Back to home

Privacy Policy

Last updated: July 7, 2026

Privacy at a glance

We don't sell data

Your personal information is never sold to third parties.

You own your content

All generated reels, scripts, and media belong to you.

GDPR compliant

Full data rights, cookie consent, and lawful processing.

1

Information We Collect

We collect the following categories of information:

Account information

Email address, name, organization name, and authentication credentials. Payment information (credit card details, billing address) is collected and processed directly by Polar Software, Inc., our Merchant of Record - we do not store your payment card details.

Content data

Brand configurations, style preferences, generated reels, scripts, and media assets you create through the Service.

Usage data

Pages visited, features used, reel generation metrics, and performance analytics to help us improve the product.

Device data

Browser type, operating system, IP address, and device identifiers for security and troubleshooting purposes.

2

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Legal basisProcessing activity
Contract performanceProviding the Service, managing your account, generating reels, processing subscriptions
Legitimate interestProduct analytics, fraud prevention, security monitoring, improving the Service
ConsentOptional cookies (e.g., Crisp live chat), marketing communications
Legal obligationTax record retention, responding to lawful data requests
3

How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Process payments and manage subscriptions (via Polar).
  • Send transactional communications (receipts, alerts).
  • Generate and publish content on your behalf via the AI pipeline.
  • Provide customer support through Crisp live chat (with your consent for the cookie).
  • Analyze usage patterns to improve product quality.
  • Detect and prevent fraud, abuse, and security incidents.
4

Data Sharing

We share data only with service providers necessary to operate Reelry:

ProviderPurposeRole
SupabaseDatabase and authenticationData processor
PolarPayment processing, invoicing, tax complianceIndependent controller (Merchant of Record)
Anthropic, Recraft, Runway, ElevenLabs, ShotstackAI content generation (script, images, video, voiceover, assembly)Data processors
TikTokContent publishing (when you choose to post)Independent controller
CrispLive chat supportData processor
Google AnalyticsAnonymised traffic measurement (opt-in via cookie banner; IP-anonymised, no cross-site tracking)Data processor
PostHog (EU)Product analytics and funnel measurement (opt-in via cookie banner; EU-hosted, IP-anonymised, no email or cross-site tracking)Data processor

Polar as Merchant of Record

Polar acts as an independent data controller for payment data. When you make a purchase, Polar collects and processes your payment information under their own Privacy Policy. We do not have access to your full payment card details.

We do not sell your personal information.

5

API Keys (BYOK Mode)

If you provide your own API keys through Bring Your Own Keys mode:

  • Keys are encrypted at rest using industry-standard encryption.
  • Keys are only used to make API calls on your behalf - never for any other purpose.
  • Keys are never shared with third parties.
  • You may delete your keys at any time from the Brand Settings page.
6

Data Retention

  • We retain your data for as long as your account is active.
  • After account deletion, all data is permanently removed within 30 days.
  • Generated media files (images, videos) are stored in cloud storage and deleted alongside your account.
  • Billing records may be retained longer as required by law. Polar retains payment records independently as required for tax and regulatory compliance.
7

Security

We use industry-standard security measures to protect your data:

  • TLS encryption for all data in transit.
  • Row-level security (RLS) policies ensuring data isolation between organizations.
  • Encrypted storage for API keys and sensitive credentials.
  • Access to production data is restricted to authorized personnel only.
  • Regular security reviews and dependency audits.
8

Your Rights

All users have the following rights. If you are in the EEA, UK, or Switzerland, these rights are guaranteed under the GDPR:

  • Access - request a copy of your personal data.
  • Rectification - update inaccurate or incomplete data.
  • Erasure - delete your account and all associated data (“right to be forgotten”).
  • Restriction - request that we limit processing of your data in certain circumstances.
  • Portability - receive your data in a structured, commonly used, machine-readable format.
  • Object - object to processing based on legitimate interest, including profiling.
  • Withdraw consent - where processing is based on consent, withdraw it at any time (e.g., optional cookies via the cookie settings).

