Privacy Policy

Last updated: June 10, 2026 — template prepared for launch; have it reviewed by a lawyer before relying on it.

What we collect

• Account data: your email address (used for magic-link sign-in and service notices).
• Billing data: handled by Stripe; we store only your Stripe customer/subscription identifiers, never card numbers.
• Usage data: per-render metadata (product, timestamp, byte size, duration, cache status) for quotas, billing, and abuse prevention.
• Render content: URLs/HTML you submit and the resulting files, kept transiently for delivery and for the cache TTL you request (max 7 days), then deleted.
• Logs: standard request logs (IP, endpoint, status) retained up to 30 days for security and debugging.

What we don't do

• No selling of personal data, ever.
• No advertising trackers on the dashboard or docs.
• No inspection of your render content beyond automated abuse prevention.

Processors

Hetzner (hosting, EU), Cloudflare (storage/CDN), Stripe (payments), Resend (transactional email), Sentry (error monitoring). Each processes data only as needed to provide their function.

Retention & deletion

Render artifacts: deleted at cache expiry (≤7 days). Usage events: 90 days (aggregates retained for accounting). Account data: deleted within 30 days of account deletion request to support@rasterkit.com, except records we must keep for tax/accounting law.

Your rights

Subject to applicable law (including GDPR where it applies), you can request access, correction, export, or deletion of your personal data: support@rasterkit.com.

Security

API keys are stored hashed (SHA-256). Transport is TLS-only. Renders execute in isolated browser contexts with network-level protections. Report vulnerabilities to support@rasterkit.com — we respond fast and credit researchers.