Renderra
Effective May 2, 2026

Privacy Policy

How we collect, use, and protect your information when you use the Renderra marketing site and the Renderra Builder.

Summary

We collect what we need to run the service: your account email (via Clerk), the prompts and projects you create, and files you upload. To generate video, your prompts and conversation history are sent to our AI provider (Anthropic). Generated previews and project archives are stored at publicly accessibleURLs, so don’t put secrets into your projects. You can ask us to export or delete your data at any time.

1. Who we are

Renderra (“Renderra,” “we,” “us”) is operated by [TBD: legal entity name], registered at [TBD: registered address]. This Privacy Policy explains how we handle personal information for visitors to renderra.app and users of the Renderra Builder at app.renderra.art.

For privacy questions or to exercise your rights, contact us at [TBD: privacy@renderra.app].

2. Information we collect

2.1 Account information

When you sign in to the Builder we use Clerk to handle authentication. We mirror your Clerk user ID and primary email address into our database so we can associate your projects with your account. We re-sync your email if you change it in Clerk.

2.2 Content you create

We store the projects, conversations, and chat messages you create in the Builder. This includes project titles, the full text of your prompts and our AI agent’s responses (stored as JSON), and per-message cost / usage telemetry.

2.3 Files you upload

When you upload media (video, audio, images) the files are stored in Vercel Blob under a path that includes your user ID. We accept up to 100 MB per upload and only the following types: MP4, WebM, MPEG audio, WAV, JPEG, PNG, WebP. We store basic metadata about each upload (filename, MIME type, size, dimensions, duration) in our database.

2.4 Generated outputs

When you publish a preview or save a project, the resulting HTML preview and project archive (a .tar.gz of your workspace) are uploaded to Vercel Blob. These outputs are stored at publicly accessible URLs. Anyone who has the URL can view the preview or download the archive without logging in. Don’t put credentials, private keys, or other confidential information into a project unless you intend for the published output to be public.

2.5 Usage and operational data

To run and protect the service we record per-conversation cost totals, per-message cost, sandbox lifecycle events, and rate-limit counters (in Upstash Redis). These let us enforce fair-use limits and bill / cost-cap conversations.

2.6 Cookies and similar technologies

The marketing site does not set analytics or marketing cookies. The Builder uses cookies that Clerk needs to keep you signed in. We may add product analytics in the future and will update this policy when we do.

3. How we use information

We use the information above to:

  • Provide the marketing site and the Renderra Builder.
  • Send your prompts and conversation history to our AI provider so it can generate video compositions for you (see Section 4 — Sub-processors).
  • Enforce rate limits and per-conversation cost caps (currently 5 turns / minute, 50 turns / hour, $5 of model spend per conversation, and 3 concurrent sandboxes per user). These limits may change.
  • Detect, prevent, and respond to abuse, fraud, or violations of the Terms of Service.
  • Debug and improve the product.
  • Comply with legal obligations.

4. Sub-processors

We rely on the following third parties to operate Renderra. Each of them is bound by their own privacy and security commitments and only receives the data needed for the service they provide.

  • Clerk— authentication. Handles sign-in / sign-up and stores your email and identity provider details.
  • Neon— managed Postgres. Hosts our primary database (users, projects, conversations, messages, attachment metadata).
  • Vercel— hosts the application and provides Vercel Functions, Vercel Sandbox (the per-conversation isolated execution environment), Vercel Blob (file storage for uploads, previews, and archives), and (via the Vercel KV marketplace) Upstash Redis for rate-limit and cost counters.
  • Anthropic— AI model provider. Your prompts, attachment metadata, conversation history, and tool inputs/outputs are sent to Anthropic so its Claude models can generate responses. Our default model is claude-sonnet-4-6; you can opt in to claude-opus-4-7per turn. Per Anthropic’s API terms, customer inputs and outputs are not used to train their models by default.
  • Vercel AI Gateway(when configured) — routes our requests to Anthropic and gives us token-usage observability. When the gateway is in use, requests pass through Vercel before reaching Anthropic.

5. Public preview and archive URLs

When you publish a preview or save a project from the Builder, we upload the resulting file to Vercel Blob with public read access. The URL is stable and can be shared. We do not gate access to it behind a sign-in. If you want to take a published preview down, ask us at [TBD: privacy@renderra.app]and we’ll remove it.

6. Retention

We keep account data, projects, and conversations while your account is active. If you delete your account, we delete the associated personal data and content within a reasonable period, except where we’re required to retain it for legal or accounting reasons. Rate-limit counters in Upstash auto-expire within 1–24 hours. Vercel Sandboxes for inactive conversations are reclaimed after roughly 1 hour of idle time.

7. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. To exercise any of these rights, email [TBD: privacy@renderra.app]. We’ll respond within the timeframe required by applicable law.

8. EEA & UK users

If you are in the European Economic Area or the United Kingdom, you have additional rights under the GDPR / UK GDPR — including access, correction, deletion, portability, and the right to object. Email [TBD: privacy@renderra.app] to exercise them.

We process data in regions where Vercel, Neon, and Anthropic operate, which is typically the United States. Where required by law, we rely on the European Commission’s Standard Contractual Clauses (and the UK addendum) to legitimize cross-border transfers.

9. Children

Renderra is not directed to children under 13 (or under 16 in the EEA / UK) and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, email [TBD: privacy@renderra.app]and we’ll delete it.

10. Security

We use TLS for data in transit, run each conversation in an isolated Vercel Sandbox microVM, and broker AI provider credentials at the network layer so API keys are not exposed inside customer sandboxes. Calls between our application and the in-sandbox agent server are authenticated with a per-sandbox bearer token. No system is perfectly secure; please report any vulnerabilities to [TBD: security@renderra.app].

11. Changes to this policy

We’ll update the “Effective” date at the top of this page when we make changes. Material changes will be communicated through the Builder or by email when appropriate.

12. Contact

Privacy questions and requests: [TBD: privacy@renderra.app]. Mailing address: [TBD: registered address].