Privacy Policy | Renlit

Your privacy matters. We know legal documents can be dry, so here is a breakdown of how we handle your data, what we collect, and—most importantly—what we don't do with it.

OFFICIAL PRIVACY POLICY

Effective Date: January 15, 2025

This Privacy Policy formally delineates the mechanisms by which Renlit Creationfest (hereinafter referred to as the “Platform,” or the “Entity”) effectuates the collection, systematic utilization, necessary disclosure, and comprehensive protection of user information contingent upon the utilization of the Renlit platform and all associated services. This document is intended to provide maximum transparency regarding the Entity’s data handling practices and compliance obligations across various jurisdictions.

Please note: The Platform is currently in a "Soft Launch" (Beta) phase. As a digital-first entity in the process of formal incorporation, our data handling procedures are subject to rapid evolution. By engaging with the Platform, the user signifies their unambiguous and voluntary consent to the collection and subsequent processing of information in strict adherence to the stipulations of this policy, the overarching Terms of Service (ToS), and all relevant statutory and regulatory requirements.

Fundamental Agreement:
Utilization of the Platform constitutes explicit acceptance of this Privacy Policy, the integral Terms of Service, and the Community Guidelines. These documents are interconnected, forming the complete and legally binding agreement for Platform usage.

SECTION 1. Information We Collect

Data acquisition is rigorously governed by the principle of Data Minimization, stipulating unequivocally that the Entity shall only procure data requisite for the robust provision and continuous advancement of Platform services, the timely fulfillment of statutory obligations, and the sustained maintenance of a secure and compliant operational environment. Furthermore, the Entity employs layered collection techniques to optimize efficiency.

1.1. Information Furnished Directly by the User

a. Account Registration Data: Data provided during the formal creation of an account, which encompasses, but is not limited to, the registrant’s full name, valid electronic mail address, cryptographically hashed password, date of birth for age verification, and profile biographical information. This information forms the foundation of the user's digital identity on the Platform.

Email Domain Verification: We analyze the domain reputation of the email address provided during registration. To ensure safety and accountability, we may reject registration from email providers that utilize disposable inboxes or lack sufficient compliance frameworks (as defined in our Terms of Service). This is a security measure to prevent anonymous abuse; we expressly clarify that we have no access to your email content, which remains under the sole control and liability of your email service provider.

b. User Content: All data or material generated, uploaded, or posted by the user upon the Platform, including, for instance, textual entries, imagery, video recordings, audio/voice recordings, commentary, hyperlinked material, and associated metadata (e.g., geographic location markers, temporal stamps). This content is subjected to automated analysis for indexing, content curation, and real-time compliance review against the Community Guidelines prior to public dissemination.

c. Verification Data (Identity & Credentialing): To maintain the "Competence & Accountability" model (including Merchant, Politician, and Expert status), users may be required to submit sensitive identification documents.

i. Government ID: Users seeking verification must provide valid Government-issued identification (e.g., Passport, National ID, Driver's License) and a live photo/selfie for identity corroboration.

ii. Secure Storage of Identification Data: To maximize security, once identity verification is complete, high-sensitivity documents (such as Government ID scans) are moved to secure offline (cold) storage or highly restricted archives. They are not retained on active, public-facing web servers, minimizing the risk of data exfiltration during cyber incidents.

iii. Manual Review: Verification documents are subject to secure manual review by authorized Renlit personnel or certified third-party identity processors to prevent fraud and impersonation.

iv. Professional Credentials: Users seeking Expert status (Health, Law, Finance) must submit proof of licensure (e.g., Medical License, Bar Registration).

d. Transaction Data: Information mandatory for the efficient processing of remunerations pertaining to Paid Services, which may incorporate financial instrument details (handled exclusively by specialized third-party processors), billing coordinates, currency of transaction, and a complete history of financial interactions. The Entity does not retain full primary account numbers or card security codes; only truncated data and transaction tokens are utilized for recurring billing management.

e. Communications: Formal documentation of all correspondences exchanged with the Entity, including detailed submissions for customer support inquiries, formal appeals against policy enforcement decisions, and the structured provision of operational feedback. These records are retained to establish an auditable trail for service quality assessment and resolution integrity.

f. Third-Party Account Data (Social Login): If you choose to register or log in using a third-party account (e.g., Google, Apple, X/Twitter), you authorize us to collect specific authentication data provided by that third party, such as your full name, email address, profile avatar, and unique user ID. This data is used solely to establish your account and is treated with the same privacy protections as data you provide directly.

