enforce SSRF protections to prevent the rendering engine from accessing internal network resources. While no system is completely secure, we are committed to protecting your information and promptly addressing any security incidents.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Deletion: Request deletion of your account and all associated personal data.
• Portability: Request an export of your data in a machine-readable format.
• Correction: Request correction of inaccurate personal data.
• Objection: Object to certain processing of your personal data.

To exercise any of these rights, contact us at support@rendshot.ai. We will respond to your request within 30 days.

7. Cookies

The Service uses essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. By using the Service, you consent to the use of essential cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.