Privacy Policy

1.1. Our Role as Controller and Processor

upspawn software UG (haftungsbeschränkt) acts as the Data Controller for the personal data you provide to us, such as your account information. For any personal data contained within the files you upload for processing, you are the Data Controller, and we act as a Data Processor on your behalf. We process this data only on your instructions to provide the Service.

2. Data we collect

We collect and process the following categories of data:

2.1 Account and Contact Data

• Name and email address (for account creation and communication)
• Payment information (processed securely through Stripe)
• Account preferences and settings

2.2 Content and Usage Data

• Uploaded files and their metadata (names, sizes, types)
• File processing requests and AI-generated suggestions
• PDF split processing requests and AI-determined document boundaries
• AI-generated split suggestions and document classifications
• Temporarily extracted text content from PDF pages for AI analysis
• Usage patterns and feature interactions
• Access logs and timestamps

2.3 Technical Data

• IP address and device information
• Browser type, version, and language settings
• Operating system and screen resolution
• Cookies and similar tracking technologies (see Section 5)

2.4 Advertising and Marketing Data (with consent)

• Page views and user interaction patterns
• Conversion events and purchase behavior
• Cross-device identifiers and tracking cookies
• Remarketing audiences and advertising preferences
• Hashed email addresses for advertising matching
• Custom event data (file uploads, feature usage, checkout actions)

2.5 Dropbox Integration Data (if connected)

• Dropbox account ID and, where provided, account email and display name
• Selected Dropbox folder paths and related configuration (e.g., templates, language)
• File metadata within watched folders (names, paths, sizes)
• Temporary access to file content for renaming; temporary copies are deleted after processing
• Audit logs containing original and suggested filenames (no file contents)

2.6 OneDrive Integration Data (if connected)

• OneDrive account identifier, optional account email and display name, encrypted refresh tokens, access-token expirations, and clientState values to verify webhook authenticity.
• Watched folder configuration, Microsoft Graph subscription IDs, delta-token checkpoints, and job queue metadata (file item IDs, folder IDs, status history, timestamps, and retry counters).
• Webhook payload metadata (resource identifiers, change types, subscription expiration times) and operational logs needed to troubleshoot rate limits or processing failures. No file contents are stored in these logs.
• Temporary access to file metadata and PDF content to generate renaming suggestions. Files are downloaded to a transient buffer, processed, and deleted immediately after completion.
• Rate-limit telemetry kept in Redis (counters and timestamps) with a retention of up to 14 days to ensure reliable processing and prevent abuse.
• Legal basis (GDPR): Contract performance (Art. 6(1)(b)) when you enable the OneDrive integration as part of your subscription; Legitimate interest (Art. 6(1)(f)) to deliver the file renaming service you requested and maintain system security and reliability.

2.7 Social Sign‑In Data (Google, Microsoft)

• If you choose to sign in with a third‑party provider such as Google or Microsoft, we receive your account identifier and basic profile data (e.g., name and email) from that provider to create or authenticate your account on renamed.to.
• We do not receive your password from those providers. Authentication is handled by the provider and our identity service.

3. Purpose of processing

We process your data for the following purposes:

3.1 Essential Services

• Provision of file renaming and AI-powered suggestions
• Account management and authentication
• File storage and retrieval
• Payment processing and billing
• Customer support and technical assistance

3.2 Security and Compliance

• Fraud prevention and security monitoring
• Compliance with legal obligations
• Protection of our systems and users

3.3 Marketing and Advertising (with consent)

• Digital advertising and remarketing campaigns
• Conversion tracking and optimization
• Audience building for targeted advertising
• Cross-device tracking and personalization
• Marketing performance measurement

3.4 Improvement and Analytics (with consent)

• Service analytics and performance monitoring
• User experience optimization
• Product development and feature enhancement

3.5 Dropbox Integration (optional)

• Provide optional file renaming within your Dropbox in folders you select
• List files in watched folders, generate a suggested filename using AI, and move the file
• Process file contents transiently only for renaming; we do not retain file contents
• Store only the information needed to maintain the connection (encrypted tokens), settings, and audit logs

3.6 OneDrive Integration (optional)

• Provide optional file renaming within Microsoft OneDrive folders you choose via subscriptions you authorize through Microsoft Graph.
• Monitor watched folders for new or updated PDF files, enqueue rename jobs, and execute AI-assisted naming suggestions aligned with your templates and language preferences.
• Move or rename files inside your OneDrive destination folders, including optional subfolder organization, based on the strategy you configure.
• Maintain audit logs (original and suggested filenames, timestamps, folder IDs) to provide accountability, troubleshooting insights, and compliance evidence.

3.7 Social Sign‑In

• Microsoft Account – Optional sign‑in method. Data processed: name, email, and provider user ID for account creation and authentication.
• Google – Same as above.
• You can disconnect a social login by changing your sign‑in method in account settings or contacting support.

