Privacy Policy

1. General Information and Contact Details

The entity responsible for processing your personal data is BrenderCloud. Address: Carrer Varsovia 103, 08041, Barcelona, Spain. Contact Email: [email protected]. Contact Phone: +34 644 039 558. If you have any questions about this Privacy Policy or how your data is handled, you can contact us using the details above. We have not appointed a formal Data Protection Officer but are happy to assist with any privacy-related inquiries.

2. Data Processing and Legal Basis

We collect and process personal data only when necessary to provide our services, comply with legal obligations, or with your consent. Below, we explain the data we collect, its use in our service, and the legal basis for processing.

2.1 Service Flow and Data Collection

When you use BrenderCloud’s service, we process your data at various stages:

• File Upload: You upload Blender project files to our platform, which are stored on our servers. We treat all uploaded content confidentially. Blender files may contain personal data, which we protect accordingly.
• Account and Email: We collect your email address when you create an account to communicate with you. Your email is used for notifications and results.
• Consent to Terms: You must agree to our Terms of Service and Privacy Policy to use our service. Marketing emails require separate consent.
• Email Confirmation: We verify your email via a confirmation link and log the timestamp and IP address.
• Payment: We estimate job costs and process payments through Stripe. We do not store full payment details.
• Rendering: We begin rendering once you approve the job analysis. Metadata like render time may be recorded.
• Support: We collect information you provide when contacting support to assist you.
• Automatic Data: Our servers record access data like IP address and error logs for security and issue resolution.
• Cookies: We use cookies for functionality and, with your consent, for analytics.

Personal Data We Collect: Contact Data: Email address; billing info if invoicing is requested. Content Data: Blender files. Payment Data: Processed by Stripe. Technical Data: IP, device info, logs. Rendering Metadata: Job ID, settings, durations. We do not sell your data or use it for automated decisions.

2.2 Legal Bases for Processing

We rely on the following legal bases for processing your data under the GDPR:

• Contract: Most of our data processing is necessary to perform our contract with you. For example, storing your files and billing you at the end of the month.
• Consent: We rely on your consent for marketing communications and non-essential cookies.
• Legitimate Interests: We process data for security, fraud prevention, and technical performance. We ensure these interests do not override your privacy rights.
• Legal Obligation: We may retain or disclose data to comply with legal requirements, such as tax laws.

3. Third-Party Services and Data Sharing

We rely on a few third-party providers to operate BrenderCloud. We share your data with these providers under strict data processing agreements and ensure appropriate safeguards for international transfers.

• Amazon Web Services (AWS): We use AWS for infrastructure hosting. Our servers are located in the US East (N. Virginia) region. This involves international data transfers, which are protected by Standard Contractual Clauses (SCCs).
• Stripe: Stripe handles payment processing. We do not store full payment details. Transfers are protected via SCCs.
• Google Workspace: We use Gmail for communication. Data may be accessible to Google LLC in the USA, with transfers protected by SCCs.
• Google Tag Manager: We use it to manage website scripts. It processes technical information like IP addresses, with transfers protected by SCCs.
• Google Analytics: With your consent, we use it for web analytics. Data is anonymized and transferred to the USA with SCCs.
• Google Ads: We may use it for advertising. Data is pseudonymous and transferred to the USA with SCCs.
• PostHog: We use it for product analytics. Data is stored within the EU and pseudonymized.

4. Cookies and Consent Management

We use cookies to deliver and enhance our services. We distinguish between essential and non-essential cookies and obtain your consent for the latter.

• Essential Cookies: Necessary for basic operation, such as keeping you logged in.
• Non-Essential Cookies: Used for analytics and marketing with your consent.
• Consent Requirements: We require explicit consent for non-essential cookies.
• Managing Preferences: You can change your cookie preferences at any time via our website.
• Cookies Used: We use session cookies, CSRF tokens, and cookies for analytics and marketing, all subject to your consent.

We respect your cookie choices and follow legal requirements for consent management.

5. Your Rights as a Data Subject

As a user of BrenderCloud, you have specific rights regarding your personal data under the GDPR:

• Right of Access: You can request confirmation and a copy of your data.
• Right to Rectification: You can ask us to correct inaccurate data.
• Right to Erasure: You can request deletion of your data under certain conditions.
• Right to Restriction: You can limit how we use your data.
• Right to Data Portability: You can receive your data in a structured format.
• Right to Object: You can object to processing based on legitimate interests or for marketing.
• Right to Withdraw Consent: You can withdraw consent for processing at any time.
• Right to Lodge a Complaint: You can lodge a complaint with a data protection authority.

We aim to respond to all requests within one month. You can exercise these rights by contacting us.

6. Data Storage and Deletion

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or to meet legal requirements.

• User Files: Retained for up to 30 days.
• Metadata: Kept for 1–2 years for operational analysis.
• Account Information: Kept while your account is active.
• Payment Data: Retained for 6–10 years for accounting.
• Communication Records: Retained for 2–3 years.
• Server Logs: Kept for up to 90 days.
• Backups: Retained for 30–60 days.
• Legal Holds: Data may be retained longer in exceptional legal situations.

Data is securely erased or anonymized once retention periods expire or upon request.

7. Security Measures

We implement robust security measures to protect your personal data:

• Encryption: All communications and stored data are encrypted.
• Access Controls: Access to data is limited to authorized personnel.
• Network Security: Our systems are protected by firewalls and security services.
• Monitoring: We monitor systems in real-time and log access events.
• Organizational Measures: We train team members on data protection.
• Secure Development: We follow secure coding practices and audit our code.
• Third-Party Security: We work with providers who maintain strict security standards.
• Physical Security: We rely on cloud providers with physical security controls.
• Payment Security: Payments are handled by Stripe, which is PCI-DSS certified.
• Incident Response: We notify authorities and users of data breaches as required.

We encourage users to use strong passwords and report any security issues to us.

8. Updates to this Privacy Policy

We may revise this Privacy Policy periodically. When we update the policy, we will post the new version on this page and update the "Last Updated" date.

• If changes are significant, we will provide notice, such as an email or website banner.
• We encourage you to review this page regularly.
• Minor edits may be made without specific notification.
• By continuing to use BrenderCloud, you agree to the updated terms.

9. Supervisory Authority and Contact

If you believe your data has been mishandled, you have the right to file a complaint with a supervisory authority. Our lead data protection authority is:

We encourage you to contact us first with any concerns.

Thank you for reviewing our Privacy Policy. We are committed to protecting your privacy and are here to help with any questions or concerns.