Privacy Policy

In accordance with the General Data Protection Regulation (GDPR — EU 2016/679)

Data Controller

Hichem Bedjaoui — RenderPDFs
France
Email : [email protected]

Data We Collect

Account data: email address, hashed password (bcrypt), or Google OAuth identifier. Collected at signup to create and manage your account.

Usage data: number of PDFs generated per month, request type (HTML, URL, Markdown, merge), timestamps. Collected to enforce plan limits and display dashboard stats.

Billing data: subscribed plan, Stripe customer ID. Card details are handled exclusively by Stripe and never pass through our servers.

API keys: hash of your API keys, assigned name, creation date. Needed to authenticate your requests.

Technical logs: IP addresses, user-agent, errors. Retained for a maximum of 30 days.

Legal Bases

Contract performance (Art. 6.1.b GDPR) — providing the API service
Legal obligation (Art. 6.1.c GDPR) — retention of billing data
Legitimate interest (Art. 6.1.f GDPR) — security, fraud prevention

Retention Periods

Account data: account lifetime + 3 years
Billing data: 10 years (accounting obligation)
Technical logs: 30 days
Usage data: 13 rolling months

Sub-processors

Railway Corp. (USA) — infrastructure hosting

Stripe, Inc. (USA) — payment processing

Resend, Inc. (USA) — transactional email delivery

Google LLC (USA) — OAuth authentication

These transfers outside the EU are governed by the European Commission's Standard Contractual Clauses (SCCs).

Your Rights

Access — obtain a copy of your data
Rectification — correct inaccurate data
Erasure — delete your account and data
Portability — receive your data in a structured format
Objection — object to certain processing

To exercise these rights: [email protected]. Response within 30 days. To file a complaint: CNIL.

Cookies

RenderPDFs does not use tracking or advertising cookies. A session cookie is used solely to maintain your login. No third-party cookies are set.

Last updated: April 2026