Privacy Policy

1. Introduction

XiPlatform Pty Ltd ("we", "us", "our") operates renly.ai ("renlyAI", "the platform", "the service"). This Privacy Policy explains what data we collect, how we use it, how we store it, and your rights in relation to that data.

By accessing or using renlyAI, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, you should not use the service.

2. Beta Service Disclaimer

The platform is offered "as is" and "as available" without warranties of any kind, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

XiPlatform Pty Ltd shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages arising from or related to the use of the beta service, including but not limited to loss of data, revenue, or business opportunity.

We reserve the right to modify, suspend, or discontinue the service at any time without notice. Features, functionality, and availability may change during the beta period without prior notification.

By using the beta service, you acknowledge and accept these limitations. You agree that your use of the service during the beta period is at your own risk.

3. Third-Party Systems and Integrations

renlyAI connects to third-party systems and services (including but not limited to Azure DevOps) using credentials and access tokens provided by the user. All access to, interaction with, and actions performed through connected third-party systems are initiated by and are the sole responsibility of the user.

XiPlatform Pty Ltd does not control, endorse, or assume responsibility for any third-party systems, their availability, data handling practices, or the consequences of actions performed through them.

The user is responsible for ensuring they have appropriate authorisation to connect third-party systems and that their use complies with the terms of service of those systems.

XiPlatform Pty Ltd expressly disclaims all liability for any loss, damage, or claim arising from the user's use of third-party integrations, including but not limited to data modification, deletion, or exposure within connected systems.

4. Information We Collect

We collect the following categories of information when you use renlyAI:

• Account information — Your name, email, and authentication identifiers required to operate your account and organization membership.
• Usage data — Feature usage patterns, session data, and error logs collected to operate and improve the service.
• Project and workflow data — Queries, work items, integration metadata, and operational records used to provide product features, execution history, and governance functions.
• Cookies and analytics — We use Google Analytics (GA4) to collect aggregate usage patterns. See Section 9 for details on cookies.

5. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and operate the renlyAI service, including authenticating users and managing sessions.
• To improve the platform, including analysing usage patterns, diagnosing errors, and developing new features.
• To communicate service updates, including planned maintenance, feature changes, and policy updates.
• To ensure security and prevent abuse, including monitoring for unauthorised access, rate limiting, and enforcing usage quotas.

6. Data Storage and Security

We implement appropriate technical and organisational measures to protect your data:

• Encryption at rest — Sensitive data, including credentials and Personal Access Tokens, is encrypted using AES-256-GCM (authenticated encryption with integrity verification).
• Encryption in transit — All data transmitted between clients, renlyAI servers, and external services is protected with TLS encryption.
• Multi-tenant isolation — Data access is scoped at the organisation and project level. Query-level isolation ensures that no user can access another organisation's data.

For full details on our security architecture, please refer to our Security page.

7. Third-Party Services

renlyAI integrates with the following third-party services in the course of providing the platform:

• Google Analytics (GA4) — Used for aggregate usage analytics. Google may process data in accordance with their own privacy policy.
• Identity providers — Identity services such as Microsoft Entra ID and Google may be used for authentication depending on deployment and account configuration.
• LLM providers — AI requests may be routed to configured providers (including OpenAI, Anthropic, Google, and Azure-based services). In BYOLLM deployments, requests are routed according to customer-configured provider settings and credentials.

8. Your Rights

You have the following rights in relation to your personal data:

• Access — You may request a copy of the personal data we hold about you.
• Correction — You may request correction of any inaccurate or incomplete personal data.
• Deletion — You may request deletion of your personal data. Account deletion removes all associated data from our systems.

To exercise any of these rights, please contact us at privacy@renly.ai.

9. Cookies

renlyAI uses the following categories of cookies:

• Essential cookies — Required for authentication and session management. These cookies are necessary for the service to function and cannot be disabled.
• Google Analytics cookies — Used to collect aggregate usage data to help us understand how the platform is used and to improve the service.
• Google Translate cookies — Used to store language preferences when the translation feature is active.

We do not use advertising or tracking cookies. We do not sell or share cookie data with third parties for advertising purposes.

10. Data Retention

We retain data in accordance with the following schedule:

• Account data — Retained for the duration that your account remains active.
• Usage logs — Retained for 90 days, after which they are permanently deleted.
• Project and workflow data — Retained according to product retention settings, contractual terms, and operational requirements.
• Account closure — All associated data is deleted within 30 days of account closure.

11. Children's Privacy

renlyAI is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from an individual under 18, we will take steps to delete that information promptly.

12. International Data

Your data may be processed in Australia, the United States, and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.

By using renlyAI, you consent to the transfer and processing of your data in these jurisdictions. We take reasonable steps to ensure that your data is treated securely and in accordance with this policy regardless of where it is processed.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the service, or applicable law. Material changes will be notified via email or in-app notification prior to the changes taking effect.

Continued use of the service after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

14. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of New South Wales, Australia. Any disputes arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts of New South Wales, Australia.

15. Contact

If you have any questions about this Privacy Policy or our data handling practices, please contact us:

• Email: privacy@renly.ai
• Entity: XiPlatform Pty Ltd
• Location: Sydney, Australia