Skip to main content
Loading...

Help Center

Everything you need to know about using Renewly

Data residency

Renewly is a dual-region service. You choose your region at signup and your contracts, account data, and audit logs stay in that region for the life of the workspace. This article is the plain-language version of /trust - what lives where, what crosses region, and how to opt out of the two stages that do.

Choosing your region

At signup time you pick a region. Today there are two:

  • European Union - storage on Supabase eu-central-1 (AWS Frankfurt), primary extraction on Google Vertex europe-west1.
  • United States - storage on Supabase us-east-1 (AWS N. Virginia), primary extraction on Google Vertex us-east5.

Your region is set when you sign up. It cannot be changed from the in-app settings UI - to migrate a workspace between regions, contact support and operations runs the cutover process.

Why does Renewly let me pick a region?

EU customers under GDPR (and many regulated industries on either side of the Atlantic) need their contract data to stay in a specific region. We run two physically separate Supabase projects - one in Frankfurt, one in N. Virginia - and your data only ever lives in the one you chose.

What stays in your region

The following data lives only in your selected region:

  • Uploaded contract PDFs (in Supabase Storage)
  • Extracted fields and metadata
  • Your account profile and organization records
  • Audit logs (retained for 3 years)
  • The in-region LLM extraction pass (Google Vertex)

What crosses region (and how to opt out)

Two stages of the extraction pipeline do not stay in your region today. Both have a per-org opt-out:

  1. PDF text extraction - via Reducto
    PDF text extraction is performed by our sub-processor Reducto. Data handling is governed by our agreement with Reducto; a per-org opt-out is available on request.
  2. LLM validation - via Anthropic (Claude)
    The validation pass runs via Anthropic Direct API for both EU and US customers. Anthropic operates under zero data retention for API traffic and does not use API data for model training, per Anthropic API terms. A per-org opt-out is available; an in-region migration is planned.

If your compliance program requires either of these stages to run in-region as well, contact support at security@renewly.gg and we will enable the opt-out flag on your workspace. A single per-org flag gates both stages. With it on, extractions still run - they just skip the flagged stages, with slightly lower accuracy on the primary pass alone.

Operational logs

A small number of infrastructure vendors (hosting, error reporting, job orchestration, rate limiting) are single-instance services. Their operational logs - request metadata, IDs, region tags - may transit outside your primary region even though contract content itself does not. Contract content is never written to operational logs. The full list lives on /trust.

Data export and deletion

Under GDPR Article 15 you can export everything Renewly holds about you from your account settings. Account deletion is honoured with a 30-day grace period; backups are purged after 30 days.

More detail

  • /trust - the canonical map of regions, sub-processors, and operational vendors.
  • /security - the full security posture.
  • Privacy Policy - the legal text, including cross-border transfer mechanisms (SCCs / UK addendum).