Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

For any data protection inquiries, you may contact us at the email address above.

2. Information We Collect

2.1 Information You Provide

• Account data: When you create an account, we collect your name, email address, and the domain you wish to analyze.
• Workspace data: Configuration settings, analysis preferences, competitor selections, and prompt configurations you set within the Service.
• Payment data: When you subscribe, payment information (credit card number, billing address) is collected and processed directly by our payment processor, Stripe. Renown does not receive or store your full credit card number.
• Communications: If you contact us for support or other inquiries, we collect the content of those communications.

2.2 Information Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type, screen resolution, and referring URL.
• Usage data: Pages visited, features used, time spent on pages, click patterns, and other interactions with the Service.
• Analytics data: Aggregated, anonymized usage data collected through our cookieless analytics tool (see Section 5 below).

2.3 Information We Do Not Collect

We do not knowingly collect special categories of personal data (also known as sensitive data) as defined under GDPR Article 9, such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

3. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

Where we rely on legitimate interest, we have assessed that our interests are not overridden by your fundamental rights and freedoms. You may request details of these assessments by contacting us.

4. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including running AI visibility analyses, generating reports, and computing metrics;
• Process payments and manage your Subscription;
• Send you transactional communications related to your account and Subscription;
• Respond to your support requests and inquiries;
• Analyze how the Service is used to identify issues, improve features, and develop new functionality;
• Prevent fraud, detect security incidents, and protect against malicious activity;
• Comply with applicable legal obligations, including tax and accounting requirements under Finnish law;
• Send marketing communications, where you have given your consent (you may opt out at any time).

We do not sell your personal data to third parties. We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Cookies and Tracking Technologies

Cookies are small text files stored on your device when you visit a website. We minimize our use of cookies and tracking technologies.

5.1 Strictly Necessary Cookies

These cookies are essential for the Service to function and cannot be disabled.

5.2 Analytics

We use Umami, a privacy-focused, cookieless analytics tool that we self-host on our own EU-based infrastructure. Umami does not use cookies, does not collect personal data, and does not track visitors across websites. All data is aggregated and anonymized. No consent is required for this type of analytics under GDPR, as no personal data is processed.

5.3 Your Cookie Choices

You can configure your browser to block or delete cookies, although this may affect the functionality of the Service. Since our analytics are cookieless, blocking cookies will not affect analytics collection — however, you may opt out of analytics by using a browser extension that blocks JavaScript, or by contacting us at hello@tryrenown.com.

We do not use any advertising cookies, tracking pixels, or social media plugins.

6. Data Sharing and Sub-Processors

We share your personal data only with third-party service providers ("sub-processors") who assist us in operating the Service. Each sub-processor is contractually bound to process personal data only on our instructions and to implement appropriate security measures.

We may also disclose your personal data if required by law, regulation, or legal process, or if necessary to protect the rights, safety, or property of Renown, our users, or the public.

We do not share your personal data with advertisers or sell it to any third party.

6.1 Stripe as Independent Controller

Stripe processes your payment data both as our data processor (to process payments on our behalf) and as an independent data controller (for fraud prevention, legal compliance, and its own business purposes). Renown does not have access to your full credit card number. Stripe is PCI DSS Level 1 certified. For details on how Stripe processes your data, please see Stripe's Privacy Policy.

7. International Data Transfers

Some of our sub-processors are located outside the European Economic Area (EEA), particularly in the United States. When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place:

• EU-US Data Privacy Framework (DPF): Where applicable, we rely on our sub-processors' certification under the EU-US Data Privacy Framework, as recognized by the European Commission's adequacy decision of 10 July 2023. Stripe, Google, and Netlify are certified under the DPF.
• Standard Contractual Clauses (SCCs): Where a sub-processor is not certified under the DPF, we use the Standard Contractual Clauses approved by the European Commission (Decision 2021/914) as the transfer mechanism.
• EU-located processing: Our primary hosting infrastructure (Hetzner) is located in Germany within the EU, and Stripe's European entity (Stripe Payments Europe, Ltd.) is located in Ireland.

You may request a copy of the relevant transfer safeguards by contacting us.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

When data is no longer required, it is securely deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL;
• Encryption of data at rest;
• Access controls limiting data access to authorized personnel;
• Regular security reviews of our infrastructure and code;
• Use of secure, reputable cloud infrastructure providers.

While no system can guarantee absolute security, we are committed to protecting your data and will promptly notify affected users and the relevant supervisory authority in the event of a personal data breach, in accordance with GDPR Articles 33 and 34.

10. Your Rights Under the GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Right of access (Art. 15) — You have the right to obtain confirmation as to whether we process your personal data and to request a copy of it.
• Right to rectification (Art. 16) — You have the right to request correction of inaccurate personal data or completion of incomplete data.
• Right to erasure (Art. 17) — You have the right to request deletion of your personal data, subject to certain exceptions (e.g., legal retention obligations).
• Right to restriction of processing (Art. 18) — You have the right to request that we restrict the processing of your personal data under certain circumstances.
• Right to data portability (Art. 20) — You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to object (Art. 21) — You have the right to object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds.
• Right to withdraw consent (Art. 7(3)) — Where we process data based on your consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

You may exercise any of these rights by contacting us at hello@tryrenown.com. We will respond to your request within one month. If your request is complex or we receive a high volume of requests, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it. There is no fee for exercising your rights, except in cases of manifestly unfounded or excessive requests.

You may also export your analysis data directly from your account dashboard at any time.

11. Additional Rights for California Residents

If you are a resident of California, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, IP address, account ID.
• Commercial information: Subscription plan, billing history, transaction records.
• Internet or electronic network activity: Browser type, pages visited, interactions with the Service.
• Geolocation data: Approximate location derived from IP address.

11.2 We Do Not Sell or Share Personal Information

Renown does not sell your personal information as defined by the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising. Our website analytics (Umami) are self-hosted, cookieless, and do not collect personal information or share data with any third party.

11.3 Your CCPA/CPRA Rights

As a California resident, you have the right to:

• Know what personal information we collect, use, and disclose;
• Delete your personal information, subject to certain exceptions;
• Correct inaccurate personal information;
• Opt out of the sale or sharing of personal information (not applicable as we do not sell or share);
• Non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at hello@tryrenown.com. We will verify your identity before processing your request and respond within 45 days.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data promptly. If you believe that a child has provided us with personal data, please contact us at hello@tryrenown.com.

13. Automated Decision-Making

We do not use your personal data for automated individual decision-making or profiling that produces legal effects or similarly significantly affects you, as described in GDPR Article 22. The AI visibility scores and recommendations generated by the Service are analytical outputs about brands and companies, not decisions about individuals.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. The "Effective date" at the top of this page indicates when this policy was last updated.

15. Contact Us

If you have questions about this Privacy Policy or how we handle your personal data, please contact us:

We aim to respond to all data protection inquiries within one month.

16. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR or other applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.