RenderConf Privacy Policy
Effective date: July 1, 2026
RenderConf ("RenderConf," "the app," "we," "us," or "our") lets you monitor, preview, and control your Blender renders from a phone or web browser. This policy explains, plainly and specifically, what RenderConf does and does not do with information. We have written it to avoid overclaiming: if something is listed as "not collected," we genuinely do not collect it.
What RenderConf does
RenderConf has three parts:
- A Blender add-on that runs on your render PC.
- A relay (a Cloudflare Worker with one isolated Durable Object per device) that acts as a blind pass-through between your PC and your phone or browser. Zero network setup is required on your end.
- A mobile and web app (Android, iOS, and a browser-based web app) that shows render progress, previews, and stats, and lets you send control commands back to Blender.
You pair a phone or browser to a render PC using a 6-digit code or a QR code. There are no user accounts. Pairing is per device.
Data we do NOT collect
We want to be explicit about this, because it is unusual:
- No user accounts. There is no login, no sign-up, no username, and no password.
- No email, name, or profile. We never ask for or store personal profile information.
- No analytics. We do not use analytics or telemetry SDKs to study how you use the app.
- No advertising. There are no ads and no advertising identifiers.
- No tracking. We do not track you across apps, websites, or over time, and we do not build user profiles.
- No data sale. We do not sell your information, and we do not share it for cross-context behavioral advertising.
- No third-party SDKs beyond the tooling required to build and deliver the app (Expo/EAS, listed under Sub-processors).
What IS processed, and why
On your device
RenderConf requests only the on-device permissions it needs to function. Data tied to these permissions stays on your device and is used only for the stated purpose.
- Camera: used only to scan the pairing QR code. RenderConf does not record, store, or transmit video or photos from your camera. Access is used at the moment of scanning and nothing else.
- Photos / media (write-only): used only to save rendered frames that you explicitly choose to export to your device's photo library or storage. RenderConf does not read, browse, or upload your existing photos.
- Notifications: used to show local render-finished and render-failed alerts on your device. These are best-effort local notifications generated on the device; there is no push-notification server, and we do not maintain a device push token on our servers.
On the relay
The relay's job is to pass messages between your PC and your app. It is designed to hold as little as possible, for as short a time as possible.
- Ephemeral pairing and session tokens. For each paired device, its Durable Object stores only short-lived operational values needed to route your session: a device identifier (
deviceId), an agent token (agentToken), an app token (appToken), and a short-lived pairing secret. These are session tokens, not identity data: they exist to connect your PC and your app, and they are automatically expired (TTL'd). - Transient IP address. When your device connects, the relay transiently sees the connecting IP address. It is used only for rate-limiting and abuse prevention and is not retained as part of a user profile.
- Render telemetry (routed, not mined). Render information (progress, GPU/CPU/RAM statistics, and preview frames) flows between your phone and your PC through the relay so you can watch and control renders remotely. The relay routes this traffic; it is not used to profile you, is not sold, and is not shared for advertising.
End-to-end encryption for QR pairing
When you pair using a QR code, the session is end-to-end encrypted using ChaCha20-Poly1305 (an authenticated-encryption AEAD scheme). For QR-paired sessions, the relay only ever sees ciphertext and cannot read the contents of your session. All traffic is additionally protected in transit by standard TLS.
Sub-processors
We rely on a small number of infrastructure providers to operate RenderConf. We do not use any third-party advertising, analytics, or tracking services.
- Cloudflare: hosts the relay (Worker + Durable Objects) and hosts our web pages and web app (Cloudflare Pages). Cloudflare processes the routed traffic and transient connection metadata (such as IP) described above.
- Expo / EAS: used to build the app and to deliver over-the-air (OTA) app updates.
- Stripe: processes payments when you buy RenderConf on our website. Stripe handles your payment details under its own privacy policy; we receive only the transaction record and checkout email needed to deliver your purchase.
Each sub-processor handles data under its own terms and security practices, solely to provide the infrastructure above.
Data retention
- Pairing and session tokens on the relay are ephemeral and automatically expire via a time-to-live (TTL). When a session ends or its tokens expire, that state is cleared.
- Transient IP data is used in the moment for rate-limiting and abuse prevention and is not compiled into a user profile.
- Render telemetry is passed through for live viewing and is not retained by us as a stored archive of your activity.
- On-device data (such as exported frames) remains on your device under your control until you delete it.
Because there are no accounts and no user profiles, we do not maintain a long-term store of personal data about you.
Children's privacy
RenderConf is a tool for people working with 3D render software and is rated suitable for general audiences (4+ / Everyone). It is not directed at children, and we do not knowingly collect personal information from children. Since RenderConf has no accounts and collects no personal profile information, it does not gather the kind of data typically associated with children's privacy concerns. If you believe a child has somehow provided personal information through RenderConf, please contact us and we will address it.
Data deletion
Because RenderConf has no accounts, there is no personal profile to delete on our side.
- Unpair at any time from the app. Unpairing clears the local tokens on your device and the device's state on the relay.
- Relay pairing and session state also expires automatically via TTL even if you take no action.
- There is no server-side personal data for us to delete, because we do not store user accounts or profiles. Any data on your own device (for example, frames you exported) can be deleted by you directly on the device.
Security
- All communication between your PC, the relay, and your app is protected in transit with TLS.
- QR pairing is end-to-end encrypted with ChaCha20-Poly1305, so the relay sees only ciphertext for those sessions.
- The relay is a blind pass-through with per-device isolation (one Durable Object per device) and stores only short-lived, TTL'd session tokens.
No method of transmission or storage is ever completely secure, but we design RenderConf to minimize the data at risk in the first place.
International data transfers
RenderConf relies on Cloudflare's and Expo/EAS's global infrastructure, so the routing and processing described above may occur on servers located in countries other than your own. Regardless of where processing happens, the same minimal-data practices in this policy apply. The information handled is limited to the ephemeral, non-identity operational data described above.
Encryption and export compliance
RenderConf uses only standard, widely available encryption (AEAD such as ChaCha20-Poly1305, and TLS) to protect your own data in transit and during pairing. It does not implement proprietary or non-standard cryptography. Accordingly, the app is designated as exempt from certain export requirements (ITSAppUsesNonExemptEncryption = false).
Pricing and payments
RenderConf is sold on our website as a one-time lifetime purchase or an auto-renewing subscription, with checkout handled by Stripe. Payment details (card numbers, billing address) are collected and processed by Stripe on Stripe's own pages. We never see or store your card details. Stripe provides us the information needed to deliver your purchase and handle refunds (such as the email you used at checkout and the transaction record). The app itself contains no in-app purchases; any Play Store listing is a separate free track.
Changes to this policy
We may update this policy as RenderConf evolves (for example, when new features are added). When we make material changes, we will update the "Effective date" above and post the revised policy at our published policy location. Continued use of RenderConf after an update means you accept the revised policy.
Contact
If you have questions about this policy or your privacy, contact:
nathnaelmin27@gmail.com
RenderConf is published by an individual developer. This policy covers the RenderConf Blender add-on, relay service, mobile apps, and web app distributed under the package/bundle identifier com.renderconf.app.