Privacy Policy
This Privacy Policy explains how BatchRender (the "Software" and the "Website" together, the "Service") collects, uses, shares, and protects your personal data. We aim to collect as little personal data as possible and to be transparent about every category we handle. This Policy is written to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and equivalent laws.
1. Summary at a Glance
- The Software runs locally on your device and processes your media files only on your device. We never receive, store, or have access to the files you process.
- We do not sell or rent your personal data to anyone, ever.
- We use a small number of trusted service providers (listed in Section 5) for payments, license keys, hosting, and email forwarding.
- We do not use advertising trackers or behavioural-profiling cookies.
- You have full GDPR rights including access, correction, deletion, and the right to lodge a complaint with a supervisory authority.
2. Personal Data We Collect
We collect only the categories of personal data that are necessary for the purposes described in this Policy.
2.1 Data you provide directly
- Purchase data — name, email address, billing country, and the last four digits of your payment method or transaction reference. This data is collected by our Merchant of Record (Lemon Squeezy) and shared with us in summary form to issue your licence.
- Licence-key data — an opaque licence-key string and the email address you provided at purchase, used to activate the Software.
- Support communications — the content of any email or message you send to support@batchrender.com, including your email address and any information you choose to share.
2.2 Data collected automatically by the Software
- Licence-activation requests — when you activate or re-validate your licence, the Software contacts our licence-management provider with your licence key, a non-personal device fingerprint generated locally on your device for the sole purpose of enforcing the per-device limit of your plan, and the public IP address of the request (collected automatically by the network, retained briefly for fraud-prevention).
- Update checks — the Software may query a public release endpoint to inform you of new versions. The endpoint receives only the public IP address and standard HTTP headers, which it retains in standard server logs.
- No telemetry, no analytics, no crash reports. The Software does not contain any analytics SDK, telemetry collector, or automatic crash-reporting tool. We do not track how you use the Software, the names of files you process, or the contents of your projects. If we ever introduce optional telemetry, it will be off by default and require your prior opt-in consent.
2.3 Data collected automatically by the Website
- Server logs — our hosting provider receives standard HTTP request information (IP address, user agent, requested URL, timestamp) for security and reliability. These logs are retained for short periods by the provider in accordance with their own policies.
- Privacy-friendly visitor measurement — we may use a cookieless, privacy-friendly analytics service (currently Cloudflare Web Analytics) to count page views and measure aggregate site performance. This service does not set cookies, does not track users across sites, and does not build individual profiles. Because no individual user is identified, no consent banner is required under EU ePrivacy rules.
- Local browser storage — we store your selected interface language (e.g. "en", "ru", "zh") in your browser's
localStorageso the site loads in your preferred language on return visits. This data never leaves your browser.
3. Why We Process Your Data and Legal Bases
Under Article 6 GDPR, every processing activity must rely on a specific legal basis. The table below maps each purpose to its basis.
| Purpose | Data | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Process your purchase and deliver your licence | Purchase data, licence-key data | Performance of a contract — Art. 6(1)(b) |
| Validate your licence on activation | Licence key, device fingerprint, IP | Performance of a contract — Art. 6(1)(b) |
| Comply with tax, accounting and consumer-protection law | Purchase records | Legal obligation — Art. 6(1)(c) |
| Provide support and respond to your enquiries | Support communications | Performance of a contract / legitimate interest — Art. 6(1)(b)/(f) |
| Operate, secure, and improve the Website | Server logs, aggregate analytics | Legitimate interest — Art. 6(1)(f) |
| Detect and prevent fraud or abuse | Licence-key activity, IP | Legitimate interest — Art. 6(1)(f) |
Where we rely on legitimate interest, we have weighed our interest against your fundamental rights and considered that the processing is limited to what is strictly necessary, that no profiling occurs, and that you can object at any time (see Section 8).
4. Data We Never Collect
- The contents of your media files. All rendering happens on your device; your videos, audio and images are never uploaded to our servers.
- Project metadata. File names, durations, codecs, render queues, and pipeline configurations stay on your device.
- Special-category data. We do not knowingly process health, biometric, racial, religious, political, or sexual-orientation data.
- Children's data. The Service is not directed at children under 16 and we do not knowingly collect personal data from children.
