Renimate

Privacy Policy

Effective date: April 11, 2026

This Privacy Policy describes how Renimate ("we", "us", or "our") collects, uses, stores, shares, and protects your information when you use our AI video generation platform ("the Service").

We are committed to protecting your privacy, handling your data transparently, and complying with applicable data protection laws including the Information Technology Act, 2000 (India), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you sign up, our third-party authentication provider collects and shares with us:

  • Email address
  • Full name
  • Profile picture (if provided via social login)
  • Authentication identifiers (Internal user ID)
  • Account creation and last login timestamps

1.2 Billing Information

Payment processing is handled entirely by our third-party billing partner. We do not store your credit card numbers, bank account details, CVV codes, or other payment credentials on our servers. We receive from our billing partner:

  • Subscription status and plan tier
  • Customer ID (for linking your account to your subscription)
  • Transaction history (plan changes, credit purchases, renewal dates)
  • Billing email address (if different from account email)

1.3 Content You Upload

To use the Service, you may upload screenshots, screen recordings, logos, brand assets (fonts, color palettes), and data files (CSV, JSON). This content is processed solely to generate your requested video outputs. We treat all uploaded content as confidential.

1.4 Chat and Prompt Data

Your chat messages and prompts used to direct video generation are stored to enable iterative refinement within a project. These are associated with your account and specific video project. Chat history is retained for the duration of your account unless you explicitly request deletion.

1.5 Generated Outputs

Videos, motion graphics, and other outputs generated by the Service are stored in your account for access and re-export. You own these outputs as described in our Terms of Service. Generated outputs are stored in cloud storage with access controls limiting visibility to your account only.

1.6 Usage and Analytics Data

We use privacy-friendly, cookieless analytics services and Microsoft Clarity to understand how users interact with the Service.

  • Page views, navigation patterns, and click/scroll behavior
  • Device type, operating system, and browser
  • Geographic region (country level only)
  • Referral source
  • Session duration, feature engagement, and session replays

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

1.7 Technical Logs

Our hosting infrastructure may automatically log IP addresses, request timestamps, HTTP method and URL, user-agent strings, and error traces for security monitoring, incident response, and debugging purposes. These logs are retained for a limited period (typically 90 days) and are not used for user profiling or marketing purposes.

1.8 Information from Third Parties

We may receive information about you from third-party services you use to authenticate (e.g., Google or GitHub). We only collect profile information you authorize during the login flow.

2. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contractual necessity: Processing your account information, Content, and prompts to provide the Service as agreed in our Terms of Service
  • Legitimate interests: Processing usage analytics and technical logs to improve the Service, ensure security, and prevent fraud — balanced against your privacy rights
  • Legal obligation: Processing data as required to comply with applicable tax, accounting, and regulatory obligations
  • Consent: Where you opt in to receive marketing communications or participate in beta features. You may withdraw consent at any time

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process your prompts, generate videos, manage your projects, and deliver exported files
  • Manage your account: Authenticate you, track credit balances, manage subscription status, and process payments
  • Improve the Service: Analyze aggregate, anonymized usage patterns to identify bugs, optimize performance, and plan features
  • Communicate: Send transactional emails (account confirmations, billing receipts, credit balance alerts) and, where you opt in, product updates and newsletters
  • Ensure security: Detect, investigate, and prevent fraud, abuse, unauthorized access, and security incidents
  • Comply with law: Respond to legal requests, enforce our Terms, and satisfy regulatory requirements
  • Provide support: Respond to your inquiries, troubleshoot technical issues, and provide customer support

4. What We Do NOT Do

  • We do not sell, rent, or lease your personal information to third parties for any purpose
  • We do not use your uploaded Content or Generated Outputs to train, fine-tune, or improve AI models
  • We do not share your Content with other users or make it publicly accessible
  • We do not use tracking cookies, third-party advertising cookies, or cross-site tracking pixels
  • We do not serve targeted advertisements or share data with advertising networks
  • We do not create behavioral profiles for advertising purposes
  • We do not process personal data for automated decision-making with legal effects (see Section 12)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following limited circumstances:

  • Service providers: With trusted third-party services that process data on our behalf to provide the Service (listed in Section 6), under contractual obligations to protect your data.
  • Legal requirements: When required by law, regulation, subpoena, court order, or other legal process.
  • Protection of rights: When we believe disclosure is necessary to protect our rights, safety, or the safety of others.
  • Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.
  • With your consent: When you explicitly authorize us to share your data for a specific purpose.
  • Aggregated data: We may share aggregated, de-identified data that cannot reasonably be used to identify you for industry analysis or benchmarking.

6. Third-Party Service Providers

We use the following third-party services that may process your data under their own privacy policies and data processing agreements:

ServicePurposeData Shared
ClerkAuthentication and user managementEmail, name, profile picture
PolarSubscription billing and payment processingEmail, plan tier, payment info (direct to Polar)
VercelHosting, serverless functions, analyticsAnonymized page views, request logs
NeonDatabase hosting (PostgreSQL)All database records (encrypted at rest)
InngestBackground job processingEvent payloads for video generation tasks
Microsoft ClarityBehavioral analytics, heatmaps, and session replayUsage data, device info, session recordings
AI Model ProvidersVideo and motion generationPrompts and uploaded assets for processing

We require each service provider to maintain appropriate security measures and restrict their use of your data to the specific services they provide to us. We conduct reasonable due diligence on our service providers' data protection practices.