Exercise these rights by contacting us at privacy@reelry.app or using in-app controls in Settings. We will respond within 30 days (or sooner if required by law).

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

9

Cookies & Tracking

We use cookies to operate the Service. You can manage your cookie preferences at any time using the cookie settings banner or the “Cookie Settings” link in the footer.

CategoryPurposeRequired
Strictly necessaryAuthentication, session management, CSRF protection, cookie consent preferenceYes
FunctionalTheme preferences (light/dark mode), UI stateYes
Optional (analytics)Google Analytics and PostHog (EU-hosted) - anonymised page views and product events used to understand which pages convert and where users drop off. IP-anonymised. No advertising or cross-site tracking.No - requires consent
Optional (support)Crisp live chat widget - enables real-time customer supportNo - requires consent

We do not use advertising cookies, tracking pixels, or third-party analytics that track you across websites.

10

Anonymous visit measurement (no cookies)

Even if you decline optional cookies, we count visits to our public pages (landing pages, free tools, public reel showcases) anonymously. This measurement works without cookies: no identifier or other personal data is stored on your device, and no stored personal data is read from it.

  • What is measured: pages viewed, the referring site, and browser type - on our public pages only, never inside the logged-in app.
  • How it works: no cookies are set and no identifier is stored on your device. The analytics tool reads only its own consent-status flag (strictly necessary to respect your cookie choice) and performs a one-time technical check that browser storage works, which writes a meaningless test value and removes it immediately. Your IP address and browser identifier are processed transiently on servers in the EU to compute a short-lived identifier that changes daily and cannot be reversed. Your raw IP address is not stored.
  • Processor: PostHog Cloud EU (Frankfurt, Germany), under a data processing agreement.
  • Legal basis: legitimate interest (Art 6(1)(f) GDPR) - measuring and improving our website.
  • Retention: only aggregate statistics are kept; there is no persistent identifier that could link your visits across days.

You have the right to object to this measurement at any time (Art 21 GDPR). Use the toggle below - it takes effect immediately. We also honour your browser's Do Not Track setting: if it is enabled, no measurement takes place.

11

International Transfers

Health3 AG, the operator of Reelry, is based in Switzerland. The European Commission has recognised Switzerland as providing an adequate level of data protection, so transfers of personal data between the EU/EEA and Switzerland do not require additional safeguards. For transfers of personal data to other jurisdictions (for example, to our US-based service providers), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented with the Swiss Federal Data Protection and Information Commissioner's (FDPIC) recognised addendum where applicable.
  • Transfers to countries with an adequacy decision from the European Commission or the Swiss Federal Council.
  • Reliance on the EU–US Data Privacy Framework and the Swiss–US Data Privacy Framework where our sub-processors are certified under them.
  • Additional technical and organizational measures to protect your data during transfer.

Polar processes payment data in accordance with their own international transfer mechanisms as described in their Privacy Policy.

12

Children’s Privacy

Reelry is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly.

13

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

14

Contact & Data Protection

Data controller: Health3 AG, a company incorporated in Switzerland with its registered office at Wiesenstrasse 10A, 8952 Schlieren, Switzerland, Swiss VAT number CHE-396.908.066 MWST, is the data controller for personal data processed through Reelry.

For privacy-related inquiries or to exercise your data protection rights, contact us at privacy@reelry.app. We will respond within 30 days (or sooner if required by applicable law).

Postal address:
Health3 AG
Wiesenstrasse 10A
8952 Schlieren
Switzerland

15

EU and UK Representatives (Article 27)

Health3 AG is based in Switzerland, outside the EU/EEA and the UK. Under Article 27 of the EU GDPR and the UK GDPR we have appointed representatives that you and data protection authorities can contact about how your personal data is handled:

  • EU representative: iuro Rechtsanwälte GmbH t/a Prighter, Schellinggasse 3, 1010 Vienna, Austria.
  • UK representative: Prighter Ltd, United Kingdom.

You can contact the relevant representative about any data protection matter concerning your personal data.