Privacy Policy
Last updated: June 13, 2026
1. Important Information and Who We Are
This privacy policy explains how Rendraft ("we", "us", or "our") collects, uses, stores, and shares personal data through your use of the Rendraft Chrome Extension and the Rendraft website at rendraft.com (together, "the Service").
The Service is not intended for children under 18, and we do not knowingly collect data from minors.
If you have any questions about this policy or how we handle your data, please contact us at contact@rendraft.com.
We may update this policy periodically. We encourage you to review it before each visit. If we make significant changes, we will notify you by email or via an in-app notice.
2. Data-Handling Summary (at a glance)
This section summarises every category of data the Service collects, where it is stored, and which third parties receive it. The sections below this one cover the same ground in more detail; this summary is here so reviewers and privacy-conscious users can verify our disclosures at a glance.
| Data category | Stored where | Shared with |
|---|---|---|
| Account info (name, email) | MongoDB Atlas + Supabase | Stripe (for billing) |
| Sign-in password (only if you use email/password sign-in, not Google Sign-In) | Held by Supabase as a one-way bcrypt hash. Never stored on the Rendraft backend or on your device. | Supabase (the only recipient, for authentication) |
| Authentication tokens (issued after sign-in) | chrome.storage.local on your device | Supabase (for refresh / verification) |
| Submitted text (your draft) | Never stored. In memory only for one request. | Google (Gemini API) — also not stored there |
| AI-generated response | Never stored. Returned to you and discarded. | Nobody. |
| Optional conversation context (off by default) | Never stored. Encrypted in your browser, processed in memory. | Google (Gemini API) — also not stored there |
| Usage metadata (action type, plan, IP, browser, OS, device, timezone, page URL/domain, timestamp) | MongoDB Atlas (12-month TTL, then auto-deleted) | Nobody (internal rate-limiting and analytics) |
| Suggestion feedback (whether you accepted or dismissed each rewrite) | MongoDB Atlas (12-month TTL, then auto-deleted) | Nobody (used to improve suggestion quality) |
| User settings (language, custom instructions, blocked sites, daily usage counters) | chrome.storage.sync + MongoDB Atlas | Google (via Chrome Sync infrastructure) |
| Payment method | Stripe only. We never receive card numbers. | Nobody outside Stripe. |
| Network metadata (IP, headers, TLS handshake) | Transient. Needed to route HTTPS requests. | Cloudflare (every request passes through Cloudflare; they see your IP and request headers) |
What we never do
- We never store the text you submit for rewriting.
- We never store the AI-generated response.
- We never use your data to train AI models, ours or anyone else's.
- We never sell, rent, or trade user data to any third party.
- We never track your browsing history. We only see the URL of the page where you actively trigger the extension.
- We never read text from a page unless you explicitly trigger the extension on that page.
The remaining sections of this policy explain each item above in more depth, including legal bases, retention periods, your rights, and how to contact us.
3. Chrome Extension — Data Collection, Use, Storage, and Sharing
Single Purpose: The Rendraft Chrome Extension is an AI writing assistant. Its sole purpose is to improve text you are writing in input fields across websites — such as AI prompt boxes, email composers, chat inputs, and social media posts. The extension only activates when you explicitly trigger it on a specific input field.
This section provides a comprehensive disclosure of exactly what data the extension collects, how it is used, where it is stored, and who it is shared with.
2.1 Data the Extension Collects
a) User-submitted text content: When you explicitly trigger the extension on an input field (e.g. a prompt box, email composer, or chat input), the extension reads the text currently in that field. This is the only text the extension ever reads. No text is read or collected unless you actively trigger the extension. This text is processed in real time and is not stored on our servers.
b) Optional conversation context (off by default): If you enable "Use conversation context" in extension settings, the extension additionally reads visible chat or email content on the active page (scraped from the page's DOM) so the AI can generate a contextually relevant reply. When this setting is on, the conversation content is encrypted in your browser before it leaves your device. Like the text in (a), it is processed in real time and is not stored on our servers.
c) Page URL and domain name: When you trigger the extension, the URL and domain of the active tab are collected. This is used to apply platform-specific processing instructions (e.g. different behaviour on Gmail vs. ChatGPT) and to log which platform was used.