3.8 AI PDF Split Processing (optional)

Our AI-powered PDF split feature uses advanced machine learning to intelligently analyze and divide your PDF documents:

• Content Analysis – AI reviews document text to identify natural break points and document boundaries
• OCR Text Extraction – Extract text content from PDF pages using optical character recognition for AI analysis
• Boundary Detection – Machine learning identifies where one document ends and another begins based on content patterns, formatting, and structure
• Smart Naming – AI generates descriptive filenames for split document segments based on their content
• Batch Processing – Process large documents in configurable batch sizes for optimal performance
• Data minimisation – We limit the data sent to AI/OCR providers to what’s required to deliver the split; depending on the file, this may include the full PDF content for OCR and extracted text for boundary detection.
• Short-Lived Storage – The original uploaded PDF is deleted promptly after splitting completes. Split output files remain available for download for up to 1 hour. All split-related objects in our Cloudflare R2 storage are automatically deleted within 24 hours via lifecycle rules.

3.9 AI Processing Transparency

We believe in full transparency about how artificial intelligence processes your data. Our AI features are designed with privacy and data protection at their core:

How AI Processing Works

• Limited Data Sharing: We limit the data sent to AI/OCR providers to what’s required to deliver the feature. Depending on the file, this may include the full PDF content for OCR and extracted text for boundary detection.
• No model training from our API use: For our use of OpenAI and Mistral APIs, their current API terms state that prompts and outputs sent via these APIs are not used to train or improve their models unless a customer explicitly opts in to such use. We do not opt in to this for your content.
• AI vendor retention: Our AI providers may retain limited logs of API calls (including prompts, outputs, and technical metadata) for a short period (typically up to around 30 days) for abuse detection, security, and service operations, in line with their published policies and legal obligations. They do not use this data to profile you or for their own marketing.
• Temporary Processing: AI/OCR processing is performed to deliver the requested feature. For PDF splitting, the original upload is deleted promptly after processing; split outputs are available for up to 1 hour; and all split-related objects are deleted from Cloudflare R2 within 24 hours via lifecycle rules.
• EU Data Protection: Mistral AI is EU-based. Some providers (e.g., OpenAI) may process data outside the EEA; we use appropriate safeguards for international transfers (see Section 7).
• Encrypted Transit: All data sent to AI services is encrypted in transit using industry-standard TLS protocols

Your AI Processing Rights

• Transparency: You can request information about how AI processed your specific files
• Choice: You can choose not to use optional AI-powered features. If you use them, we process your content to provide the Service.
• Data Deletion: Request deletion of AI processing metadata and temporary extracts at any time
• Data minimisation requests: Contact us to discuss stricter processing options for your account (where technically feasible).

4. Legal basis

We process your personal data on the basis of the following legal grounds according to Art. 6 GDPR:

• Art. 6 para. 1 lit. b GDPR – performance of a contract or steps prior to entering into a contract (account services, file processing)
• Art. 6 para. 1 lit. f GDPR – legitimate interests (security, fraud prevention, service improvement)
• Art. 6 para. 1 lit. a GDPR – your consent (analytics, advertising tracking, marketing communications, remarketing)
• Art. 6 para. 1 lit. c GDPR – compliance with a legal obligation (tax records, data retention requirements)

5. Cookies & tracking technologies

5.1 Essential Cookies (Always Active)

These cookies are essential for the website to function and cannot be disabled:

• Authentication cookies – Keep you logged in to your account
• Security cookies – Protect against fraud and unauthorized access
• Preference cookies – Remember your settings and choices

5.2 Analytics Cookies (Optional)

With your consent, we use analytics services to understand how our service is used:

• PostHog – Privacy-focused analytics to improve user experience
• Usage tracking – Anonymous data about feature usage and performance

5.3 Advertising Cookies (Optional)

With your consent, we use advertising technologies to deliver relevant ads and measure their effectiveness:

• Meta (Facebook) Pixel – Tracks page views, conversions, and user interactions for targeted advertising and remarketing
• _fbp cookie – Facebook browser pixel cookie for cross-device tracking and ad personalization
• fr cookie – Facebook cookie for advertising purposes and user identification
• Conversion tracking – Monitors purchases, registrations, and key user actions
• Audience building – Creates custom audiences for targeted advertising campaigns

5.4 Cookie Management

You can manage your cookie preferences at any time through our cookie banner or by contacting us. Disabling analytics or advertising cookies will not affect the core functionality of our service, but may limit personalization and targeted content.

6. Third-party services & data processors

We work with carefully selected third‑party providers to deliver our services. Where providers act as our processors, they are bound by data processing agreements according to Art. 28 GDPR. Certain authentication providers (e.g., Microsoft, Google) act as independent controllers for their identity platforms.

