Privacy Policy
Last updated: March 7, 2026
1. Who We Are
RenderLens ("we", "our", "the service") is an MCP server that provides visual verification tools for AI-generated code. The service is operated as a sole proprietorship.
2. Data We Process
2.1 Code You Submit
When you use our render, audit, or diff tools, your code is processed in an isolated browser environment. We do not store, log, or retain the code you submit. Code is processed in memory and discarded immediately after generating the result.
2.2 Billing Data
During the free beta, we do not collect any billing data. There are no API keys, payment details, or customer accounts. When paid plans are introduced, this section will be updated accordingly.
2.3 Anonymous Usage Tracking
We track your IP address to enforce the monthly call limit (100 calls/month). IP addresses are stored only in server memory (not persisted to disk or database) with an automatic expiry at the end of each calendar month. We do not associate IP addresses with any other data or use them for any purpose other than rate limiting.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — abuse prevention and fair usage enforcement. You can avoid this tracking entirely by using an API key instead.
2.4 Server Logs
We log minimal operational data: HTTP method, path, status code, response time, and anonymized client identifiers. We never log request bodies or code content. Logs are retained for 30 days for debugging purposes.
3. Legal Basis (GDPR)
We process data under the following legal basis:
- Legitimate interest (Art. 6(1)(f) GDPR) — rate limiting via IP address for abuse prevention and fair usage enforcement
4. Data Retention
- Code submissions: Zero retention. Not stored.
- IP-based usage counters: Stored in server memory only. Auto-expire at the end of each calendar month. Lost on server restart.
- Server logs: 30 days.
5. Your Rights
Under GDPR, you have the right to:
- Access — request a copy of data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Portability — receive your data in a structured format
- Object — object to processing based on legitimate interest
To exercise these rights, contact us at privacy@renderlens.dev.
6. Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Run | Application hosting | EU (Milan) |
| Cloudflare | CDN, DDoS protection | Global |
7. Security
We implement industry-standard security measures including TLS 1.3 encryption, SSRF protection, input validation, and rate limiting.
8. Changes
We may update this policy periodically. Material changes will be communicated via our website. Continued use of the service after changes constitutes acceptance.
9. Contact
For privacy inquiries: privacy@renderlens.dev