1.2. Information Collected Via Automated Processes

a. Usage Data: Comprehensive records detailing the precise manner in which the Platform is accessed and utilized, including patterns of interaction, session duration, timestamps of access, specific pages rendered, the Uniform Resource Locator (URL) of the referring digital source, and clickstream data. This telemetry is critical for performing feature adoption analysis, A/B testing, and identifying potential bottlenecks in the user experience workflow.

b. Device and Connection Information: Technical specifications such as the Internet Protocol (IP) address, type and version of web browser employed, operating system, unique device identifiers (e.g., UDIDs), and configured language settings. This data is leveraged to optimize content delivery and ensure platform compatibility across diverse hardware.

c. Push Notification Data: The Platform utilizes third-party services (specifically OneSignal) to facilitate the delivery of browser-based and device-level Push Notifications. To enable this functionality, we collect and process specific device identifiers. Users retain the absolute right to revoke consent for these notifications at any time via their browser or operating system settings.

d. Mobile Device Permissions: For users accessing Renlit via a mobile application (iOS/Android) or PWA, we may request specific permissions to enable core functionality:

i. Camera: Required solely for the purpose of taking identity verification selfies or capturing photos/videos for content uploads.

ii. Photo Library/Storage: Required to allow users to upload pre-existing media files to the Platform.

iii. Notifications: Required to deliver timely updates, alerts, and private message notifications.

You may grant or revoke these permissions at any time via your device's operating system settings; however, revoking them may limit functionality (e.g., inability to verify identity).

e. Cookies and Tracking Technologies: The Entity employs cookies and functionally similar technologies (e.g., web beacons, pixel tags) for the dual purposes of browser or device recognition, and sophisticated trend analysis. These technologies are categorized into functional groups: essential cookies (required for basic operation), analytical cookies (for performance monitoring), and personalization cookies (for content and advertisement tailoring). These mechanisms aid in Platform administration, monitoring user navigational movements across the interface, and aggregating generalized demographic statistics concerning the totality of the user base.

i. "Do Not Track" (DNT) Disclosure: Some web browsers transmit "do-not-track" signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Renlit does not currently respond to these signals or alter its data collection practices when a DNT signal is received.

SECTION 2. Utilization of Information

The compiled information is systematically utilized for the following core operational objectives, each of which is underpinned by a lawful basis for processing:

a. Service Provision: To meticulously operate, maintain, and provide the entire suite of Platform features (e.g., content display mechanisms, interaction facilitation, processing of financial transactions). This represents the primary contractual purpose for data usage.

b. Security and Integrity: To rigorously verify user identity, proactively mitigate and prevent fraudulent activities through behavioral analytics and anomaly detection, detect and address systemic violations of the Terms of Service and Community Guidelines, and fortify the integrity of the Platform’s security architecture.

c. Communication: To disseminate essential service announcements, critical security alerts, and administrative messages pertinent to account management. Where legally permissible, information is also leveraged for purposes of direct marketing, promotional offers, and targeted advertising based on inferred interests, from which users retain the full right to formally opt-out at any time via documented preference controls.

d. Personalization and Improvement: To systematically analyze usage metrics and aggregated behavioral data, diagnose technical malfunctions, and incrementally enhance the operational functionality, user experience, and content relevance delivered by the Platform. This process facilitates algorithmic adjustments to content feeds, personalized feature deployment, and optimized content curation.

e. Account Safety & Trust Scores: We utilize automated processing to analyze user behavior for the purpose of assigning internal "Trust Metrics." This internal scoring system evaluates the accuracy of a user's content reporting history.

i. High Accuracy: Users who consistently report genuine violations may receive priority status for their future reports.

ii. Reporting Misuse: Users found to be engaging in "weaponized reporting" or bullying via the report system may trigger automated suspension protocols, subject to human review.

This score is strictly internal and is not publicly visible to other users. This profiling is essential for maintaining the "Crowdsourced Compliance" safety model.

f. Legal Compliance: To ensure strict adherence to all applicable statutes, regulations, and judicial or legal processes (e.g., responding appropriately and proportionally to legitimate discovery requests from governmental or regulatory bodies, mandatory data retention).

g. Aggregated & Anonymized Data: The Entity utilizes data that has been strictly anonymized, aggregated, or de-identified—rendering it technically impossible to trace back to any specific individual—for the purposes of internal financial forecasting, market trend analysis, business growth projections, and investor reporting. This anonymized dataset is legally distinct from Personal Information and is processed to ensure the long-term economic viability of the Platform.

