RenderWave
14-Day Trial
Legal

Privacy Policy

Last updated: May 12, 2026

1. Overview

RENDERWAVE is a local-first desktop application. All visual rendering happens on your machine — we do not receive, transmit, or store any of your visuals, performances, or creative output. This policy describes how we handle the minimal account and billing data we do collect, and your rights with respect to that data.

This privacy policy is designed to comply with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable data protection laws as of 2026.

2. Data We Collect

We collect only what is necessary to run your license and process payments:

  • Account Information: Email address, first and last name, and Clerk-generated user ID. Created when you sign up via Clerk authentication.
  • Payment and Billing: Stripe processes your card details. We store your Stripe customer ID, subscription status, and billing period dates. We never store your full card number, CVV, or card expiration date.
  • License Data: License key, license type, machine identifiers bound to your license, and activation timestamps. Machine identifiers are hashed before storage and are not reversible.
  • Support Correspondence: If you email us at [email protected], we retain those messages to provide support.
  • Usage Data (optional): When you opt in to analytics in the app, we collect anonymized, aggregated usage statistics — session duration, shader library section views, output resolution selected. No visuals, no performance content, no identifiable machine data beyond anonymized counters.

3. What We Do NOT Collect

RENDERWAVE is designed to protect your creative work. We intentionally do not collect:

  • Visuals, video output, or any rendered content from your performances
  • Syphon feeds or any live video routing data
  • Shader parameters, scene settings, or project files
  • Device camera, microphone, or sensor data
  • Real-time location or IP addresses during normal app use (server logs are minimized and rotated)

4. How We Use Your Data

We use collected data only for:

  • Activating and validating your RENDERWAVE license
  • Processing payments and managing subscriptions via Stripe
  • Issuing updates and handling appcast-based software updates
  • Responding to support requests submitted to [email protected]
  • Sending transactional emails: purchase confirmations, subscription renewals, cancellation notices
  • Improving RENDERWAVE based on anonymized, aggregated usage data (only if you opt in)

We will never use your personal data for marketing. We will never sell, rent, or share your data with third parties for advertising or profiling purposes.

5. Third-Party Services

We use the following third-party services, each acting as a data controller or processor under applicable law:

  • Clerk (clerk.com/privacy) — User authentication and account management. Handles sign-in, session management, and user identity. Data processor.
  • Stripe (stripe.com/privacy) — Payment processing. Handles card data, billing, and subscriptions. PCI-DSS Level 1 compliant. Data controller for payment data.
  • Cloudflare (cloudflare.com/privacy) — Content delivery network and DDoS protection. Used for serving the RENDERWAVE website, downloads, and appcast. Data processor for CDN logs.
  • n8n (n8n.io/privacy) — Workflow automation for transactional emails and Discord notifications on license events. Receives email address and event type only. Data processor.

Each service's own privacy policy governs their handling of your data. We encourage you to review each policy.

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our legal basis for processing your data is:

  • Contract performance: Processing your account and billing data is necessary to provide the license and services you purchased.
  • Legitimate interests: Fraud prevention, network security, and basic service improvement (aggregated, non-identifiable analytics). You may object to this processing at any time.
  • Consent: Optional analytics opt-in, marketing emails (we do not send marketing emails at this time). Withdrawable at any time.

7. Data Retention

We retain your data only as long as necessary:

  • Account data: Retained while your account is active. Upon account deletion, all personal data is deleted within 30 days, except as required by law.
  • Billing records: Retained for 7 years per US tax law requirements. After this period, only anonymized, aggregated billing summaries are kept.
  • License activation records: Retained for 3 years after the license expires or is deactivated, for support and verification purposes.
  • Support emails: Retained for 2 years from last correspondence.
  • App analytics data: If you opt in inside the desktop app, anonymized aggregate data is retained for 2 years.

