Data Handling Policy - RenewalDesk

📋 What Data We Process

RenewalDesk is a vendor operations tool. We process vendor and contract data only, including:

Vendor names, contact information, and account numbers
Contract terms, renewal dates, and auto-renewal clauses
Subscription pricing, invoices, and payment schedules
Aggregated resource usage statistics (e.g., COUNTER reports, session counts)
License terms and access entitlements
Internal notes and board-reporting materials your team creates

RenewalDesk does not collect or store personally identifiable patron information. We have no access to circulation records, borrower data, patron demographics, or any information that could identify library users.

🔒 Confidentiality of Pricing Data

We understand that vendor contract pricing is often commercially sensitive. Many library-vendor agreements include confidentiality clauses around negotiated rates.

RenewalDesk treats all contract pricing data as confidential. Your pricing information is:

Never shared with other libraries or organizations
Never disclosed to vendors or third parties
Never used for benchmarking, aggregation, or analytics visible to anyone outside your library
Accessible only to users within your library's RenewalDesk account

🛡 Security & Encryption

Your data is protected using industry-standard security practices:

Encryption in transit: All connections use TLS 1.2+ (HTTPS). Data is encrypted between your browser and our servers at all times.
Encryption at rest: All stored data is encrypted at the database level using AES-256 encryption.
Access controls: Only authenticated users with the appropriate account permissions can access your library's data.
Infrastructure: RenewalDesk runs on hardened cloud infrastructure with automated security patching and monitoring.

🚫 No Third-Party Data Sharing

Your data stays yours. RenewalDesk does not:

Sell, rent, or trade your data to anyone
Share data with advertising networks or data brokers
Provide vendor-specific data to the vendors themselves
Use your data to train AI models outside your account's scope

The only exception: we may disclose data if required by law (e.g., a valid court order), and we will notify you first unless legally prohibited from doing so.

💾 Data Ownership & Portability

Your library retains full ownership of all data stored in RenewalDesk. At any time, you can:

Export your data in standard formats (CSV, JSON) with a full record of your contracts, renewal history, usage data, and reports
Request deletion of all your data, which we will process within 30 days and confirm in writing
Access your data through the application at any time — there are no access restrictions or fees for retrieving your own information

If you cancel your RenewalDesk subscription, your data is retained for 90 days to allow for export, then permanently deleted.

📜 At a Glance

Data we process	Vendor contracts, pricing, usage stats, renewal dates
Patron data collected	None
Pricing confidentiality	Treated as confidential, never shared
Encryption	TLS 1.2+ in transit, AES-256 at rest
Third-party sharing	None (except if required by law)
Data ownership	You own it. Export or delete anytime.
Post-cancellation retention	90 days, then permanent deletion

Questions?

If you have questions about how RenewalDesk handles your data, or if you need documentation for an IT security review or procurement process, reach out to us. We're happy to provide additional detail or complete vendor security questionnaires.