The structure of Ren’s DPA, published publicly so security, privacy, and procurement reviewers can confirm scope before requesting an executable copy. The DPA forms part of every customer agreement and binds Ren as Processor under GDPR Art. 28 and equivalent regimes.
Last updated: May 16, 2026 · Executable copy on customer letterhead: request from security@tryren.com
Ren processes customer data solely to provide the contracted service — coaching synthesis, conversation surface, organizational rollups — and only on documented instructions from the customer. Out-of-scope processing requires prior written customer consent.
Categories: account profile data (name, email, role), workplace communications metadata (channels, timestamps, participants), coaching content created in-product, and aggregated organizational rollups. Data subjects: customer employees and contractors using Ren.
The customer is the Controller. Ren is the Processor. Ren acts only on the Controller's documented instructions. The Controller is responsible for the lawful basis of processing and for providing employee notice.
TLS 1.2+ in transit, AES-256 at rest. KMS-backed key management with auto-rotation. Network isolation per customer in single-region AWS. Access controls via IAM with documented least-privilege scopes. Annual third-party penetration testing. SOC 2 Type II audit in progress, expected Q2 2026.
Full list at /trust/sub-processors. 30-day prior written notice of new sub-processors that handle customer data. Customer right of objection during the notice period. All sub-processors bound by terms substantially similar to this DPA, including SCCs for cross-border transfers.
EU and UK personal data transfers covered by the European Commission Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum. Swiss data covered by the Swiss-specific module. Transfer Impact Assessment available on request.
Anthropic (primary) and OpenAI (backup) are contracted under zero-retention, no-training terms. Customer content is masked of PII before submission. LLM providers act as our sub-processors and are bound by flow-down obligations.
Ren will assist the Controller in responding to data subject access, rectification, erasure, restriction, portability, and objection requests within five business days. Customer admin tools support deletion at the user and organization level.
Ren will notify the Controller without undue delay and no later than 48 hours after becoming aware of a personal data breach affecting customer data. Notification includes nature, categories, approximate counts, contact point, and remediation steps.
Customer has audit rights exercisable annually with 30 days' written notice. Ren will provide its most recent SOC 2 Type II report and pen-test summary under NDA. On-site audits available for enterprise contracts upon written agreement of scope.
Within 30 days of contract termination, Ren will return or delete all customer data per Controller written instruction. Sub-processor copies are purged within 90 days. Certificate of deletion provided on request.
Default retention: coaching content retained for the duration of the contract plus 90 days. Customer-configurable retention available on Enterprise plans. Channel buffers in Kafka are auto-purged on consumption with a 72-hour ceiling.
This public summary covers structure and scope. The executable DPA additionally includes: Annex I (parties and contact points), Annex II (full technical and organizational measures), Annex III (sub-processor list with detailed scope per processor), liability allocations, governing law, and any customer-specific amendments. Request security@tryren.com for the executable copy. Typical turnaround: one business day.