Privacy Policy

Renidly operates as a controller for personal data about our customers (account holders) and as a processor on behalf of our customers for personal data they submit to or retrieve from our APIs. For details of our processor role, see the Data Processing Agreement.

We collect three categories of personal data:

• Account data. Your name, email address, password (hashed), organization name, billing details, support correspondence, and the contents of your profile.
• Usage data. Authentication events, IP address, user-agent, API request metadata, endpoints called, latency, status codes, error messages, dashboard interactions, and aggregated analytics.
• Identity data (processor role). Business identifiers you submit to our APIs (email addresses, domains, company names, profile URLs) and the structured business information our endpoints return about them — for example, business contact details, role, seniority, employer, or location, drawn from public sources.

• Provide, operate, and improve the Service, including the API, dashboard, playground, and analytics.
• Authenticate users, prevent fraud and abuse, secure the platform, and investigate incidents.
• Bill, collect payments, send transactional emails, and respond to support requests.
• Comply with legal obligations, enforce our Terms, and protect our and our customers' rights.
• Send service announcements (e.g., security alerts, downtime notices, planned maintenance).
• With your consent or where permitted, send product updates and marketing communications you can opt out of at any time.

We do not sell personal data and do not share personal data with third parties for their own advertising purposes.

• Performance of a contract. Where processing is necessary to provide the Service you have signed up for.
• Legitimate interests. For the aggregation of publicly available business contact data, fraud prevention, analytics, and product improvement — subject to a balancing test against data subject rights.
• Legal obligation. Where required to comply with applicable laws and respond to lawful requests.
• Consent. Where you have opted in, such as for non-essential cookies or marketing communications. You may withdraw consent at any time.

We share personal data only with:

• Sub-processors who help us run the Service (hosting, payments, error monitoring, customer support tooling). The current list is maintained on our Trust Center. All sub-processors are bound by contractual data protection obligations comparable to ours.
• Professional advisors (lawyers, auditors, accountants) under confidentiality obligations.
• Authorities and law enforcement where legally required, and only to the extent necessary.
• Parties to a corporate transaction (merger, acquisition, restructuring), with continued protection of your data.

Renidly is based in the United States. Personal data is processed in the United States and the European Union. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to a country not covered by an adequacy decision, we rely on the Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms, combined with supplementary technical and organizational measures described in the Security Policy.

We retain personal data only as long as needed:

• Account data: for the life of the account, plus a reasonable period after closure to comply with legal obligations and resolve disputes.
• Usage and log data: typically up to 90 days for operational logs, longer for aggregated analytics.
• Identity data processed on behalf of a customer: as defined in the Data Processing Agreement and the customer's configured retention.

When data is no longer needed, it is securely deleted or anonymized.

Subject to applicable law, you have the right to:

• Access the personal data we hold about you and receive a copy.
• Rectify inaccurate or incomplete data.
• Request deletion ("right to be forgotten") where applicable.
• Restrict or object to certain processing, including processing based on legitimate interests.
• Data portability in a structured, commonly-used format.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your supervisory authority. In the EU, you may contact your national Data Protection Authority. In the UK, the Information Commissioner's Office (ico.org.uk).

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of any “sale” or “sharing” (we do neither), and to limit the use of sensitive personal information.

To exercise any right, email [email protected] from the address associated with your account or with sufficient information to verify your identity. We respond within the timeframes required by applicable law (one month under the GDPR, 45 days under the CCPA, extendable where permitted).

If the data is processed by us on behalf of a Renidly customer (i.e., they submitted it through our APIs), we will refer your request to that customer, who is the controller of that processing.

We apply technical and organizational measures including encryption in transit (TLS 1.2+) and at rest (AES-256), strict access controls, MFA on all administrative systems, vulnerability scanning, and continuous monitoring. Full details are in our Security Policy.

The Service is intended for business use by adults. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-product at least 30 days in advance. The “Last updated” date at the top reflects the current version.

Droven Data Strategy LLC, 30 N Gould St., Ste R, Sheridan, WY 82801, United States.
Privacy & data protection: [email protected]
Security: [email protected]