RowRender

Privacy policy

Last updated: May 7, 2026

This policy explains what data RowRender ("we", the "Service") collects, how we use it, and the rights you have over it. Plain English. If a question isn't answered here, email us.

1. Who we are

The Service is operated by an individual based in Argentina under the monotributo tax regime. Billing is processed by Paddle.com Market Limited as merchant of record; Paddle's own privacy notice applies to the payment data they handle.

2. What we collect

We collect the minimum needed to run the Service. Specifically:

  • Your Google account profile: email address, name, avatar URL, and the unique account ID. Provided when you sign in via Google OAuth. We use this to identify you across sessions and to display your account in the plugin and on the website.
  • OAuth refresh tokens: stored encrypted (AES-256-GCM at rest) so we can call the Google Sheets and Drive APIs on your behalf. Used only when you actively trigger an action in the plugin. You can revoke this access from your Google account at any time.
  • Sheet content you point us at: when you click "Load configs" in the plugin, we read the cells of the tab you selected. We process those cells to convert them into render instructions and don't store them after the request completes.
  • Image URLs from your sheet: fetched through our asset proxy when you trigger a render. The bytes are streamed back to your plugin, not stored on our servers.
  • Render counts: when a batch finishes, we record the number of successful renders to enforce the free-tier quota and (for Pro users) for support diagnostics.
  • Billing metadata: if you subscribe, Paddle gives us the subscription ID, status, and current period — no card numbers, no addresses. We store this to know whether you're on Free or Pro.
  • Server logs: standard request logs (IP, path, user-agent, status code) retained for up to 30 days for security + debugging.

3. What we don't collect

  • We don't use third-party analytics or advertising trackers on the website or in the plugin.
  • We don't copy or store your rendered PNGs. Rendering happens inside Figma, on your machine; the ZIP downloads from your browser.
  • We don't access Google Sheets, Drive files, or anything else you didn't explicitly point us at.
  • We don't sell or share your data with anyone outside the subprocessors listed below.

4. Subprocessors

These third parties process data on our behalf:

  • Google — OAuth identity, Sheets API, Drive API.
  • Vercel — hosting + serverless compute for the website and API.
  • Neon — managed Postgres database (user records, subscription metadata, render counts).
  • Paddle — payment processing, subscription management, tax handling.

5. How long we keep data

Your account data is retained while your account is active. When you delete your account, we cascade-delete your user record, sessions, render counts, and subscription metadata within 30 days. Server logs roll off after 30 days. Paddle retains payment records as required by their own policies and tax obligations.

6. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data (mostly: change your name; email is controlled by Google)
  • Delete your account and all associated data (cabinet → Account → Delete account, or by emailing us)
  • Object to or restrict our processing of your data
  • Port your data to another service (we'll export it on request)
  • Withdraw consent for OAuth at any time from your Google account settings

For users in the EU/UK, we recognize the rights granted by GDPR / UK GDPR. For users in California, we recognize CCPA rights. Email edgard.gomes@dynamicads.io to exercise any of these.

7. International transfers

Our infrastructure is hosted on cloud platforms (Vercel, Neon, Google) that may process data in regions outside your country. Where required, we rely on the providers' standard contractual clauses or equivalent transfer mechanisms.

8. Cookies

The website uses a single first-party session cookie to keep you signed in. We don't use third-party cookies or analytics cookies.

9. Security

We use HTTPS everywhere, encrypt OAuth refresh tokens at rest with AES-256-GCM, and follow standard security practices (least-privilege access, audit logs). No system is perfectly secure; if you suspect a breach affecting your account, email us immediately.

10. Children

The Service is not directed at children under 16. We don't knowingly collect data from children. If you believe we have, email us and we'll delete it.

11. Changes to this policy

Material changes will be announced by email and reflected in the "last updated" date above. The current version always lives at this URL.

12. Contact

Privacy questions or rights requests: edgard.gomes@dynamicads.io. See also our terms of service and refund policy.