Data Policy

1. Account and Workspace Data

When you create a Renprofile account, we collect your full name, email address, and a hashed password. During onboarding, you provide additional business information: your business name, industry, website URL, and phone number. This information is stored in your workspace profile and is used to personalise your experience, identify your workspace, and communicate with you about the service.

Each account belongs to a workspace. A workspace holds your team members, connected channels, conversations, contacts, and AI agent configuration. Workspace data is logically isolated; members of one workspace cannot access data belonging to another.

Workspace members are assigned one of three roles: owner, admin, or agent. Role assignments determine what data each member can view and what actions they can perform. Owners and admins have access to all conversations, channel settings, billing, and team management; agents see only conversations assigned to them.

2. Conversation and Message Data

The core of Renprofile is the shared inbox. Every inbound and outbound message processed through the platform is stored as a conversation record with associated message records. The following data is captured for each conversation:

• Customer identifier: phone number (WhatsApp), external user ID (Instagram, Facebook, TikTok), or a session identifier (Beacon web widget)
• Customer display name, where provided by the messaging platform
• Platform source: WhatsApp, Instagram, Facebook, TikTok, Beacon, or Email
• Conversation status: active, needs attention, escalated, or closed
• Assignment: which team member the conversation is assigned to
• Tags applied to the conversation
• Unread message count and last message timestamp
• AI-generated conversation summary (see Section 5)

Each message within a conversation stores the following:

• Message content (text body)
• Message type: text, image, video, audio, document, sticker, or voice note
• Sender type: customer, human agent, AI agent, or system
• Delivery status: sent, delivered, read, failed, or scheduled
• Scheduled send time, if the message was queued for later delivery
• Media URL, caption, MIME type, and file size for media messages
• Name and email of the team member who sent the message, for human-sent messages
• Timestamp of creation

Message data is stored in our database and updated in real time via Supabase Realtime subscriptions; this enables live conversation updates across all team members viewing the same inbox simultaneously.

3. Channel and Integration Data

Renprofile supports connections to external messaging platforms. When you connect a channel, we store the credentials and identifiers necessary to send and receive messages on your behalf. The specific data stored depends on the platform:

Channel connection status is tracked as one of four states: connected, disconnected, error, or pending. Access tokens and credentials are stored encrypted and are used exclusively to operate the channel on your behalf.

4. Team Member Data

When you invite a team member to your workspace, we store their full name, email address, role, profile image, and the user ID linking them to their Renprofile account. This information is used to display assignee names in the inbox, attribute messages to the correct sender, and enforce role-based access controls.

When a human agent sends a message, their name and email are stored alongside that message record; this creates an audit trail of which team member sent each outbound message.

Team member data is visible to workspace owners and admins. Agents can see the names of other members for assignment purposes but do not have access to their full profile details.

5. AI Agent Data

Renprofile includes an AI agent that can respond to customer conversations automatically. The AI agent is configured per workspace and can be enabled or disabled on a per-conversation basis. The following data is involved in AI agent operation:

• Your AI agent configuration: the agent's persona, instructions, and any knowledge base content you provide
• Conversation message history: passed to the AI model as context when generating responses
• AI-generated conversation summaries: stored on the conversation record and visible to agents in the sidebar as "Agent Notes"
• Escalation events: when the AI agent determines a conversation requires human attention, the conversation status is updated to escalated and the assigned agent is notified
• Agent enable/disable state: stored per conversation, allowing agents to turn off the AI for specific conversations without affecting others

Conversation content sent to the AI model is processed by xAI (Grok) under strict data processing agreements. Message content is used solely to generate responses and summaries within your workspace; it is not used to train general-purpose AI models or shared with other customers.

The AI Sandbox feature allows workspace admins to test the AI agent in an isolated environment before enabling it on live conversations. Sandbox interactions are stored separately and do not affect live conversation data.

6. Customer Contact Data

Customer data is created when a conversation is initiated; either inbound from a customer or outbound from your team. The platform stores the minimum identifiers necessary to route and display conversations: phone number or external user ID, display name where available, and the platform the conversation originated from.

Agents can add notes to a conversation (stored as the conversation summary field) and apply tags to categorise conversations. These are stored on the conversation record and are visible to all workspace members with access to that conversation.

Renprofile does not independently collect or enrich customer contact data beyond what is provided through the messaging platforms you connect. You are responsible for ensuring that your use of customer data complies with applicable laws and the terms of the messaging platforms you use.

7. Billing and Subscription Data

Subscription and billing information is processed by our third-party payment provider. Renprofile stores your current subscription plan (free, starter, or pro), billing cycle, and payment method status. We do not store full card numbers or sensitive payment credentials; these are held exclusively by our payment processor under PCI-DSS compliance.

Subscription plan data is used to enforce feature limits, display your current plan in the billing settings, and determine trial status. Trial expiry is tracked and enforced at the workspace level.