7. Data Storage and Security

7.1 Where Data Is Stored

  • Database: User records, project metadata, credit transactions, and chat history are stored in Neon Postgres (cloud PostgreSQL) with encryption at rest
  • File storage: Uploaded assets and generated videos are stored in cloud object storage with access controls and encryption at rest
  • Authentication: Account credentials, passwords, and session tokens are managed exclusively by our authentication provider and never stored directly on our systems
  • Backups:Database backups are encrypted and retained according to our infrastructure provider's policies

7.2 Security Measures

We implement industry-standard security practices including, but not limited to:

  • Encryption in transit (TLS/HTTPS on all connections)
  • Encryption at rest for stored data
  • Database access controls and connection pooling
  • Webhook signature verification to prevent tampering
  • Principle of least privilege for service accounts, API keys, and internal access
  • Rate limiting on API endpoints to prevent abuse
  • Regular security reviews of our infrastructure and code
  • Input validation and sanitization to prevent injection attacks

7.3 Data Breach Notification

In the event of a data breach that affects your personal data, we will: (a) investigate the breach promptly; (b) take reasonable steps to contain and mitigate the breach; (c) notify affected users within 72 hours of becoming aware of the breach, where required by applicable law; and (d) notify the relevant supervisory authorities as required by applicable data protection regulations. Our notification will describe the nature of the breach, the data affected, and the steps we are taking.

8. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law:

  • Active accounts: Your data is retained for as long as your account is active and the Service is being used
  • Deleted accounts: Upon account deletion, we remove personal data, uploaded Content, and Generated Outputs within 30 days, except where retention is required for legal, regulatory, or legitimate billing purposes
  • Credit transaction logs: Retained for accounting, tax compliance, and audit purposes for up to 7 years after the transaction date
  • Technical logs: Automatically purged after 90 days
  • Support correspondence: Retained for up to 2 years after resolution for quality assurance and dispute resolution
  • Legal holds: Data subject to ongoing litigation or legal proceedings may be retained beyond standard retention periods as required

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you, including the purposes of processing and categories of data
  • Right to rectification: Request correction of inaccurate or incomplete personal data
  • Right to erasure ("Right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements
  • Right to data portability: Request your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV)
  • Right to restrict processing: Request that we limit the processing of your data in certain circumstances
  • Right to object: Object to processing of your personal data based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint: File a complaint with your local data protection authority if you believe your rights have been violated

To exercise any of these rights, contact us at support@renimate.com. We will verify your identity before processing your request and respond within 30 days (or within the timeframe required by applicable law). We will not discriminate against you for exercising your privacy rights.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You may request details about the categories and specific pieces of personal information we have collected, the categories of sources, the purposes of collection, and the categories of third parties with whom we share information
  • Right to delete: You may request that we delete personal information we have collected from you, subject to certain exceptions
  • Right to opt out of sale: We do not sell personal information as defined by the CCPA/CPRA. No opt-out is necessary
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights
  • Right to correct: You may request correction of inaccurate personal information
  • Right to limit use of sensitive data: We do not process sensitive personal information beyond what is necessary to provide the Service

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email), commercial information (subscription and transaction history), and internet or electronic network activity information (usage analytics). To submit a CCPA/CPRA request, contact support@renimate.com. We will respond within 45 days.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect, use, or disclose personal information from children. If you believe a child has provided us with personal data, please contact us at support@renimate.com and we will promptly investigate and delete the data. If we discover that we have collected personal data from a child, we will take immediate steps to delete such information.

12. Automated Decision-Making and Profiling

The Service uses AI models to generate video content based on your inputs. This AI processing is a core function of the Service and is performed to fulfill our contract with you.

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you (such as creditworthiness assessments, employment decisions, or access to essential services).

Credit balance and subscription management are handled through transparent, deterministic billing rules described in our Terms of Service.

13. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States, where many of our infrastructure and AI model providers operate. When we transfer personal data outside the EEA, UK, or other jurisdictions with data transfer restrictions, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses (SCCs) approved by the European Commission
  • Data processing agreements with our service providers that include appropriate security and privacy commitments
  • Reliance on providers' certifications and compliance programs (e.g., SOC 2 compliance of our infrastructure providers)

14. Cookies and Tracking Technologies

The Service uses both essential and performance-enhancing tracking technologies:

  • Authentication: Essential session cookies set by our authentication provider to maintain your logged-in state.
  • Analytics: Microsoft Clarity uses first and third-party cookies to capture behavioral metrics and session data.
  • Security: CSRF protection tokens and session management.

Performance-enhancing analytics we use are cookieless and do not track personal identifiers.

You can control cookie settings through your browser. However, disabling essential cookies may prevent you from using the Service.

15. Do Not Track Signals

We honor Do Not Track ("DNT") signals sent by your browser. However, because we do not engage in cross-site tracking or serve targeted ads, the presence or absence of a DNT signal does not change our data collection practices.

16. Links to Other Websites

The Service may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by: (a) posting the revised policy on the Service with an updated effective date; and (b) sending an email notification to the address associated with your account for significant changes. Your continued use of the Service after changes become effective constitutes acceptance. We recommend reviewing this policy periodically.

18. Contact Us

For privacy-related inquiries, data access requests, complaints, or to exercise any of your rights described in this Privacy Policy, please contact:

We aim to respond to all privacy requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.