Legal

Privacy Policy

Last updated: March 28, 2026

Who we are

RenBase ("we", "us", "our") operates the renbase.com website and the RenBase API platform. This policy explains what personal data we collect, why we collect it, and your rights regarding that data.

Data we collect

Account information

When you sign up we collect your name, email address, and organization name. If you subscribe to a paid plan, our payment processor (Stripe) handles billing details directly. We never store credit card numbers on our servers.

Usage data

We log API requests (endpoint, timestamp, response status) to monitor service health and enforce rate limits. Logs are retained for 90 days, then permanently deleted.

Your content

Files you upload to a knowledge base are stored encrypted at rest (AES-256) in your designated region. We process your content solely to provide the service: chunking, embedding, and indexing for search. We do not use your content to train models, and we do not share it with third parties.

Website analytics

We use Plausible Analytics, a privacy-focused tool that collects no personal data and sets no cookies. Traffic metrics are aggregated and anonymous.

How we use your data

  • Providing and maintaining the RenBase platform
  • Authenticating your API requests
  • Sending transactional emails (password resets, billing receipts, security alerts)
  • Investigating abuse or security incidents

We will never sell your personal data. We do not send marketing emails unless you opt in.

Data retention

Account data is kept while your account is active. When you delete your account, we remove all personal data and uploaded content within 30 days. API logs are purged on a 90-day rolling basis.

Sub-processors

We rely on a small number of infrastructure providers to operate the platform:

  • Cloud hosting and storage (AWS, region-scoped)
  • Payment processing (Stripe)
  • Transactional email (Postmark)

Each sub-processor is bound by a Data Processing Agreement. A full list is available on request.

Your rights under GDPR

If you are in the European Economic Area, you have the right to access, correct, or delete your personal data, restrict or object to processing, and request data portability. You can exercise any of these rights by contacting legal@renbase.com. We will respond within 30 days.

Security

All data in transit is encrypted via TLS 1.3. Data at rest uses AES-256 encryption. We follow the principle of least privilege for internal access, and we conduct regular penetration tests. If you discover a vulnerability, please report it to security@renbase.com.

Cookies

The RenBase website does not set tracking cookies. The application uses a single session cookie strictly necessary for authentication. No consent banner is required.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email at least 14 days before they take effect. The "last updated" date at the top reflects the most recent revision.

Contact

Questions about this policy? Reach us at legal@renbase.com.