Privacy Policy

Introduction

Renameit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered file renaming service at renameit.io (the "Service").

Our Core Privacy Promise: We do not store your images. All images you upload are processed in memory and deleted immediately after renaming. We never save, archive, or use your images for any purpose beyond providing you the renaming service.

Information We Collect

1. Images You Upload

When you use our Service, you upload images to be renamed. These images are:

• Processed in memory only (not written to disk or databases)
• Sent to OpenAI's Vision API for analysis to generate filename suggestions
• Permanently deleted immediately after processing is complete
• Never used for training our models or any other purpose
• Not accessible to our team or any third parties (except OpenAI as our processor)

2. Account Information

When you create an account, we collect:

• Authentication Data: Email address, name, and profile picture (managed by Clerk, our authentication provider)
• Account Details: Your chosen tier (Anonymous, Free, or Pro), subscription status, and usage statistics
• Usage Data: Daily rename count, last rename date, and timestamp information

3. Payment Information

Payment processing is handled by Polar.sh, our Merchant of Record. We do not directly collect or store:

• Credit card numbers
• Banking details
• CVV codes or sensitive authentication data

We only store a customer ID reference from Polar.sh to manage your subscription status. All payment card data is stored securely by Polar.sh in compliance with PCI DSS standards.

4. Technical Information

We automatically collect certain information when you use the Service:

• Anonymous Session Data: For users without accounts, we use browser fingerprinting to enforce daily usage limits
• Device Information: Browser type, operating system, device type
• Usage Analytics: Pages visited, features used, session duration
• IP Address: For security, fraud prevention, and usage tracking

How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To process your images and provide AI-generated filename suggestions
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Usage Limits: To enforce tier-based daily limits and prevent abuse
• Billing & Payments: To process subscriptions, handle upgrades/downgrades, and manage billing
• Service Improvement: To analyze usage patterns, improve our AI models' accuracy, and enhance user experience
• Security: To detect fraud, prevent abuse, and ensure platform security
• Legal Compliance: To comply with applicable laws and regulations

Third-Party Services

We use the following third-party services to operate Renameit:

OpenAI (AI Processing)

We use OpenAI's Vision API to analyze your images and generate filename suggestions. According to OpenAI's data processing agreement:

• OpenAI acts as a data processor on our behalf
• Your images are processed according to our instructions only
• OpenAI retains API data for a maximum of 30 days for abuse monitoring, then deletes it
• Your images are NOT used to train OpenAI's models
• OpenAI does not sell or share your data

Learn more: OpenAI Business Terms

Authentication Services

We use a third-party authentication service to manage user accounts and logins. This service stores your email, name, profile picture, and authentication credentials securely. Our authentication provider is SOC 2 Type II compliant and GDPR-ready.

Polar.sh (Payments)

We use Polar.sh as our Merchant of Record for subscription billing. Polar.sh handles all payment processing, PCI compliance, and global tax compliance. We receive only anonymized subscription status updates.

Learn more: Polar.sh Privacy Policy

Infrastructure & Hosting

Our Service uses industry-standard cloud infrastructure providers that are SOC 2 compliant and provide encryption at rest and in transit. These providers may collect standard server logs (IP addresses, request metadata) for platform operation and security purposes.

Data Retention

• Images: Deleted immediately after processing (within seconds)
• Account Data: Retained as long as your account is active
• Usage Statistics: Retained for operational purposes; daily counts reset every 24 hours
• Subscription Data: Retained for billing, tax compliance, and legal requirements (typically 7 years)
• Logs: Server logs retained for 90 days for security and debugging purposes

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it (e.g., for tax or legal purposes).

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Export: Request a portable copy of your data

EU/UK Users (GDPR)

• Object: Object to processing based on legitimate interests
• Restrict: Request restriction of processing in certain circumstances
• Data Portability: Receive your data in a structured, machine-readable format
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Lodge a Complaint: File a complaint with your local data protection authority

California Users (CCPA/CPRA)

• Know: Know what personal information we collect, use, and share
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of the "sale" or "sharing" of your personal information (Note: We do not sell or share personal information)
• Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us at support@renameit.io. We will respond to your request within 30 days.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We use the following safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Service providers that are certified under relevant frameworks (e.g., Privacy Shield successors)
• Encryption in transit and at rest

Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication
• Regular security audits and monitoring
• Secure development practices
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@renameit.io.

Cookies and Tracking

We use minimal cookies and tracking technologies:

• Essential Cookies: Required for authentication and session management (Clerk)
• Anonymous Session Tracking: Browser fingerprinting for usage limits (for non-logged-in users)
• Analytics: We may use privacy-friendly analytics (e.g., Vercel Analytics) that do not use cookies

We do not use advertising cookies or third-party tracking for marketing purposes.

Do Not Track

We honor Do Not Track (DNT) signals and Global Privacy Control (GPC) signals. If your browser sends a DNT or GPC signal, we will not track your activity beyond what is essential for service operation.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Sending an email notification to registered users (for significant changes)

Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at support@renameit.io with "DPO" in the subject line.