Privacy at a glance
We don't sell data
Your personal information is never sold to third parties.
You own your content
All generated reels, scripts, and media belong to you.
GDPR compliant
Full data rights, cookie consent, and lawful processing.
Information We Collect
We collect the following categories of information:
Account information
Email address, name, organization name, and authentication credentials. Payment information (credit card details, billing address) is collected and processed directly by Paddle.com Market Ltd, our Merchant of Record — we do not store your payment card details.
Content data
Brand configurations, style preferences, generated reels, scripts, and media assets you create through the Service.
Usage data
Pages visited, features used, reel generation metrics, and performance analytics to help us improve the product.
Device data
Browser type, operating system, IP address, and device identifiers for security and troubleshooting purposes.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
| Legal basis | Processing activity |
|---|---|
| Contract performance | Providing the Service, managing your account, generating reels, processing subscriptions |
| Legitimate interest | Product analytics, fraud prevention, security monitoring, improving the Service |
| Consent | Optional cookies (e.g., Crisp live chat), marketing communications |
| Legal obligation | Tax record retention, responding to lawful data requests |
How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service.
- Process payments and manage subscriptions (via Paddle).
- Send transactional communications (receipts, alerts).
- Generate and publish content on your behalf via the AI pipeline.
- Provide customer support through Crisp live chat (with your consent for the cookie).
- Analyze usage patterns to improve product quality.
- Detect and prevent fraud, abuse, and security incidents.
Data Sharing
We share data only with service providers necessary to operate Reelry:
| Provider | Purpose | Role |
|---|---|---|
| Supabase | Database and authentication | Data processor |
| Paddle | Payment processing, invoicing, tax compliance | Independent controller (Merchant of Record) |
| Anthropic, Recraft, Runway, ElevenLabs, Shotstack | AI content generation (script, images, video, voiceover, assembly) | Data processors |
| TikTok | Content publishing (when you choose to post) | Independent controller |
| Crisp | Live chat support | Data processor |
Paddle as Merchant of Record
Paddle acts as an independent data controller for payment data. When you make a purchase, Paddle collects and processes your payment information under their own Privacy Policy. We do not have access to your full payment card details.
We do not sell your personal information.
API Keys (BYOK Mode)
If you provide your own API keys through Bring Your Own Keys mode:
- Keys are encrypted at rest using industry-standard encryption.
- Keys are only used to make API calls on your behalf — never for any other purpose.
- Keys are never shared with third parties.
- You may delete your keys at any time from the Brand Settings page.
Data Retention
- We retain your data for as long as your account is active.
- After account deletion, all data is permanently removed within 30 days.
- Generated media files (images, videos) are stored in cloud storage and deleted alongside your account.
- Billing records may be retained longer as required by law. Paddle retains payment records independently as required for tax and regulatory compliance.
Security
We use industry-standard security measures to protect your data:
- TLS encryption for all data in transit.
- Row-level security (RLS) policies ensuring data isolation between organizations.
- Encrypted storage for API keys and sensitive credentials.
- Access to production data is restricted to authorized personnel only.
- Regular security reviews and dependency audits.
Your Rights
All users have the following rights. If you are in the EEA, UK, or Switzerland, these rights are guaranteed under the GDPR:
- Access — request a copy of your personal data.
- Rectification — update inaccurate or incomplete data.
- Erasure — delete your account and all associated data (“right to be forgotten”).
- Restriction — request that we limit processing of your data in certain circumstances.
- Portability — receive your data in a structured, commonly used, machine-readable format.
- Object — object to processing based on legitimate interest, including profiling.
- Withdraw consent — where processing is based on consent, withdraw it at any time (e.g., optional cookies via the cookie settings).
Exercise these rights by contacting us at privacy@reelry.app or using in-app controls in Settings. We will respond within 30 days (or sooner if required by law).
If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
Cookies & Tracking
We use cookies to operate the Service. You can manage your cookie preferences at any time using the cookie settings banner or the “Cookie Settings” link in the footer.
| Category | Purpose | Required |
|---|---|---|
| Strictly necessary | Authentication, session management, CSRF protection, cookie consent preference | Yes |
| Functional | Theme preferences (light/dark mode), UI state | Yes |
| Optional (support) | Crisp live chat widget — enables real-time customer support | No — requires consent |
We do not use advertising cookies, tracking pixels, or third-party analytics that track you across websites.
International Transfers
Your data may be processed in the United States and other countries where our service providers operate. For transfers of personal data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Transfers to countries with an adequacy decision from the European Commission.
- Additional technical and organizational measures to protect your data during transfer.
Paddle processes payment data in accordance with their own international transfer mechanisms as described in their Privacy Policy.
Children's Privacy
Reelry is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.
Contact & Data Protection
For privacy-related inquiries, contact us at privacy@reelry.app.
HLT3 Studio is the data controller for your personal data processed through Reelry. If you have concerns about our data practices or wish to exercise your rights, email privacy@reelry.app and we will respond within 30 days.
See also: Terms of Service · Refund Policy
Get started free