Saltar al contenido principal
Renamed.to logorenamed.to

Trust Center

Security and privacy are core to renamed.to. This page brings together how we protect your data, the third parties we rely on, our compliance posture, and the documents you need for a vendor security review.

How we protect your data

Encryption in transit & at rest

TLS 1.3 for all traffic. OAuth tokens and audit logs are encrypted with AES-256-GCM. Backups are encrypted before storage.

EU hosting & data minimization

Primary infrastructure is in Germany (EU). File content is processed transiently and deleted within 24 hours — originals promptly, outputs within 1 hour.

Strong authentication

Passkeys (hardware security keys via WebAuthn), email one-time codes, and enterprise SSO (SAML). Authenticator-app 2FA is on our roadmap.

Tested, encrypted backups

Daily encrypted database backups with 30-day retention. Restores are verified automatically every week and manually every month.

Secure development

Dependency vulnerability scanning on every build, isolated processing environments, scoped OAuth, and signed webhooks.

Incident response

Documented incident response. Affected customers are notified within 72 hours of a confirmed personal data breach (GDPR Art. 33).

Compliance status

We state only what is true today. Items marked “planned” are on our roadmap and not yet in place.

GDPR

Compliant as a data processor; DPA with SCCs available.

CCPA / CPRA

We do not sell or share personal data; deletion and access supported.

SOC 2 control areas

Security program organized around SOC 2 control areas (security, availability, confidentiality).

SOC 2 audit

Planned

Not yet audited. A third-party SOC 2 audit is on our roadmap as we scale.

Penetration test

Planned

Planned. We run dependency scanning and internal security reviews today.

Authenticator-app 2FA

Planned

Passkeys and SSO available today; TOTP authenticator support is planned.

Subprocessors

We use 13 third-party services to deliver renamed.to. Our infrastructure is hosted by Hetzner in Nuremberg, Germany (EU). The full list — what each one does, where it runs, and the data it processes — is published for transparency.

View the full subprocessor list

Documents & resources

Security overview

How we protect your data — encryption, access, infrastructure.

Subprocessors

The third-party services we use and what data they process.

Data Processing Agreement

GDPR Art. 28 DPA for EU and US customers.

Privacy Policy

What we collect and how we use it.

Terms of Service

The terms for using renamed.to.

Report a security issue

Found a vulnerability or have a security question? We acknowledge reports within 24 hours and appreciate responsible disclosure.

security@renamed.to