RenderOps
PT

Privacy Policy

Last updated: February 27, 2026

RenderOps (“we”, “our”) is committed to protecting your personal data. This Privacy Policy describes how we collect, use, and protect your information, in compliance with the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018).

1. Data Collected

1.1 Via GitHub OAuth authentication

  • Display name
  • Email address
  • Profile picture (avatar)
  • GitHub ID

1.2 Via service usage

  • IP address
  • Browser user-agent
  • Pages accessed and actions performed (audit log)
  • Workspace, dashboard, and connection configurations

1.3 Via configured connections

  • Connection metadata: host, port, database type
  • Access credentials (stored encrypted)

2. Data NOT Collected

RenderOps does not store the contents of connected databases. Queried data transits through the service in real time and is not persisted. No copy of your data is kept on our servers.

3. Purpose of Processing

We use your data for:

  • Authentication: Identify and authenticate your access to the service.
  • Operation: Execute queries, render dashboards, and process automations.
  • Auditing: Maintain action logs for security and compliance.
  • Improvement: Analyze usage patterns to improve the product (aggregated and anonymized data).
  • Contract performance (Art. 7, V): Processing necessary to provide the contracted service.
  • Consent (Art. 7, I): For optional features such as artificial intelligence.
  • Legitimate interest (Art. 7, IX): For security, fraud prevention, and service improvement.

5. Data Sharing

We do not sell or share your personal data with third parties, except:

  • GitHub (OAuth): Name and email for authentication.
  • Hetzner (hosting): IP address processed by hosting infrastructure in Germany.
  • OpenAI (artificial intelligence): Only table schema (table and column names) is sent for query generation. No actual user data is transmitted.

6. Cookies

We use only essential cookies:

  • Session cookie: JWT (JSON Web Token) for authentication.
  • We do not use tracking, analytics, or third-party advertising cookies.

7. Data Retention

  • Account data is maintained while your account is active.
  • After account deletion, all personal data is removed within 30 days.
  • Audit logs may be retained for up to 90 days for security purposes.

8. Data Subject Rights (LGPD)

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct incomplete or inaccurate personal data.
  • Deletion: Request the deletion of your personal data.
  • Portability: Receive your data in a structured format.
  • Withdrawal of consent: Withdraw consent for optional processing at any time.

To exercise your rights, contact us at: privacy@render-ops.com

9. Security

We adopt the following security measures:

  • Encrypted communication via HTTPS/TLS.
  • JWT authentication with HMAC (HS256).
  • Connection credentials stored with encryption.
  • Granular permissions by table, column, and action.
  • Complete audit log of all operations.

10. International Transfer

  • Our servers are located in Germany (Hetzner).
  • The OpenAI API is processed in the United States (table schema only, no personal data).
  • All transfers are carried out with adequate protection measures.

11. Changes to this Policy

  • We may update this Privacy Policy periodically.
  • Significant changes will be communicated with at least 30 days notice.
  • The last update date will always be indicated at the top of the document.

12. Contact and DPO

For questions about privacy and data protection:

Get Started Free