8. Your Rights

Depending on your location, you have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Correct inaccurate account or contact information.
  • Erasure ("Right to be Forgotten"): Request deletion of your account and all associated personal data. See Section 9 for the deletion process.
  • Data Portability: Request your account data in a machine-readable format (JSON). Email us at [email protected] to request a portability export.
  • Restrict processing: Request that we limit how we use your data (subject to our legal obligations).
  • Object: Object to processing based on legitimate interests. We will honor valid objections unless we have a compelling legal basis.
  • Withdraw consent: For any processing based on consent, withdraw consent at any time by emailing [email protected] or using the app settings.
  • Lodge a complaint: File a complaint with your local data protection authority if you believe we have violated your privacy rights. (EU: edpb.europa.eu, US: your state attorney general or FTC.)

To exercise any of these rights, email [email protected] with your request and the email address on your account. We will respond within 30 days.

9. Account Deletion

You may request deletion of your RENDERWAVE account and all associated personal data at any time by emailing [email protected]. Please include the email address on your account.

Deletion is processed within 30 days. Upon deletion:

  • Your account and personal data are removed from our systems
  • Your license is deactivated — the license key will no longer validate
  • Subscription cancellation is triggered via Stripe (if active)
  • Billing records are retained per Section 7 for legal and tax compliance

Note: Deleting the RENDERWAVE app from your machine does not delete your account data. Account deletion must be requested separately via email.

10. Cookies and Tracking

The RENDERWAVE website uses essential session cookies for authentication via Clerk. We do not use advertising cookies, tracking pixels, or fingerprinting scripts.

The RENDERWAVE desktop app does not use any cookies. Local shader settings and project files are stored on your machine only and are not transmitted to us.

We do not currently load Google Analytics or other third-party analytics scripts on this website.

11. Data Security

We implement the following technical and organizational security measures:

  • All data in transit is encrypted via TLS 1.3 (HTTPS)
  • Payment data is handled exclusively by Stripe's PCI-DSS Level 1 infrastructure — we never handle raw card data
  • Machine identifiers are hashed (SHA-256) before storage — we cannot reverse-engineer your machine's serial numbers or hardware IDs
  • Database connections use parameterized queries to prevent SQL injection
  • Server access is restricted, logged, and reviewed quarterly
  • Cloudflare handles DDoS mitigation and perimeter security for the website

While we implement reasonable security measures, no internet transmission or electronic storage is 100% secure. If you suspect a data breach, contact us immediately at [email protected].

12. Data Breach Notification

In the event of a confirmed data breach that poses a risk to your rights or freedoms, we will notify affected users via email within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. We will also notify the relevant supervisory authority as required by law. If the breach presents a high risk to individuals, we will also provide clear instructions on steps you can take to protect yourself.

13. International Data Transfers

RENDERWAVE is operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

For users in the European Economic Area: We use Standard Contractual Clauses (SCCs) approved by the European Commission as appropriate safeguards for cross-border data transfers where required by law.

Third-party services (Clerk, Stripe, Cloudflare) involved in your data processing may transfer and store data internationally. Their respective privacy policies govern those transfers.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. License validation uses deterministic checks against stored license and machine-binding records. Subscription billing decisions are made by Stripe and subject to Stripe's policies.

15. Children's Privacy

RENDERWAVE is not intended for use by children under 13 years of age (US) or under 16 years of age (EU). We do not knowingly collect personal information from children. If we become aware that a child's personal data has been collected without parental consent, we will delete it. If you believe a child has provided us with personal data, contact us at [email protected].

16. California Privacy Rights (CPRA)

California residents have additional rights under the CPRA:

  • Right to Know: Categories and specific pieces of personal information collected, sources, purposes, and third parties involved
  • Right to Delete: Request deletion of personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt Out: Opt out of the sale or sharing of personal information (we do not sell or share personal information)
  • Right to Limit Use: Limit use of sensitive personal information to that which is necessary to perform services
  • Non-Retaliation: We will not discriminate against you for exercising your privacy rights

To exercise any California privacy rights, email [email protected]. We will respond within 45 days.

17. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. Material changes will be communicated via email to the address on file and via notice on this page. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of RENDERWAVE after changes constitutes acceptance of the revised policy.

18. Contact

Questions about this policy, our data practices, or to exercise your privacy rights:

  • Email: [email protected]
  • Mail: Contact us by email if you need a postal address for a formal privacy request.

We aim to respond to all privacy-related inquiries within 30 days.