SECTION 3. Data Dissemination and Disclosure

Information dissemination is strictly restricted to defined and necessary circumstances, ensuring that all requisite protective safeguards are rigorously implemented to preserve data confidentiality during transfer:

a. With Other Users: Information designated as public (such as the chosen profile denomination, profile biographical details, publicly accessible User Content, and approximate geographical location) is intentionally made available to other Platform users to facilitate community interaction.

b. With Third-Party Providers: Data is shared with vendors, service providers, and specialized consultants executing professional services on behalf of the Entity. These third parties are bound by strict contractual stipulations, including data processing agreements, to preserve the confidentiality of the data and restrict its utilization exclusively to the designated and agreed-upon purposes. Key providers include:

i. Stripe: For the secure processing of financial transactions.

ii. OneSignal: For the management and delivery of push notifications.

iii. Google Services (including but not limited to Analytics, Search Console, and reCAPTCHA): For usage analytics, search engine optimization (SEO), platform security (CAPTCHA), and bot mitigation.

iv. Cloudflare: For infrastructure security and DDoS protection.

v. AWS / GCP: For robust cloud infrastructure hosting and data storage.

c. Compliance with Legal Obligations: The Entity reserves the right to disclose user information only when legally compelled by a verified court order, subpoena, or valid search warrant issued by a competent authority. We review all such requests to ensure they are legally valid and narrowly tailored. We may also disclose data to:

i. Safeguard and defend the proprietary rights or valuable assets of Renlit Creationfest.

ii. Act decisively in exigent circumstances to secure the personal safety of users or the general public.

iii. Preemptively guard against potential legal liability or suspected criminal activity.

d. Corporate Restructuring: In the event of a merger, the comprehensive sale of corporate assets, a financing operation, or the acquisition of a material portion of the business by another entity, user information may be appropriately divulged to the prospective acquiring party and its authorized professional advisors as part of the due diligence process.

e. With Merchants (Order Fulfillment): When a user purchases a physical item via the Marketplace, we share necessary fulfillment data (specifically: Full Name and Shipping Address) strictly with the specific Verified Merchant responsible for that order. Merchants are contractually prohibited from using this data for any purpose other than shipping the order (e.g., they cannot use it for marketing or off-platform harassment).

f. Legal Enforcement & Collections: We may disclose user information (including Transaction Data, IP addresses, and communication logs) to legal counsel, debt collection agencies, or banking institutions if deemed necessary to:

i. Enforce our Terms of Service (including the investigation of "Friendly Fraud" or chargeback abuse).

ii. Recover debts or unpaid fees owed to the Platform.

iii. Establish, exercise, or defend our legal rights against claims or lawsuits.

SECTION 3.1. Use of Data for AI/ML

Renlit maintains a strict "User-First" data philosophy. Notwithstanding the usage descriptions in Section 2, the following prohibitions apply without exception:

a. No Sale of Data: We do not, and will never, sell, rent, license, or trade your Personal Information or User Content to data brokers, advertising agencies, or third-party entities for their independent marketing purposes.

b. No Generative AI or Machine Learning Training: Renlit does not utilize your User Content (including but not limited to artwork, creative writing, and private messages) to train, fine-tune, or improve Artificial Intelligence (AI) or Machine Learning (ML) systems designed for generative content creation (e.g., Large Language Models, Image Generators, Voice Synthesis).

i. Clarification: We use internal algorithms and non-generative machine learning solely for operational content delivery (e.g., feed ranking, search indexing, moderation automation). Your creative work remains your own and is not used to build generative products that could compete with you.

c. Third-Party Restrictions: Our contracts with third-party service providers (e.g., Cloudflare, Google) strictly prohibit them from utilizing Renlit user data for their own AI/ML model training purposes.

SECTION 4. Data Retention Principles

Personal information is retained only for the duration that the corresponding account remains active or for the period deemed technically necessary to furnish the Platform services. The Entity is furthermore obligated to retain and utilize user information as required to satisfy ongoing statutory duties (e.g., tax reporting), facilitate the expedient resolution of legal disputes or investigations, and enforce standing contractual agreements.

Upon the formal cessation or closure of an account, data is generally subject to prompt deletion or irreversible anonymization within a defined grace period. However, records pertinent to critical legal obligations (e.g., transaction documentation, auditable history of content moderation actions, aggregated statistics) may be preserved for extended durations as necessitated by prevailing regulatory mandates, even after the user relationship has concluded.