6.1 Essential Service Providers

6.2 Optional Analytics Services

6.3 Advertising Services

7. International data transfers

Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection for your data when it is transferred to these countries. We have verified that our partners provide a level of data protection equivalent to that in the EU, and all transfers are based on appropriate safeguards:

• EU Standard Contractual Clauses (SCCs): We have entered into SCCs with our non-EEA partners to ensure your data is handled in compliance with GDPR.
• Supplementary Measures: We conduct Transfer Impact Assessments (TIAs) and ensure that technical and organizational measures (like encryption) are in place to protect your data from foreign government access.
• Adequacy decisions by the European Commission
• Approved certification mechanisms
• Binding corporate rules where applicable

8. Data retention

We retain personal data only as long as necessary:

• Account data: Until account deletion plus 30 days for security
• Files: Files are temporarily stored in secure, region-appropriate cloud storage during processing, then deleted. For AI PDF splitting, the original uploaded PDF is deleted promptly after splitting completes; split output files remain available for download for up to 1 hour; and all split-related objects in Cloudflare R2 are automatically deleted within 24 hours via lifecycle rules. Files in connected storage accounts (e.g., Dropbox, OneDrive) remain in those accounts and are not permanently stored on our servers unless you explicitly upload them for processing.
• Payment data: 10 years for tax compliance (processed by Polar)
• Analytics data: 25 months maximum (anonymized)
• Advertising data: Up to 2 years for campaign optimization, or until consent is withdrawn
• Facebook Pixel data: Retained according to Meta's data retention policies (up to 2 years)
• Support communications: 3 years for service improvement
• Dropbox integration data: Connection settings and encrypted tokens retained until you disconnect. Files are temporarily stored during processing, then automatically deleted. Audit logs may retain original/suggested filenames for service quality and security.
• OneDrive integration data: Connection records, delta tokens, and encrypted refresh tokens retained until you disconnect or delete the integration. Files are temporarily stored during processing, then automatically deleted. Audit logs (original and suggested filenames, timestamps, folder IDs) retained for 12 months for troubleshooting and security incident response, then anonymised. Billing records (without file metadata) retained for 10 years per German tax law (§147 AO).

9. Your rights under GDPR

You have the following rights:

To exercise these rights, contact us at support@renamed.to. We will respond within 30 days.

10. Your Rights for US Residents (CCPA/CPRA)

If you are a resident of California or another US state with applicable privacy laws, you may have additional rights, including:

• Right to Know: You can request to know what personal information we collect, use, disclose, and sell.
• Right to Delete: You can request the deletion of your personal information.
• Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the "sale" or "sharing" of your personal information. We do not sell your personal data. However, our use of advertising cookies may be considered "sharing" under California law. You can opt-out by managing your preferences in our cookie banner.
• Right to Correct: You can request to correct inaccurate personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please contact us at support@renamed.to with the subject line "US Privacy Rights Request".

11. Data Retention & Deletion

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Default Retention Periods

Note: The retention periods below apply to metadata (filenames, paths, audit logs). Actual file content is temporarily stored in secure, region-appropriate cloud storage during processing, then automatically deleted (see Section 8 for details).

• File Metadata (filenames, paths): 90 days (configurable 0-365 days in privacy settings)
• Audit Logs: 90 days (configurable 0-365 days in privacy settings)
• Job History: 90 days (configurable 0-365 days in privacy settings)
• Account Data: Retained while your account is active, deleted upon account deletion
• Billing Records: 10 years (statutory requirement under German tax law, §147 AO)

Data Deletion

You can request deletion of your data at any time through Settings → Privacy. When you delete your data:

• All uploaded files and metadata are permanently deleted
• All audit logs and job history are removed
• Third-party processors (e.g., PostHog) are notified to delete your data
• You receive a deletion receipt for your records
• Billing records may be retained for legal compliance (10 years per German tax law)

12. International Data Transfers

As a company based in Germany, we primarily process your data within the European Economic Area (EEA). However, some of our service providers may process data outside the EEA.

Transfer Mechanisms

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses (Module 2: Controller-to-Processor) with all non-EEA processors to ensure adequate data protection. These clauses are based on the European Commission's implementing decision (EU) 2021/914.
• Adequacy Decisions: Some countries have been deemed adequate by the European Commission (e.g., UK, Switzerland, Japan). Transfers to these countries do not require additional safeguards.
• EU-US Data Privacy Framework: Where applicable, we rely on the EU-US Data Privacy Framework for transfers to certified US companies. This framework provides adequacy-level protection for EU-US data transfers.
• Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure data protection equivalent to EU standards, including encryption, access controls, and regular security assessments.

Third-Party Processors

Our key processors and their locations:

13. Privacy Controls & Preferences

You have granular control over your privacy preferences through Settings → Privacy. These controls allow you to:

Privacy Controls

• Disable Analytics: Opt-out of PostHog tracking for product analytics. This stops all analytics data collection immediately.
• Audit Redaction: Automatically remove sensitive data (filenames, paths) from audit logs. Enabled by default.
• Ephemeral Processing: Process files without storing metadata. Files are deleted immediately after processing. Note: This may limit our ability to provide support.

Retention Settings

Configure how long your data is retained:

• File Retention: Set retention period for uploaded files (0-365 days, default: 90 days)
• Audit Log Retention: Set retention period for audit logs (0-365 days, default: 90 days)
• Job History Retention: Set retention period for processing jobs (0-365 days, default: 90 days)

14. Data security

We implement appropriate technical and organizational measures:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

15. Contact & data protection officer

For questions about this Privacy Policy, data protection, or to exercise your rights:

16. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email or through our service. Continued use after changes constitutes acceptance of the updated policy.