Legal

Privacy Policy

Last updated: March 1, 2025

1. Introduction

Rendum, Inc. ("Rendum," "we," "us," or "our") is committed to protecting the privacy of our customers, website visitors, and users of our services. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you visit our website at rendum.io, use our platform, or otherwise interact with us.

This policy applies to information collected through our website, our billing automation platform (the "Service"), and any related services, communications, or interactions. It does not apply to information collected by third parties or through other websites linked from our site.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, company name, job title, and phone number.
  • Demo Request Information: When you request a demo, we collect your name, work email, company, role, member count, payer count, billing challenges, and referral source.
  • Billing Information: Payment card details are collected and processed by our payment processor, Stripe. We do not store full credit card numbers on our servers.
  • Communications: When you contact us via email or support channels, we retain the content of those communications.

2.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with our Service, including pages visited, features used, and actions taken.
  • Device Information: Browser type, operating system, IP address, device identifiers, and screen resolution.
  • Log Data: Server logs that include IP address, browser type, referring/exit pages, date/time stamps, and clickstream data.
  • Cookies: We use essential cookies for authentication and session management. Analytics cookies are optional and require consent.

2.3 Protected Health Information (PHI)

In the course of providing our Service, we process Protected Health Information as defined by HIPAA on behalf of our customers. PHI is handled exclusively under the terms of our Business Associate Agreement (BAA) and is never used for marketing, analytics, or any purpose other than providing the Service.

3. How We Use Information

  • To provide, maintain, and improve our Service
  • To process transactions and send related information
  • To respond to your inquiries and provide customer support
  • To send product updates, security alerts, and administrative messages
  • To analyze usage patterns and improve user experience
  • To detect, prevent, and address technical issues or fraud
  • To comply with legal obligations and enforce our terms

4. Information Sharing

We do not sell, rent, or trade your personal information. We may share information with:

  • Service Providers: Third parties that perform services on our behalf (hosting, payment processing, email delivery, analytics) under contractual obligations to protect your data.
  • Legal Requirements: When required by law, subpoena, court order, or government regulation.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
  • With Your Consent: For any other purpose disclosed to you at the time of collection.

5. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. Account data is retained for 90 days after account closure for audit purposes, then permanently deleted. PHI is retained and deleted in accordance with our BAA terms and applicable law. Usage data and logs are retained for 12 months.

6. Data Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.2+ encryption in transit, role-based access controls, and regular security audits. Our infrastructure is hosted on Microsoft Azure with SOC 2 Type II attestation. For details, see our Security page.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your personal information
  • Object to or restrict processing of your information
  • Data portability (receive your data in a structured format)
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@rendum.io. We will respond within 30 days.

8. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Rendum, Inc.
Attn: Privacy Team
Email: privacy@rendum.io