Privacy Policy

Who We Are

REN is operated by Hunpera Limited, a company registered in England and Wales, trading under the brand REN at ren.sc. References to "we", "us", or "our" in this policy refer to Hunpera Limited as the data controller for the personal information described below.

For privacy matters: [email protected]. For all other correspondence: [email protected].

What We Collect

We collect only what we need to operate the platform and to honour the relationship we have with members.

Account information. When you apply or are invited, we record your email address, the username you reserve, and any optional information you submit (Instagram handle, written application note, referral code).

Profile content. Once you become a member, we store the photographs, captions, tags, custom domain, and atmospheric metadata you choose to publish. You retain ownership of all such content. We hold only a limited, revocable license to display it on the platform on your behalf.

Subscription and billing. Payment processing is handled by Stripe. We never see or store your card details. Stripe shares with us only the billing email, plan, country, and the events necessary to keep your subscription state correct (active, past due, cancelled).

Usage and device data. We log pageviews, click events on your gallery and links, the device and browser used, and an approximate geographic region derived from your IP address. We use the MaxMind GeoLite2 database for this lookup. We do not store your raw IP address beyond the lifetime of a session.

Cookies and similar technologies. We use the smallest set of cookies that allow the site to function: a session cookie, a CSRF token cookie, and a Cloudflare Turnstile challenge cookie on public forms. We do not set advertising cookies. We do not embed third-party trackers.

How We Use This Information

We process your data to provide the service you signed up for: to authenticate you, to display your gallery, to run analytics for your dashboard, to process subscription payments, to detect fraud and abuse, to honour data subject requests, and to send transactional email such as receipts and account notifications.

We use legitimate interest as the lawful basis for most operational processing under UK GDPR and EU GDPR. We use contract as the lawful basis for processing required to deliver the subscription you have purchased. We rely on your consent for any optional newsletter subscription, and you can withdraw that consent at any time using the unsubscribe link.

Sharing With Third Parties

We do not sell, rent, or trade your personal information. The third parties below process data on our behalf under appropriate contractual safeguards.

Stripe for subscription billing and Strong Customer Authentication. Cloudflare for DNS, CDN, WAF, and Turnstile bot protection. Cloudflare R2 for storage of your uploaded photographs. Google (Gemini) for the optional AI Caption suggestions and Aesthetic Guard image review, processed without retention by Google's published policy. GlitchTip for self-hosted error monitoring on our own infrastructure. Apple for iOS in-app purchases via StoreKit, where applicable.

We may also disclose information when required by law, in response to a valid legal request, or where strictly necessary to protect the rights, property, or safety of REN, our members, or the public.

Where Your Data Is Stored

The platform runs on infrastructure located within the European Union (Hetzner, Falkenstein, Germany). Backups are encrypted and stored in Cloudflare R2. Where any third-party processor transfers data outside the United Kingdom or the European Economic Area, that transfer is governed by the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an equivalent safeguard.

How Long We Keep It

Active account and profile data is retained for as long as your subscription is active. If you delete your account, we erase your profile, photographs, and metadata within ninety days, and we erase encrypted backups containing that data within thirty days of their natural expiry. Your REN Number is permanently archived in your name and is never reissued; this is a deliberate part of how the service works.

Transactional records (invoices, refunds, tax records) are retained for the period required by United Kingdom statutory law, currently six years.

Your Rights

Under UK GDPR and EU GDPR you have the right to access the personal data we hold about you, to request correction or erasure, to object to or restrict our processing, to receive a portable export of your data, and to withdraw any consent you have previously given. To exercise any of these rights, write to [email protected]. We aim to respond within thirty days.

If you are not satisfied with our response, you may complain to the Information Commissioner's Office in the United Kingdom or to your local data protection authority within the European Union.

Children

REN is not intended for use by anyone under the age of eighteen. We do not knowingly collect personal information from children. If you believe a child has submitted information to us, please write to [email protected] and we will erase it.

Changes to This Policy

We may revise this policy from time to time. The date at the top of this page reflects the most recent revision. Where a change materially affects your rights or the way we process your data, we will notify members by email at least thirty days before the change takes effect.

Contact

Hunpera Limited, trading as REN, London, United Kingdom. Privacy enquiries: [email protected]. General enquiries: [email protected].