Wallet & Virtual Currency: We retain account activity timestamps ("Last Active Date") to manage the lifecycle of Virtual Items and Wallet Balances. If an account remains inactive for the statutory period defined in our Terms of Service (e.g., 24 months), associated wallet data may be purged or forfeited in accordance with our abandonment policy.

SECTION 5. User Data Rights

Contingent upon the user's geographical jurisdiction (e.g., European Union/European Economic Area, California), specific, non-waivable rights concerning personal data may be exercisable, provided the user can successfully verify their identity:

a. Right to Access: The prerogative to formally request copies of the personal data currently maintained by the Entity, along with information regarding the source, purpose, and recipients of such data.

b. Right to Rectification: The prerogative to formally request the prompt correction of any demonstrably inaccurate or incomplete personal data records retained by the Entity. Please Note: If you exercise your right to rectify critical identity fields (such as your Legal Name or Date of Birth) that were previously used to verify your account, your Verified Status (and associated privileges like Merchant access) will be automatically revoked to ensure the integrity of our identity system. You will be required to undergo re-verification with your updated information.

c. Right to Erasure (“Right to be Forgotten”): The prerogative to formally request the complete deletion of personal data, subject strictly to essential legal and contractual exceptions that prevent immediate removal (e.g., freedom of expression, legal claims, anti-fraud measures).

d. Right to Restriction of Processing: The prerogative to formally request that the Entity limit the scope of data processing under specified conditions, such as when the accuracy of the data is contested or the processing is unlawful but deletion is not requested.

e. Right to Data Portability: The prerogative to formally request that the data collected, which was provided based on consent or contract, be transferred to an alternative organization, or directly furnished to the user, in a structured, commonly used, and machine-readable format, contingent upon certain technical criteria.

f. Right to Object: The prerogative to formally object to the processing of personal data, particularly when such processing is predicated upon stated legitimate interests (including profiling) or directed for overt direct marketing purposes.

To effectuate the exercise of any of these enumerated rights, users are formally directed to contact the Entity utilizing the dedicated channels provided in Section 11. The Entity undertakes to respond to all such requests with the appropriate legal review and necessary action within the legally mandated response timeframe.

SECTION 6. Security Measures & Administrative Access

The Entity implements industry-standard technical and organizational security protocols specifically designed to systematically safeguard user information from accidental loss, unauthorized access, deliberate misuse, systemic alteration, and subsequent destruction. This comprehensive security program is subject to continuous monitoring and review. These robust measures encompass:

a. Encryption: The rigorous application of TLS/SSL encryption for data transmission across the network perimeter and the deployment of robust, current-generation encryption algorithms (e.g., AES-256) for data maintained at rest in core storage infrastructure (e.g., cryptographically hashed passwords).

b. Secure Storage of Identification Data: As detailed in Section 1.1, sensitive identity verification documents (Government IDs) are strictly segregated from standard user data. Once verified, these assets are moved to offline or air-gapped storage environments, ensuring they are inaccessible to internet-based threats or unauthorized remote access.

c. Access Controls: The rigorous implementation of strict, role-based access control policies, ensuring that only appropriately authorized personnel are granted access to sensitive user data repositories based on the principle of least privilege.

d. Administrative Safety Oversight: For the sole purpose of safety enforcement, legal compliance, and fraud prevention, Renlit Administrators retain administrative oversight rights. This includes the ability to:

i. Review Content: View user content, including files and private messages, only when triggered by a verified user safety report or a specific investigation into severe violations of our Terms (e.g., financial fraud, criminal activity). We do not randomly browse private user content.

ii. Metadata Access: View user metadata, including IP addresses and device identifiers.

iii. Enforcement: Modify or delete any post, file, or content that violates Community Guidelines or Terms of Service.

e. Internal Confidentiality Controls: Privacy does not equate to absolute anonymity from the platform operator. However, strict internal controls are enforced. Administrators and Moderators are strictly prohibited from sharing any user data (including IP addresses, personal files, or private messages) with any third party or external entity without Renlit’s explicit written consent. Any breach of this protocol results in immediate termination and legal action against the personnel involved.

f. Security Incidents: In the event of a confirmed breach of security, we will provide notifications to affected parties only if and to the extent strictly mandated by applicable statutory law. The timing, content, and method of such notification shall be determined at our discretion, consistent with the requirements of law enforcement and the need to determine the scope of the incident.

i. User Responsibility (Data Sensitivity): You acknowledge that no digital transmission or storage system is entirely secure. You expressly agree that you shall not submit, upload, post, or store any information on the Platform—whether in public posts or private communications—the unauthorized disclosure of which would cause you material harm, financial loss, or distress. You assume all risks associated with the provision of data, and the Entity disclaims liability for the compromise of any information provided by you that was not strictly mandatory for the operation of the Service.

