RenderCurve

Last updated: April 2026

1. Scope and Purpose

This Data Processing Agreement ("DPA") forms part of the agreement between RenderCurve (operated by Pranav Pravin Mandlik) and users of the Service ("Data Controller") regarding the processing of personal data. This DPA applies where RenderCurve processes personal data on behalf of users in the course of providing the Service, particularly in relation to connected platform data from YouTube and Instagram.

2. Definitions

"Data Controller" means the user who determines the purposes and means of processing personal data (you, the creator using RenderCurve).

"Data Processor" means RenderCurve, which processes personal data on behalf of the Data Controller.

"Personal Data" means any information relating to an identified or identifiable natural person as defined under applicable data protection law.

"Processing" means any operation performed on personal data, including collection, storage, use, and deletion.

"Sub-processor" means any third party engaged by RenderCurve to process personal data in connection with the Service.

3. Data Processing Details

Category	Data types	Purpose	Retention
Platform analytics	YouTube/Instagram metrics	Strategy generation and performance monitoring	30 days raw, indefinite derived
Account data	Name, email, subscription	Service provision and billing	Duration of account
Generated content	Scripts, strategies, titles	Display to user	Duration of account
Usage logs	Tool usage, timestamps	Debugging, service improvement	30 days then anonymised

4. RenderCurve Obligations as Data Processor

Process personal data only on documented instructions from the Data Controller (i.e., as described in the Privacy Policy and these Terms).
Ensure all personnel with access to personal data are bound by appropriate confidentiality obligations.
Implement appropriate technical and organisational security measures as described in the Privacy Policy.
Not engage sub-processors without informing the Data Controller (our sub-processors are listed in the Privacy Policy).
Assist the Data Controller in responding to data subject requests within required timeframes.
Delete or return all personal data upon termination of the agreement, unless legally required to retain it.
Notify the Data Controller of any personal data breach without undue delay.

5. Sub-processors

RenderCurve engages the following sub-processors. By using the Service, the Data Controller authorises their use:

Sub-processor	Location	Processing activity
Supabase Inc.	USA	Database storage and user authentication
Paddle.com Market Limited	UK	Payment processing and subscription management
Anthropic PBC	USA	AI content generation processing
Google LLC	USA	YouTube API, Analytics API, Gemini API
Meta Platforms Inc.	USA	Instagram Graph API

6. Data Subject Rights

RenderCurve will assist the Data Controller in fulfilling data subject rights requests (access, correction, deletion, portability) within 7 days of receiving a verified request. Requests should be submitted to privacy@rendercurve.com.

7. Security Incident Notification

In the event of a personal data breach affecting data processed under this DPA, RenderCurve will notify the affected user without undue delay and in any case within 72 hours of becoming aware of the breach, where feasible. Notification will include the nature of the breach, categories of data affected, and measures taken or proposed to address the breach.

8. Contact

For data processing enquiries and legal notices:

Privacy: privacy@rendercurve.com

Legal: legal@rendercurve.com