d) Sign-in credentials (email and password): The extension offers two ways to sign in: (i) email and password, or (ii) Google Sign-In via OAuth. If you choose the email-and-password method, you enter these credentials directly into the extension popup at sign-in, sign-up, or password-reset. The credentials are transmitted over HTTPS straight to our authentication provider, Supabase, which validates them and returns an access token and a refresh token. Your password is never read, stored, or seen by the Rendraft backend. It is held only by Supabase, which stores it as a one-way bcrypt hash so that not even Supabase can recover the plaintext. The extension itself does not persist your password locally — it lives in the popup form input only until the sign-in request completes, then is discarded. Password-reset emails are sent by Supabase. If you choose Google Sign-In instead, no password is collected by the extension at all; authentication is delegated to Google's OAuth flow.
e) Authentication tokens (stored locally only): After you successfully sign in (either by email/password or by Google OAuth), Supabase issues an access token and a refresh token. These are stored in chrome.storage.local on your device. They are sent only to our backend server (as a bearer token) and to Supabase (for token refresh), over HTTPS, to verify your identity on subsequent requests. They are cleared when you sign out or uninstall the extension.
f) Browser and device information: Your browser type, browser version, operating system, device type, and timezone are collected with each API request for compatibility, debugging, and aggregate analytics purposes.
g) User settings: Settings you configure in the extension — such as your interface language, a custom system prompt for prompt-optimization, a custom rewrite instruction, daily-usage counters, and the list of sites where you have disabled the on-page badge — are stored on our backend so they persist across sessions and devices. Some of these settings are also synced through Chrome's built-in chrome.storage.sync, which transmits them through Google's Chrome Sync infrastructure to your other signed-in Chrome browsers. These settings are deleted on account deletion.
h) Suggestion feedback: When you accept or dismiss a suggestion the extension shows you, that accept/dismiss signal is recorded against the relevant request. This is used to gauge suggestion quality. No part of the original text or AI response is recorded, only the boolean accepted/dismissed value and a timestamp.
2.2 How the Extension Uses Your Data
- Text content: Sent to our backend server, which forwards it to Google for AI text generation. The sole purpose is to produce an improved version of your text and return it to you. Your submitted text and the AI-generated response are NOT stored on our servers. They are processed in memory during the request, then discarded as soon as the response is returned to you.
- Page URL and domain: Used to determine platform-specific AI instructions and logged for usage analytics.
- Auth tokens: Used solely to authenticate your API requests and verify your subscription status.
- Browser/device info: Used for debugging, compatibility, and aggregated analytics.
2.3 Where Extension Data Is Stored
- At Supabase (passwords, account records, auth tokens): If you sign in with email and password, your password is sent over HTTPS directly to Supabase, our authentication provider, which stores it as a one-way bcrypt hash. Supabase also stores your account record (email, account ID, sign-in history) and issues the access / refresh tokens used to authenticate API requests. Your plaintext password is never stored, logged, or transmitted to the Rendraft backend.
- On your device (chrome.storage.local): The access token and refresh token issued by Supabase after sign-in are stored in
chrome.storage.local. They never leave your device except when sent as a bearer token in HTTPS requests to our backend or to Supabase. Your password is NOT stored locally — it lives in the popup's sign-in form input only until the request completes, then is discarded by the browser. - On your device, synced via Google (chrome.storage.sync): A subset of your settings (interface preferences, daily-usage counters, your customisable instruction text, the list of sites where you have disabled the on-page badge) are stored in
chrome.storage.sync. Chrome automatically synchronises this storage area to your other signed-in Chrome browsers via Google's Chrome Sync infrastructure. We do not control this transmission; it is governed by Google's sync settings and Google's privacy policy. - On our backend server (MongoDB Atlas): Only request metadata is logged in our database — specifically: the action type (optimize / grammar / email / rewrite / humanize), your plan, your IP address, browser, operating system, device type, timezone, the page URL, the page domain, and accept/dismiss feedback. Account profile records (name, email, plan, subscription status, your settings, lifetime usage counters) and the user settings described in 2.1(f) are also stored here. The text you submitted for rewriting and the AI-generated response are NOT logged or stored on our servers — they live in memory only for the duration of a single request. See Section 11 (Data Retention) for retention periods.