8. Usage and Analytics Data

We collect aggregated usage data to operate and improve the platform. This includes inbox statistics such as total assigned conversations, escalated conversation count, resolved conversation count, and conversations assigned to each team member. These statistics are displayed in the navigation sidebar and help teams understand their workload at a glance.

We may use third-party analytics tools to understand how the platform is used at an aggregate level. These tools collect anonymised interaction data such as page views and feature usage; they do not have access to message content or customer data.

The AI Insights feature, accessible to admins, surfaces patterns and signals derived from conversation data within your workspace. These insights are generated from your own data and are not shared with or derived from other customers' data.

9. File and Media Storage

Media files shared in conversations, including images, videos, audio messages, voice notes, and documents, are stored in our cloud storage infrastructure. Each file is associated with the message and conversation it belongs to and is accessible only to members of your workspace.

The Storage section of the workspace dashboard provides visibility into files stored within your workspace. Storage usage is tracked per workspace and may be subject to limits depending on your subscription plan.

Media files received from customers via messaging platforms are stored as received. We do not scan, analyse, or process the content of media files beyond what is necessary to store and display them.

10. Data Location and International Transfers

All workspace, conversation, message, and media data is stored on Supabase infrastructure hosted in the United States (US East region). If you are accessing Renprofile from outside the United States, your data will be transferred to and processed in the US.

AI agent requests are processed by xAI, whose infrastructure is also located in the United States. By using the AI agent feature, you acknowledge that conversation content will be transmitted to xAI for processing.

We take appropriate steps to ensure that international data transfers are handled in accordance with applicable data protection laws.

11. Real-Time Data Processing

Renprofile uses real-time database subscriptions to push updates to connected clients instantly. When a new message arrives, all team members viewing the relevant conversation or inbox receive the update without needing to refresh; this applies to new conversations, message updates, conversation status changes, and assignment changes.

Beacon conversations include a presence feature. When a visitor is active on your website, their online status and current page URL are transmitted to the platform and displayed to agents in real time. This presence data is ephemeral: it is not stored persistently and is only visible while the visitor is active.

Real-time subscriptions are scoped to your workspace; a team member can only receive real-time updates for conversations and data within their own workspace.

12. Data Retention and Deletion

Conversation and message data is retained for the lifetime of your workspace. Resolved conversations remain accessible in the Resolved inbox view and are not automatically deleted; this allows teams to reference historical conversations for context and compliance purposes.

We do not currently enforce an automatic deletion schedule after account closure. If you close your account or workspace and wish for your data to be deleted, you must submit an explicit deletion request; we will process verified requests within 30 days. We may retain certain data beyond that period where required by law or to resolve outstanding disputes.

To request deletion of specific data or your entire workspace, contact us at the address in Section 17.

13. Data Access Controls

Access to data within Renprofile is controlled by workspace roles. The following access model applies:

• Owners and admins: full access to all conversations across all channels, team management, channel and integration configuration, billing, and AI agent settings
• Agents: access limited to conversations assigned to them; no access to channel settings, billing, or team management
• Unassigned conversations: visible to owners and admins only; agents cannot see them until a conversation is assigned to them

Ren Limited staff do not access customer workspace data except when required to provide technical support, investigate security incidents, or comply with legal obligations. Any such access is logged and subject to internal access controls.

14. Third-Party Subprocessors

We rely on a limited set of trusted third-party providers to operate the platform. These providers process data only as necessary to deliver their services and are bound by data processing agreements. Our current subprocessors by category are as follows:

• Database and real-time infrastructure (Supabase, US East): storing and synchronising workspace, conversation, and message data
• Cloud storage (Supabase Storage, US East): storing media files attached to messages
• AI model provider (xAI / Grok): processing conversation content to generate AI agent responses and summaries
• Payment processor: handling subscription billing and payment method storage
• Messaging platform APIs: Meta (WhatsApp, Instagram, Facebook), TikTok, and email providers through which messages are sent and received
• Customer support tooling: managing support interactions with our own customers

We do not sell data to third parties or share data with advertising networks.

15. Your Data Rights

As a Renprofile customer, you retain ownership of all data processed through your workspace. You may exercise the following rights at any time:

• Access: request a copy of the data we hold about your account and workspace
• Correction: update inaccurate account or business information through your account settings or by contacting us
• Deletion: request deletion of your account, workspace, or specific data records
• Portability: request an export of your conversation and contact data; exports are currently fulfilled manually by our support team, contact us to request one
• Restriction: request that we restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at the address below. We will respond to verified requests within 30 days.

16. Changes to this Policy

We may update this Data Policy as the platform evolves. When we make material changes, we will update the date at the top of this page and may notify you through the platform or by email. Continued use of Renprofile after changes are posted constitutes acceptance of the updated policy.

17. Contact