5. Service Providers (Sub-processors)
We rely on the following service providers to operate the Service. Each provider is bound by a data-processing agreement and processes data only on documented instructions from us. Data may be transferred to providers based outside the European Economic Area (typically the United States) under appropriate safeguards, including the EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
| Provider | Purpose | Region |
|---|---|---|
| Lemon Squeezy | Payments and Merchant of Record. Collects purchase data and processes payment. | USA (privacy) |
| Keygen | Licence key generation, validation, and per-device activation enforcement. | USA (privacy) |
| Vercel | Website hosting and content delivery. | USA (privacy) |
| Cloudflare | DNS, email forwarding for the support@ inbox, and (optionally) cookieless website analytics. | USA (privacy) |
| GitHub | Public hosting of installer downloads (.dmg, .exe) and release notes. Receives only standard request data when you download. | USA (privacy) |
| Receives the support@ inbox via Cloudflare Email Routing (forwarding destination). Subject to Gmail's privacy terms. | USA (privacy) |
We will update this list when we add or change a service provider. If we ever need to introduce a new category of provider that materially changes how we process your data, we will notify you in advance.
6. Retention Periods
- Purchase records — retained for as long as required by Cyprus and EU tax and accounting law (typically up to seven years from the end of the relevant financial year).
- Licence-key records — retained for the lifetime of the licence and for a reasonable period thereafter to honour eligible re-activations and refund requests.
- Support communications — retained for up to 24 months after the issue is closed, for quality and warranty purposes.
- Server logs — retained for short periods set by each hosting provider in their own privacy policies.
- Aggregate analytics — retained without identifying you individually; no individual profile is retained.
When the retention period ends, we delete or irreversibly anonymise the data, subject to our legal obligations to keep specific records for longer.
7. International Data Transfers
Some of our service providers (Section 5) are based in the United States. When we transfer personal data outside the European Economic Area, we rely on the following safeguards under Articles 44–49 GDPR: (a) the EU Standard Contractual Clauses (2021/914/EU); (b) where the recipient has self-certified, the EU-US Data Privacy Framework adequacy decision; and (c) supplementary technical and organisational measures where appropriate. You may request a copy of the relevant transfer mechanism by contacting us.
8. Your Rights under GDPR
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with comparable laws, you have the following rights regarding your personal data:
- Access (Art. 15) — request a copy of the personal data we hold about you.
- Rectification (Art. 16) — ask us to correct inaccurate or incomplete data.
- Erasure (Art. 17) — ask us to delete your personal data, subject to legal-retention obligations.
- Restriction of processing (Art. 18) — ask us to limit how we use your data while a request is reviewed.
- Data portability (Art. 20) — receive your data in a structured, machine-readable format and have it transferred to another controller where technically feasible.
- Object (Art. 21) — object to processing based on legitimate interest, including the right to object at any time and free of charge.
- Withdraw consent (Art. 7) — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Lodge a complaint (Art. 77) — file a complaint with a supervisory authority. The competent authority for Cyprus is the Office of the Commissioner for Personal Data Protection; you may also contact the supervisory authority of your country of residence or work.
To exercise any of these rights, write to support@batchrender.com. We will respond within one month and we do not charge for normal requests. We may need to verify your identity before disclosing personal data.
9. California Residents (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, to request deletion, and to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information in the meaning of the CCPA or CPRA. To exercise your California rights, write to support@batchrender.com.
10. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS/TLS), restricted access to administrative interfaces, the use of established service providers with industry-recognised security certifications (e.g. SOC 2), and the principle of data minimisation. No system is completely secure; if we ever become aware of a personal-data breach that is likely to result in a risk to your rights, we will notify the competent supervisory authority within 72 hours and, where required, also notify you.
11. Cookies and Local Storage
The Website does not set advertising or behavioural-tracking cookies. The only client-side storage we use is browser localStorage to remember your selected language; this is strictly necessary for the language switcher to work and is not shared with anyone. The optional cookieless analytics described in Section 2.3 does not set cookies and does not require consent under EU ePrivacy rules.
12. Automated Decision-Making
We do not subject you to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Automatic licence-key validation is technical enforcement of the contract you entered into and does not result in such effects.
13. Changes to this Policy
We may update this Privacy Policy from time to time. The version number and effective date are shown at the top. Material changes will be communicated through the Software or Website at least thirty (30) days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.
14. Contact
For any privacy-related question, request, or complaint: support@batchrender.com. The Service is small and operated by an independent developer; we will respond personally and promptly.