- Transiting Cloudflare: Every HTTPS request between the extension and our backend passes through Cloudflare, which provides hosting, CDN, and DDoS protection for our API. Cloudflare therefore sees the IP address and HTTP headers of every request as it routes them, including the bearer token used for authentication. The request body (including the text you submitted) is also visible to Cloudflare in transit, though it is encrypted at the TLS layer until it reaches our backend. Cloudflare Privacy Policy.
- At Google (Gemini API): The text you submit is transmitted to Google for AI processing. Google processes the text to generate a response and returns it to our server. The text is processed in real time and is not stored by Google. Google is contractually bound to process your data solely for generating responses and not for training their AI models. Google Privacy Policy.
2.4 Third Parties That Receive Extension Data
The following third parties receive data collected through the Chrome Extension:
- Google (Gemini API): Receives the text you submit for AI processing. Google uses this data solely to generate a response and return it to our server. Your text is not stored by Google and is not used to train AI models. Google Privacy Policy.
- Google (Chrome Sync): When you have Chrome Sync enabled in your browser, Google transmits the contents of
chrome.storage.sync(the subset of your Rendraft settings listed in 2.3) between your signed-in Chrome browsers. We do not control this flow; it is part of Chrome itself. You can disable it from Chrome settings if you prefer not to use Chrome Sync. Google Privacy Policy. - Supabase: Our authentication provider. Receives your email, your password (only if you sign in with email and password — not if you use Google Sign-In), and your account profile. Supabase stores the password as a one-way bcrypt hash; the plaintext is discarded immediately after the hash is computed. Supabase also issues, validates, and refreshes the access and refresh tokens that authenticate your subsequent API requests. Submitted text and AI-generated responses are not sent to or stored at Supabase. Supabase Privacy Policy.
- MongoDB Atlas: Hosts our usage-metadata database. Stores request metadata (action type, plan, IP, browser, OS, device type, timezone, page URL/domain, timestamps, accept/dismiss feedback) and account profile records (including the settings described in 2.1(f)). Submitted text and AI-generated responses are not sent to or stored at MongoDB Atlas. MongoDB Privacy Policy.
- Stripe: Processes subscription payments. Receives your email address, payment method, and billing details. Does not receive your text content. Stripe Privacy Policy.
- Cloudflare: Provides hosting and CDN services for our backend. Network-level data (IP address, request headers) passes through Cloudflare infrastructure. Cloudflare Privacy Policy.
No other third parties receive data collected through the Chrome Extension.
2.5 Sale of User Data
We do not sell, trade, or rent any user data collected through the Chrome Extension to any third party. Data is shared only with the service providers listed above, solely for the purpose of delivering the Service.
2.6 Chrome Web Store Compliance
Rendraft's use and transfer to any other app of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. The extension only accesses the minimum data necessary to provide its core functionality (AI text improvement) and does not use this data for purposes unrelated to the Service.
2.7 Data Not Collected
The extension does not read or transmit text unless you explicitly trigger it. It does not run in the background, monitor browsing history, capture keystrokes, take screenshots, access bookmarks or downloads, read cookies, or collect geolocation data. The extension does not sell user data to any third party.
2.8 Browser Permissions and Justification
The Rendraft Chrome Extension requests the following browser permissions. Each permission is required for the extension to function and is used only for the purposes described below:
- Host permission — All websites (
*://*/*): The extension needs access to all websites because it is designed to work on any input field across the web — including AI platforms (ChatGPT, Claude, Gemini), email providers (Gmail, Outlook), messaging apps (WhatsApp, Slack), social media (Facebook, Instagram), and any other site where you write text. The extension injects a small UI overlay (a floating button) next to the focused input field so you can trigger it. Without this broad permission, the extension would not be able to function on websites outside a predefined list. The extension does not read any page content or text unless you explicitly trigger it on a specific input field. - Host permission — Google Generative Language API (
generativelanguage.googleapis.com): Required to send your text to Google's AI service for processing and receive the improved version back. This is the core functionality of the extension. - Storage (
chrome.storage.local): Used to store your authentication token and refresh token locally on your device after you sign in. This keeps you logged in between browser sessions. No other data is stored locally. - Identity (
chrome.identity): Used to enable Google OAuth sign-in. When you choose to sign in with your Google account, this permission allows the extension to securely authenticate you through Google's OAuth flow. No Google account data beyond your name and email address is accessed.
