Privacy at a glance
We don't sell data
Your personal information is never sold to third parties.
You own your content
All generated reels, scripts, and media belong to you.
GDPR compliant
Full data rights, cookie consent, and lawful processing.
Information We Collect
We collect the following categories of information:
Account information
Email address, name, organization name, and authentication credentials. Payment information (credit card details, billing address) is collected and processed directly by Polar Software, Inc., our Merchant of Record - we do not store your payment card details.
Content data
Brand configurations, style preferences, generated reels, scripts, and media assets you create through the Service.
Usage data
Pages visited, features used, reel generation metrics, and performance analytics to help us improve the product.
Device data
Browser type, operating system, IP address, and device identifiers for security and troubleshooting purposes.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
| Legal basis | Processing activity |
|---|---|
| Contract performance | Providing the Service, managing your account, generating reels, processing subscriptions |
| Legitimate interest | Product analytics, fraud prevention, security monitoring, improving the Service |
| Consent | Optional cookies (e.g., Crisp live chat), marketing communications |
| Legal obligation | Tax record retention, responding to lawful data requests |
How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service.
- Process payments and manage subscriptions (via Polar).
- Send transactional communications (receipts, alerts).
- Generate and publish content on your behalf via the AI pipeline.
- Provide customer support through Crisp live chat (with your consent for the cookie).
- Analyze usage patterns to improve product quality.
- Detect and prevent fraud, abuse, and security incidents.
Data Sharing
We share data only with service providers necessary to operate Reelry:
| Provider | Purpose | Role |
|---|---|---|
| Supabase | Database and authentication | Data processor |
| Polar | Payment processing, invoicing, tax compliance | Independent controller (Merchant of Record) |
| Anthropic, Recraft, Runway, ElevenLabs, Shotstack | AI content generation (script, images, video, voiceover, assembly) | Data processors |
| TikTok | Content publishing (when you choose to post) | Independent controller |
| Crisp | Live chat support | Data processor |
| Google Analytics | Anonymised traffic measurement (opt-in via cookie banner; IP-anonymised, no cross-site tracking) | Data processor |
| PostHog (EU) | Product analytics and funnel measurement (opt-in via cookie banner; EU-hosted, IP-anonymised, no email or cross-site tracking) | Data processor |
Polar as Merchant of Record
Polar acts as an independent data controller for payment data. When you make a purchase, Polar collects and processes your payment information under their own Privacy Policy. We do not have access to your full payment card details.
We do not sell your personal information.
API Keys (BYOK Mode)
If you provide your own API keys through Bring Your Own Keys mode:
- Keys are encrypted at rest using industry-standard encryption.
- Keys are only used to make API calls on your behalf - never for any other purpose.
- Keys are never shared with third parties.
- You may delete your keys at any time from the Brand Settings page.
Data Retention
- We retain your data for as long as your account is active.
- After account deletion, all data is permanently removed within 30 days.
- Generated media files (images, videos) are stored in cloud storage and deleted alongside your account.
- Billing records may be retained longer as required by law. Polar retains payment records independently as required for tax and regulatory compliance.
Security
We use industry-standard security measures to protect your data:
- TLS encryption for all data in transit.
- Row-level security (RLS) policies ensuring data isolation between organizations.
- Encrypted storage for API keys and sensitive credentials.
- Access to production data is restricted to authorized personnel only.
- Regular security reviews and dependency audits.
Your Rights
All users have the following rights. If you are in the EEA, UK, or Switzerland, these rights are guaranteed under the GDPR:
- Access - request a copy of your personal data.
- Rectification - update inaccurate or incomplete data.
- Erasure - delete your account and all associated data (“right to be forgotten”).
- Restriction - request that we limit processing of your data in certain circumstances.
- Portability - receive your data in a structured, commonly used, machine-readable format.
- Object - object to processing based on legitimate interest, including profiling.
- Withdraw consent - where processing is based on consent, withdraw it at any time (e.g., optional cookies via the cookie settings).
Exercise these rights by contacting us at privacy@reelry.app or using in-app controls in Settings. We will respond within 30 days (or sooner if required by law).
If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
Cookies & Tracking
We use cookies to operate the Service. You can manage your cookie preferences at any time using the cookie settings banner or the “Cookie Settings” link in the footer.
| Category | Purpose | Required |
|---|---|---|
| Strictly necessary | Authentication, session management, CSRF protection, cookie consent preference | Yes |
| Functional | Theme preferences (light/dark mode), UI state | Yes |
| Optional (analytics) | Google Analytics and PostHog (EU-hosted) - anonymised page views and product events used to understand which pages convert and where users drop off. IP-anonymised. No advertising or cross-site tracking. | No - requires consent |
| Optional (support) | Crisp live chat widget - enables real-time customer support | No - requires consent |
We do not use advertising cookies, tracking pixels, or third-party analytics that track you across websites.
International Transfers
Health3 AG, the operator of Reelry, is based in Switzerland. The European Commission has recognised Switzerland as providing an adequate level of data protection, so transfers of personal data between the EU/EEA and Switzerland do not require additional safeguards. For transfers of personal data to other jurisdictions (for example, to our US-based service providers), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented with the Swiss Federal Data Protection and Information Commissioner's (FDPIC) recognised addendum where applicable.
- Transfers to countries with an adequacy decision from the European Commission or the Swiss Federal Council.
- Reliance on the EU–US Data Privacy Framework and the Swiss–US Data Privacy Framework where our sub-processors are certified under them.
- Additional technical and organizational measures to protect your data during transfer.
Polar processes payment data in accordance with their own international transfer mechanisms as described in their Privacy Policy.
Children’s Privacy
Reelry is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.
Contact & Data Protection
Data controller: Health3 AG, a company incorporated in Switzerland with its registered office at Wiesenstrasse 10A, 8952 Schlieren, Switzerland, Swiss VAT number CHE-396.908.066 MWST, is the data controller for personal data processed through Reelry.
For privacy-related inquiries or to exercise your data protection rights, contact us at privacy@reelry.app. We will respond within 30 days (or sooner if required by applicable law).
Postal address:
Health3 AG
Wiesenstrasse 10A
8952 Schlieren
Switzerland
See also: Terms of Service · Refund Policy
Get started free