Privacy policy

Last updated April 17, 2026

What we collect

  • Your account. Your email address and password (stored as a one-way hash), plus the information needed to sign you in and help you recover access if you forget your password.
  • Saved searches and scoring preferences. The public search URLs you paste in and the option weights, must-haves, and deal-breakers you configure.
  • Notification settings. The configuration you save for each alert channel. Notification settings are stored using application-level encryption in our database, so a leak of the database (including backups) does not expose them in plaintext.
  • In-app activity. Which listings you've hidden from your search results.
  • Operational logs. Standard web-server logs (IP address, request path, user agent, timestamp). Retained up to 30 days for debugging and abuse prevention, then deleted.

How we use it

  • Run the features you signed up for: saved searches, scoring, and notifications.
  • Deliver the notifications you configured.
  • Fix bugs, investigate abuse, and keep the service running.

What we never do

  • Sell, rent, or trade your email address or notification settings, or share any of them with third parties for their own marketing or independent use.
  • Run third-party advertising, ad tracking, or behavioral profiling.
  • Embed third-party analytics scripts in the site.
  • Track you across other websites.

Cookies, Do Not Track, and Global Privacy Control

  • One essential session cookie keeps you signed in. No analytics cookies. No tracking cookies. No third-party cookies.
  • Because we don't track users across sites or share data with advertising networks, Do Not Track (DNT) and Global Privacy Control (GPC) signals don't change our behavior. There's nothing additional for them to turn off.

Sub-processors

A small number of third parties operate on our behalf. All are contractually limited to processing data for us, never for their own purposes. All are US-based.

  • AppSignal: server-side error and performance monitoring. May receive request paths, exception details, and account identifiers.
  • Our email delivery provider: sends account emails (confirmation, password reset) and notification emails. Processes recipient addresses and message content to deliver mail.
  • Our hosting provider: runs the application and database.

If we add or change a sub-processor in a way that affects how your data is handled, we treat it as a material change under the Changes section below.

Data retention and deletion

  • Account data and your saved searches, preferences, and notification configs persist until you delete them.
  • When you delete a saved search, a notification config, or your account, the data is permanently deleted. There is no soft-delete, no archive, no recoverable retention window.
  • Operational logs: up to 30 days.

Your rights

Data operations are self-serve, so you don't need to contact anyone to exercise them. You can still reach us at legal@rennscore.com if something isn't working.

  • You can delete any saved search, notification config, or individual preference at any time from the app. Deletion is immediate and irreversible.
  • You can delete your entire account at any time from your account settings. Everything associated with your account — saved searches, scoring preferences, notification configs — is deleted with it, immediately and irreversibly.
  • You can correct information (such as your email address) directly in your account settings.

Security

  • Passwords are stored as one-way hashes; we cannot retrieve your plaintext password, even to help you recover it.
  • Notification settings are stored using application-level encryption in our database, so a leak of the database (including backups, which contain the same encrypted bytes) does not expose them in plaintext.
  • All traffic between your browser and the app is served over HTTPS.
  • No system is perfectly secure. If we ever discover that personal information has been exposed to an unauthorized party, we will notify affected users by email without undue delay and describe what happened and what we're doing about it.

Children's privacy

This service is intended for adults old enough to buy or drive a car. It is not directed at children. In particular, it is not designed for children under 13, and we do not knowingly collect personal information from anyone under 13. If we become aware that we have inadvertently collected information from a child under 13, we will delete it.

External notification endpoints

When you configure a notification to go to a service that you (not we) control, we send the notification data to that endpoint. Once the request leaves our systems, the receiving service governs what happens to the data, including any logs it keeps. Please only connect notifications to services you trust.

Legal requests

We may disclose information if required by valid legal process (for example, a court order or lawfully issued subpoena). We push back on overbroad or improper requests where feasible, and will attempt to notify the affected user unless legally prohibited from doing so.

Jurisdiction and governing law

The service is operated from the United States. Data is processed in the United States. By using the service, you acknowledge that your information is being handled under United States law. This policy is governed by the laws of the United States and the state in which the maintainer resides, without regard to conflict-of-law principles.

Business transfer or shutdown

This is a small community project and not being shopped around, but: if the project is ever transferred to another maintainer or discontinued, we will notify registered users by email and give a reasonable opportunity to delete account data before the transfer or shutdown takes effect.

Changes to this policy

  • The "Last updated" date at the top of this page reflects the most recent revision.
  • For material changes — meaningful changes to what we collect, how we use it, or who we share it with — we will email registered users before the change takes effect, where reasonably possible, and aim to give at least 14 days' notice. Minor edits (wording, formatting, clarifications) don't trigger a notification.
  • Continuing to use the service after a material change takes effect means you accept the updated policy; you can always delete your account instead.

Contact

General privacy questions and rights-holder concerns: legal@rennscore.com. Data correction and deletion are self-serve from your account. See the Your Rights section above.