Privacy Policy

Last updated: March 2026

1. Who We Are

Rendershot ("we", "us", "our") operates the screenshot and PDF rendering API available at rendershot.io. We are the data controller for the personal data described in this policy. For any privacy questions, contact us at support@rendershot.io.

2. Data We Collect

We collect the minimum data necessary to provide the Service:

  • Account data: email address, hashed password (if you register with email), Google account ID (if you sign in with Google)
  • Usage data: render job type (screenshot/PDF), timestamp, credits consumed. We do not store the URLs or HTML content you submit for rendering beyond the duration of the job itself (max 24 hours).
  • Billing data: plan name, subscription status, credit balance. Payment details (card numbers) are processed and stored by Lemon Squeezy — we never see or store raw payment information.
  • Technical data: IP address (from API requests, used for rate limiting only, not stored long-term), error logs via Sentry.

3. How We Use Your Data

  • To provide and operate the Service (render jobs, API key management)
  • To manage your account and billing
  • To send transactional emails (email verification, billing receipts)
  • To monitor service health and debug errors (Sentry)
  • To respond to support requests

We do not sell your data, use it for advertising, or share it with third parties except as described in this policy.

4. Data Storage & Retention

Your data is stored on servers operated by Hetzner Online GmbH, located in Nuremberg, Germany (EU). Rendered output files are automatically deleted 24 hours after job completion.

We retain account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (e.g. billing records for up to 7 years).

5. Third-Party Processors

We share data with the following sub-processors to operate the Service:

Hetzner Online GmbHCloud hosting and object storage (EU)
ResendTransactional email delivery
Lemon SqueezyPayment processing and subscription management
SentryError monitoring and crash reporting

6. Cookies

We use one session cookie set by NextAuth.js to keep you logged in. This cookie is:

  • Strictly necessary for authentication — it is not used for tracking
  • Deleted when you sign out or your session expires
  • HTTPOnly and Secure (never accessible via JavaScript)

We do not use analytics cookies, advertising cookies, or any third-party tracking scripts.

7. Your Rights (GDPR)

If you are in the European Economic Area or UK, you have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you
  • Rectification: ask us to correct inaccurate data
  • Erasure: ask us to delete your account and personal data
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing of your data

To exercise any of these rights, email support@rendershot.io. We will respond within 30 days.

8. Security

We protect your data using industry-standard measures: encrypted connections (TLS), hashed passwords (bcrypt), private database networks, and least-privilege access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email or via a banner in the dashboard when we make material changes. The date at the top of this page reflects the most recent update.

10. Contact

For privacy questions or data requests, contact us at support@rendershot.io.