The extension does not use any remote code. All extension code is bundled and included in the extension package.
2.9 Data Handling and Security
All data transmitted between the extension and our backend server, and between our backend and Google, is encrypted using HTTPS/TLS. Authentication tokens are transmitted only as bearer tokens over encrypted connections. User-submitted text is transmitted securely and is never exposed to any party other than our backend server and Google (for AI processing).
4. The Data We Collect About You
Across the Chrome Extension and the Rendraft website, we may collect and process the following categories of personal data:
- Identity Data: Name (provided via Google sign-in or account registration)
- Contact Data: Email address
- Authentication Data: Password (only if you sign up with email and password; never collected if you use Google Sign-In). Stored only at Supabase as a one-way bcrypt hash. Never stored on the Rendraft backend or on your device.
- User Content: Text you submit through the extension is processed in real time to generate a response, then discarded. We do not retain submitted text or AI responses on our servers.
- Transaction & Financial Data: Subscription level, payment method, and transaction history (processed via Stripe — we do not store full card numbers)
- Technical Data: IP address, browser type and version, device type, operating system, time zone, and page URL/domain when the extension is triggered
- Usage Data: How you interact with the Service, daily usage counts (e.g. number of rewrites used), which platforms you use the extension on, and timestamps of usage
We do not collect special category data such as race, ethnicity, religious beliefs, sexual orientation, health information, or biometric data.
5. How We Collect Your Personal Data
We collect data through the following methods:
Direct Interactions: When you create an account, purchase a subscription, contact support, provide feedback, or trigger the Chrome Extension on an input field.
Automated Technologies: As you use the Service, we automatically collect Technical and Usage Data via server logs, the Chrome Extension, and similar technologies.
Third Parties: We receive data from payment processors (Stripe), analytics providers (Google Analytics), and authentication providers (Google OAuth / Supabase Auth).
6. How We Use Your Personal Data
We use your personal data for the following purposes:
- AI Text Processing: To send your submitted text to Google for AI processing and return the AI-generated result to you (contract performance)
- Account Registration: To create and manage your account (contract performance)
- Payment Processing: To manage subscriptions and billing via Stripe (contract performance)
- Usage Tracking: To enforce free-tier limits and track subscription usage (contract performance)
- Customer Support: To respond to your enquiries and resolve issues (legitimate interests)
- Service Improvement: To analyse aggregate usage metadata (not submitted text) and improve the Service (legitimate interests)
- Security & Fraud Prevention: To protect our users and Service (legitimate interests / legal obligation)
We will only use your personal data for purposes for which it was collected, unless we reasonably determine another purpose is compatible. We will notify you of any material change in purpose.
7. Who We Share Your Personal Data With
We share your data with the following third parties. Each third party receives only the data necessary to perform its specific function:
- Google: Receives user-submitted text for AI processing. Returns the generated result to our server. Does not receive your name, email, or payment information. Does not store your text or use it for model training. Google Privacy Policy.
- Supabase: Authentication provider and one of our database providers. Receives your email, your password (only when you sign up or sign in with email and password — not when you use Google Sign-In; the password is stored as a one-way bcrypt hash and the plaintext is discarded immediately), and your account profile. Issues, verifies, and refreshes the access and refresh tokens used to authenticate API requests. Does not receive your submitted text or AI responses. Supabase Privacy Policy.
- MongoDB Atlas: Hosted database for usage metadata (action type, plan, IP, browser, OS, device, timezone, page URL/domain, timestamps) and account profile records. Does not receive your submitted text or AI responses. MongoDB Privacy Policy.
- Stripe: Payment processor. Receives email, payment method, and billing details for subscription management. Does not receive your text content. Stripe Privacy Policy.
