Privacy notice

Renard Society is the data controller for everything you do on renardsociety.com and with Sofia; our contact for privacy is hello@renardsociety.com. Renard Society is completing its incorporation as a company in Spain — once registration is complete, our full legal-entity details will be published in our Legal Notice.

When you reach an operator through Sofia and a chat or booking follows, that operator becomes a separate controller for the conversation within their tenant.

We keep data minimal and tied to a clear purpose. There is no third-party tracking on buyer-facing surfaces and no profile we build from anything outside your own conversation with Sofia.

• Conversation transcripts (messages between you and Sofia): kept for 24 months from your last activity. Legal basis: performance of the conversational service you requested.
• Memory facts about you (preferences, budget, interests you mention) — every fact is sourced to a specific message you sent. Kept for 24 months from your last activity, or until you request erasure. Legal basis: legitimate interest in continuity of service.
• Contact details (name, email, phone) — only if you choose to share them. Kept for the duration of the inquiry, plus 36 months for real-estate audit purposes if a transaction follows.
• Lead and handoff records — operational logs of which operator you spoke to and what came of it. Kept 6 years if a deal closed (Spanish Commercial Code Art. 30 requires this).
• Voice recordings (if you use Sofia Voice): transient, deleted within 30 days of the session. Legal basis: explicit consent before voice starts.
• Account details (only if you create an account): your email, and — if you choose "Continue with Google" — your name and email from Google. Used to sign you in and sync your activity. Kept until you delete your account or ask us to erase it. Legal basis: performance of the account service you requested.
• Saved listings, saved searches, and notification preferences: stored against your account so they follow you across devices. Kept until you remove them or delete your account.
• Reservation and payment details: when you reserve, payment is handled by Stripe — we never see or store your full card number. We keep the reservation record (amounts, dates, and the operator involved) for the audit and tax periods noted above.
• Site usage analytics (PostHog) — anonymous events, no cross-site fingerprinting, no buyer-side replays. Kept 12 months. Legal basis: legitimate interest in product improvement.

We do not buy data from data brokers. We do not fingerprint your browser. We do not run third-party ad pixels on renardsociety.com. We do not share your conversations across operators. We do not infer about you from outside sources — every fact in our memory is something you told Sofia directly.

Under GDPR you have the right to access your data, correct it, ask us to erase it, restrict our processing, port it elsewhere, and object to processing. To exercise any of these, email hello@renardsociety.com. We respond within 30 days.

If you ask Sofia to forget you, or email us to be erased, we hard-delete every fact, contact detail, and active lead about you in a single transaction. Closed transcripts and lead records that we must keep for tax record-keeping are redacted — your name, email, and phone are replaced with "[redacted]" while we preserve the structural audit trail required by Spanish commercial law.

You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, www.aepd.es).

We use a small number of third-party services to operate Renard. They are bound by data processing agreements and the same standards we apply ourselves.

• Supabase (EU region) — database, accounts and authentication, file storage, and delivery of sign-in emails.
• Vercel — application hosting.
• Anthropic + OpenAI — large-language model providers Sofia uses to respond. They do not train models on your conversations.
• Stripe — payment processing when you reserve. We never receive your full card details.
• Google — only if you choose "Continue with Google" to sign in; Google then shares your name and email with us.
• Resend — transactional email delivery (sign-in codes, operator application status, follow-ups).
• PostHog — product analytics (server-side, anonymous, no advertising or cross-site tracking).
• Sentry — error monitoring; we filter PII from error payloads.

Most of your data stays in EU data centres. Some providers (Anthropic and OpenAI, and certain Stripe and Google operations) may process data in the United States; those transfers are governed by the Standard Contractual Clauses adopted by the European Commission.

For any privacy question or to exercise your rights, write to hello@renardsociety.com. A real person reads every message.