Privacy Policy

Effective: April 17, 2026

1. Introduction

This Privacy Policy explains how Renovo ("we," "us," or "our") collects, uses, and protects information when you use our service. By creating an account or using the service, you agree to the practices described here.

2. Information We Collect

We collect the following categories of information:

  • Account information: your name, email address, and password (stored only as a one-way hash). If you sign in with Google or Microsoft, we receive your name, email, and profile picture from the provider.
  • Business and document data: businesses, licenses, documents, expiration dates, tags, notes, and uploaded files that you add to the service.
  • Billing information: subscription plan and billing status. Payment card details are handled by our payment processor (Stripe) and are not stored on our servers.
  • Notification preferences: reminder schedules, opt-outs, phone number (if provided for SMS), and email preferences.
  • Technical data: IP address, browser/device metadata, and request logs used for security and troubleshooting.

3. How We Use Information

  • To provide the service and its core features.
  • To send expiration reminders by email (and SMS, if enabled).
  • To process subscription payments through Stripe.
  • To send transactional emails (verification, password resets, security alerts).
  • To protect the service from fraud, abuse, and unauthorized access.
  • To comply with legal obligations.

4. File Storage and Security

Uploaded documents are stored on Cloudflare R2. We use HTTPS for all traffic, hash passwords using bcrypt, and restrict file access through short-lived signed URLs. No system is perfectly secure; you use the service at your own risk.

5. How We Share Information

We do not sell your personal information. We share data only with:

  • Service providers acting on our behalf: Stripe (billing), Cloudflare R2 (file storage), our email delivery provider, and, if enabled, our SMS delivery provider.
  • Other members of a business you belong to - they can see documents, tags, and activity within that business.
  • Legal and safety disclosures when required by law or to protect rights, property, or safety.

6. Data Retention

We retain account and document data for as long as your account is active. If you delete your account, we remove your personal information and uploaded files within a reasonable period, except where retention is required by law (for example, billing records).

7. Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. To make a request, contact us using the address below. We will respond within the period required by applicable law.

8. Cookies and Sessions

We use only strictly necessary cookies - those required to operate the service and keep you signed in. Specifically:

  • refresh_token - an HttpOnly, Secure cookie that keeps you signed in between visits and is used to issue new access tokens.
  • oauth_link_intent - a short-lived, single-use cookie set only during the Google or Microsoft sign-in flow to link your account safely.

We do not use advertising or third-party tracking cookies. You can block or delete the cookies above in your browser at any time, but doing so will sign you out and prevent you from using the service.

9. Analytics

We use PostHog to understand which pages people visit so we can improve them. PostHog is configured in privacy-friendly mode: no advertising, no third-party tracking, no session recording, and no automatic capture of clicks or form input. We record only page views and the page URL.

Analytics are off by default. A consent banner appears on your first visit; we only load the analytics script and record any events after you click Accept. If you click Decline, no analytics data is collected. You can change your choice at any time by clearing site data for this domain in your browser.

10. Minors

The service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice. Continued use of the service after an update constitutes acceptance of the revised policy.

12. Contact

Questions about this policy or your data can be sent to [email protected].