Privacy Policy

1. Data controller

Getrendio is a pre-incorporation project. Until a legal entity is formed, the data controller is the project itself, identified as follows:

• •Controller: Getrendio (pre-incorporation project) — operator of getrendio.com.
• •Upon incorporation, the full controller identification (legal name, registered office, registry code, tax identifier) will be published on this page and in the Legal Notice.
• •Contact: hello@getrendio.com
• •There is no dedicated Data Protection Officer (DPO); Getrendio's processing does not meet the Art. 37 GDPR criteria that require the appointment of one. The contact above handles all privacy enquiries directly and is the only contact channel.

2. Personal data we collect

Rendio collects the minimum data needed to run a private beta. There are no user accounts, no payments, and no payment-card data.

3. Legal basis for processing

Rendio relies on the following lawful bases under Article 6 GDPR:

• •Art. 6(1)(b) — performance of the request you made: storing your waitlist email so we can notify you when the service launches.
• •Art. 6(1)(f) — legitimate interest: aggregate, anonymous usage analytics (Plausible) and short-lived server logs, in order to keep the site available, secure, and useful. Your interests and rights have been balanced against these and the processing is limited accordingly.
• •Art. 6(1)(c) — compliance with a legal obligation: where we must retain or disclose data to comply with a binding legal order.

4. How we use your data

Your personal data is used only for:

• •Sending you a one-time launch notification when paid Rendio becomes available, if you joined the waitlist.
• •Understanding aggregate usage of the site to improve content and performance (Plausible — anonymous, cookieless).
• •Preventing abuse, fraud, and security incidents using short-lived infrastructure logs.
• •Responding to your enquiries and exercising your data-subject rights.
• •Complying with binding legal obligations where they apply.
• •Nothing else. We do not profile you. We do not build advertising audiences. We do not enrich your email against external data sets.

We never sell, rent, share, or otherwise disclose your personal data to third parties for their own marketing, advertising, or commercial purposes.

5. Third-party processors

The infrastructure listed below processes personal data strictly on Rendio's instructions and only to deliver the service. Each is bound by a Data Processing Agreement consistent with Art. 28 GDPR.

6. Data retention

Personal data is kept only as long as needed for the purpose for which it was collected:

• •Waitlist email — kept until 30 days after the launch notification is sent, or until you ask us to delete it, whichever is earlier.
• •Aggregate analytics (Plausible) — anonymous and not tied to you; retained on Plausible's rolling default.
• •Server logs (Vercel, Hetzner) — short-lived; typically up to 30 days for abuse and security investigation.
• •Local-storage items in your browser — under your control; clearing site data removes them.

7. Your rights under GDPR

Under Articles 15–22 GDPR you have the following rights, exercisable free of charge:

• •Art. 15 — right to know what data we hold about you.
• •Art. 16 — right to correct inaccurate data.
• •Art. 17 — right to ask us to delete your data where no overriding legal basis exists.
• •Art. 18 — right to ask us to restrict processing.
• •Art. 20 — right to receive your data in a structured, machine-readable format.
• •Art. 21 — right to object to processing based on legitimate interest.

To exercise any of these, email hello@getrendio.com with the subject "GDPR Request". We will respond within one month; for complex requests we may extend by up to two further months and will tell you why.

8. Right to lodge a complaint

If you believe we have not handled your personal data lawfully, you may lodge a complaint with a supervisory authority — in particular:

• •Agencia Española de Protección de Datos (AEPD) — aepd.es · C/ Jorge Juan, 6, 28001 Madrid, Spain.
• •The supervisory authority in your EU country of habitual residence or place of the alleged infringement.

9. Cookies and local storage

Rendio sets no cookies of its own and runs no third-party tracking scripts. It does use browser local storage for a small number of functional items. See the full Cookie Policy for the list.

10. International data transfers

Some processors are based outside the EEA. Where they are, transfers of personal data are covered by appropriate safeguards under Chapter V GDPR:

• •Vercel (USA) and Resend (USA) — EU Standard Contractual Clauses, with EU edge regions used where supported.
• •All other processors (Plausible, Hetzner) operate within the EU.

11. Security

Rendio applies appropriate technical and organisational measures proportionate to the limited data it processes: HTTPS/TLS for all traffic, role-restricted access to the database, dependency and infrastructure updates, and security-vetted third-party providers. In the event of a personal-data breach likely to result in a high risk to your rights, we will notify you and the AEPD as required by Articles 33–34 GDPR.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes affecting how we process your data, we will tell you by email (if you joined the waitlist) or by an on-site notice before the change takes effect.

13. Contact

For any privacy question, data request, or to exercise your rights:

• •Email: hello@getrendio.com (subject: "Privacy" or "GDPR Request")
• •Website: https://getrendio.com
• •Response time: within one month, per Art. 12(3) GDPR.