SECTION 7. Third-Party Links

The Platform may incorporate hyperlinked references to third-party external websites or independent services that are neither governed nor regulated by the provisions of this Privacy Policy. The Entity explicitly disclaims responsibility for the data handling practices, security measures, or content deployed by these external third parties. Users are strongly advised to meticulously review the privacy policies promulgated by any external sites visited prior to the submission of personal data.

SECTION 8. International Data Transfers

Renlit Creationfest functions as a globally operational Entity, necessitating the transfer of data across borders.

a. General Transfer: For the necessary provision of Platform services, user personal information may be lawfully transferred to, securely stored in, and processed within jurisdictions situated outside the user's country of residence. Data is primarily hosted in secure facilities located in the Asia-Pacific (APAC) region, with potential redundancy in the United States or other global regions to ensure service reliability.

b. Cross-Border Data Processing: Renlit respects the data sovereignty of its global user base. We enforce a strict Jurisdictional Nexus policy regarding government data requests:

i. Nexus Requirement: We will only process data requests from a government authority if the request pertains specifically to a citizen of that country or a crime committed within that country's jurisdiction.

ii. International Legal Requests: For requests involving a citizen of one country by the authorities of another (e.g., UK requesting data on a Singaporean citizen), we strictly refuse disclosure unless:

1. Treaty-Based Requests: The request is transmitted via official diplomatic channels (MLAT) and approved by the government/judiciary of the country where the user is a citizen or where Renlit is legally domiciled.

2. Legal Standards for Disclosure: The alleged offense must be a recognized crime in both the requesting jurisdiction and the user's home jurisdiction. This safeguards users from persecution for activities (such as political speech or religious expression) that may be criminalized abroad but are protected under their home laws.

iii. International Entities: We recognize binding orders from established International Courts, specifically the International Criminal Court (ICC) and the International Court of Justice (ICJ). Note: We do not provide user data solely based on Interpol Red Notices or foreign police requests without an accompanying valid court order from a jurisdiction with proper standing.

c. Safeguards: During the execution of cross-border data transfers, all necessary contractual and technical measures are undertaken to ensure an adequate level of data protection equivalent to the user’s home jurisdiction (e.g., Standard Contractual Clauses).

SECTION 9. Policy Amendments

This Privacy Policy may be subject to periodic, necessary amendments. Should the Entity institute material changes that substantively alter the user’s rights or obligations under this policy, formal notification will be provided by revising the "Effective Date" prominently located at the commencement of this document. Where deemed appropriate due to the significance of the alteration, supplementary notification may be issued (e.g., via conspicuous Platform interface notice or direct electronic mail correspondence). The user's continued engagement with the Platform subsequent to the effective date of the revised policy shall constitute formal acceptance of all such modifications.

SECTION 10. Age Restrictions and User Eligibility

10.1 Minimum Age (16+): Renlit is strictly intended for users who have reached the age of sixteen (16) years or older. We do not knowingly collect, maintain, or process Personal Information from users under the age of 16. If we become aware that a user under 16 has created an account in violation of this policy, we will immediately delete such information and terminate the associated account.

10.2 Authorized Minors (16–17): For users between the ages of 16 and 18, data is processed under the presumption of parental/guardian supervision. By permitting a minor to use the Platform, the parent or guardian consents to the data practices outlined in this Policy on the minor's behalf.

10.3 Parental Controls: Parents or guardians who believe a user under the age of 16 has created an account under their guardianship may contact us at legal@renlit.com to request immediate deletion.

SECTION 11. Data Controller and Contact Information

The officially designated data controller responsible for the management and oversight of personal information is:

For all inquiries concerning this Privacy Policy, the scope of data processing activities, or for the formal exercise of enumerated data rights, users are formally directed to contact the dedicated Data Protection Officer (DPO) or the Privacy Team via:

legal@renlit.com

Renlit Creationfest
(Renlit operates as a digital-first entity during its initial launch phase. Physical mailing addresses for legal service are available upon formal request to the legal department. All primary correspondence should be routed electronically.)

Política de Privacidade

Renlit Privacy Highlights