- Cloudflare: Hosting, CDN, and security provider. Network-level data (IP address, request metadata) passes through Cloudflare. Cloudflare Privacy Policy.
- Google Analytics: Receives anonymized website usage data (page views, session duration, device type). Does not receive user-submitted text content. Google Privacy Policy.
- Professional Services: Lawyers, accountants, and insurers as required by law or for business operations.
We do not sell, trade, or rent your personal data to any third party. We do not allow third-party service providers to use your personal data for their own marketing or commercial purposes. We may disclose data to law enforcement or regulatory bodies when required by law.
8. Data Flow Summary
When you trigger the Rendraft Chrome Extension, the following data flow occurs:
- The extension reads the text in the active input field on the current page.
- The text, page URL, domain, and your auth token are sent to the Rendraft backend server (hosted on Cloudflare).
- The backend verifies your identity and subscription status via Supabase.
- The backend sends your text to Google for AI processing.
- Google returns the generated result to our backend.
- The backend logs request metadata only (action type, plan, IP, browser, OS, page URL, page domain, timestamp) to enforce daily limits and produce aggregate analytics. The submitted text and the AI response are not written to any database or log. The backend then returns the result to the extension.
- The extension displays the result to you in the browser.
No data is sent to any party not listed above. No data is collected unless you explicitly trigger the extension.
9. International Transfers
Some of our third-party providers (such as Google, Stripe, Cloudflare, and Supabase) may process data outside your country of residence, including in the United States. In such cases, we ensure appropriate safeguards are in place, including standard contractual clauses and transfers only to countries deemed adequate under applicable data protection law.
10. Data Security
We have implemented appropriate technical and organizational security measures to protect your personal data from accidental loss, unauthorized access, or disclosure:
- All data transmitted between the extension, our backend, and third-party services is encrypted using HTTPS/TLS.
- Passwords (when used) are sent directly from the extension to Supabase over HTTPS and stored only as a one-way bcrypt hash; the Rendraft backend never sees the plaintext password, and the password is not persisted on your device after sign-in.
- Authentication tokens are stored securely in
chrome.storage.localand transmitted only as bearer tokens over HTTPS. - Database access is restricted to authorized personnel with a genuine business need.
- We use Supabase Row Level Security (RLS) to isolate user data.
We have procedures in place to handle suspected data breaches, and we will notify you and relevant authorities where required by law.
11. Data Retention
We retain your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected:
- Account data (name, email): Retained for as long as your account is active. Deleted upon account deletion request.
- Password (bcrypt hash, at Supabase only): Retained at Supabase for as long as your account is active. Deleted when your account is deleted. The plaintext password is never stored anywhere — it is discarded immediately after Supabase computes the hash.
- Usage metadata (action type, plan, IP, browser, OS, device, timezone, page URL/domain, timestamps, daily usage counts): Retained for up to 12 months for rate-limit enforcement, debugging, and aggregate analytics, then automatically deleted by a database TTL. Submitted text and AI responses are not stored, so there is no retention period for them — they exist only in memory during a single request.
- Payment and transaction data: Retained for as long as required by tax and accounting regulations (typically 7 years).
- Authentication tokens (on your device): Cleared when you sign out or uninstall the extension.
When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use, and whether the purposes can be achieved through anonymization.
You can request deletion of your data at any time by emailing contact@rendraft.com.
12. Cookies
We use cookies and similar tracking technologies on the Rendraft website to enhance your experience. Cookies are small files stored on your device. You can configure your browser to refuse cookies, but this may limit certain functionality.
We use cookies for:
- Authentication (keeping you logged in)
- Preference storage (theme, language)
- Analytics via Google Analytics (understanding how the website is used)
The Chrome Extension itself does not use cookies. It uses chrome.storage.local for authentication tokens only.
13. Your Legal Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data where there is no legitimate reason for us to keep it
- Object: Object to processing based on legitimate interests or for direct marketing
- Restriction: Request suspension of processing in certain circumstances
- Portability: Request transfer of your data to you or a third party in a structured format
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, please email us at contact@rendraft.com. We aim to respond within one month. There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
Email: contact@rendraft.com