Privacy at a glance
We don't sell data
Your personal information is never sold to third parties.
You own your content
All generated reels, scripts, and media belong to you.
GDPR compliant
Full data rights, cookie consent, and lawful processing.
Information We Collect
We collect the following categories of information:
Account information
Email address, name, organization name, and authentication credentials. Payment information (credit card details, billing address) is collected and processed directly by Polar Software, Inc., our Merchant of Record - we do not store your payment card details.
Content data
Brand configurations, style preferences, generated reels, scripts, and media assets you create through the Service.
Usage data
Pages visited, features used, reel generation metrics, and performance analytics to help us improve the product.
Device data
Browser type, operating system, IP address, and device identifiers for security and troubleshooting purposes.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
| Legal basis | Processing activity |
|---|---|
| Contract performance | Providing the Service, managing your account, generating reels, processing subscriptions |
| Legitimate interest | Product analytics, fraud prevention, security monitoring, improving the Service |
| Consent | Optional cookies (e.g., Crisp live chat), marketing communications |
| Legal obligation | Tax record retention, responding to lawful data requests |
How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service.
- Process payments and manage subscriptions (via Polar).
- Send transactional communications (receipts, alerts).
- Generate and publish content on your behalf via the AI pipeline.
- Provide customer support through Crisp live chat (with your consent for the cookie).
- Analyze usage patterns to improve product quality.
- Detect and prevent fraud, abuse, and security incidents.
Data Sharing
We share data only with service providers necessary to operate Reelry:
| Provider | Purpose | Role |
|---|---|---|
| Supabase | Database and authentication | Data processor |
| Polar | Payment processing, invoicing, tax compliance | Independent controller (Merchant of Record) |
| Anthropic, Recraft, Runway, ElevenLabs, Shotstack | AI content generation (script, images, video, voiceover, assembly) | Data processors |
| TikTok | Content publishing (when you choose to post) | Independent controller |
| Crisp | Live chat support | Data processor |
| Google Analytics | Anonymised traffic measurement (opt-in via cookie banner; IP-anonymised, no cross-site tracking) | Data processor |
| PostHog (EU) | Product analytics and funnel measurement (opt-in via cookie banner; EU-hosted, IP-anonymised, no email or cross-site tracking) | Data processor |
Polar as Merchant of Record
Polar acts as an independent data controller for payment data. When you make a purchase, Polar collects and processes your payment information under their own Privacy Policy. We do not have access to your full payment card details.
We do not sell your personal information.
API Keys (BYOK Mode)
If you provide your own API keys through Bring Your Own Keys mode:
- Keys are encrypted at rest using industry-standard encryption.
- Keys are only used to make API calls on your behalf - never for any other purpose.
- Keys are never shared with third parties.
- You may delete your keys at any time from the Brand Settings page.
Data Retention
- We retain your data for as long as your account is active.
- After account deletion, all data is permanently removed within 30 days.
- Generated media files (images, videos) are stored in cloud storage and deleted alongside your account.
- Billing records may be retained longer as required by law. Polar retains payment records independently as required for tax and regulatory compliance.
Security
We use industry-standard security measures to protect your data:
- TLS encryption for all data in transit.
- Row-level security (RLS) policies ensuring data isolation between organizations.
- Encrypted storage for API keys and sensitive credentials.
- Access to production data is restricted to authorized personnel only.
- Regular security reviews and dependency audits.
Your Rights
All users have the following rights. If you are in the EEA, UK, or Switzerland, these rights are guaranteed under the GDPR:
- Access - request a copy of your personal data.
- Rectification - update inaccurate or incomplete data.
- Erasure - delete your account and all associated data (“right to be forgotten”).
- Restriction - request that we limit processing of your data in certain circumstances.
- Portability - receive your data in a structured, commonly used, machine-readable format.
- Object - object to processing based on legitimate interest, including profiling.
- Withdraw consent - where processing is based on consent, withdraw it at any time (e.g., optional cookies via the cookie settings).
Exercise these rights by contacting us at privacy@reelry.app or using in-app controls in Settings. We will respond within 30 days (or sooner if required by law).
If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
Cookies & Tracking
We use cookies to operate the Service. You can manage your cookie preferences at any time using the cookie settings banner or the “Cookie Settings” link in the footer.
| Category | Purpose | Required |
|---|---|---|
| Strictly necessary | Authentication, session management, CSRF protection, cookie consent preference | Yes |
| Functional | Theme preferences (light/dark mode), UI state | Yes |
| Optional (analytics) | Google Analytics and PostHog (EU-hosted) - anonymised page views and product events used to understand which pages convert and where users drop off. IP-anonymised. No advertising or cross-site tracking. | No - requires consent |
| Optional (support) | Crisp live chat widget - enables real-time customer support | No - requires consent |
We do not use advertising cookies, tracking pixels, or third-party analytics that track you across websites.
Anonymous visit measurement (no cookies)
Even if you decline optional cookies, we count visits to our public pages (landing pages, free tools, public reel showcases) anonymously. This measurement works without cookies: no identifier or other personal data is stored on your device, and no stored personal data is read from it.
- What is measured: pages viewed, the referring site, and browser type - on our public pages only, never inside the logged-in app.
- How it works: no cookies are set and no identifier is stored on your device. The analytics tool reads only its own consent-status flag (strictly necessary to respect your cookie choice) and performs a one-time technical check that browser storage works, which writes a meaningless test value and removes it immediately. Your IP address and browser identifier are processed transiently on servers in the EU to compute a short-lived identifier that changes daily and cannot be reversed. Your raw IP address is not stored.
- Processor: PostHog Cloud EU (Frankfurt, Germany), under a data processing agreement.
- Legal basis: legitimate interest (Art 6(1)(f) GDPR) - measuring and improving our website.
- Retention: only aggregate statistics are kept; there is no persistent identifier that could link your visits across days.
You have the right to object to this measurement at any time (Art 21 GDPR). Use the toggle below - it takes effect immediately. We also honour your browser's Do Not Track setting: if it is enabled, no measurement takes place.
International Transfers
Health3 AG, the operator of Reelry, is based in Switzerland. The European Commission has recognised Switzerland as providing an adequate level of data protection, so transfers of personal data between the EU/EEA and Switzerland do not require additional safeguards. For transfers of personal data to other jurisdictions (for example, to our US-based service providers), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented with the Swiss Federal Data Protection and Information Commissioner's (FDPIC) recognised addendum where applicable.
- Transfers to countries with an adequacy decision from the European Commission or the Swiss Federal Council.
- Reliance on the EU–US Data Privacy Framework and the Swiss–US Data Privacy Framework where our sub-processors are certified under them.
- Additional technical and organizational measures to protect your data during transfer.
Polar processes payment data in accordance with their own international transfer mechanisms as described in their Privacy Policy.
Children’s Privacy
Reelry is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.
Contact & Data Protection
Data controller: Health3 AG, a company incorporated in Switzerland with its registered office at Wiesenstrasse 10A, 8952 Schlieren, Switzerland, Swiss VAT number CHE-396.908.066 MWST, is the data controller for personal data processed through Reelry.
For privacy-related inquiries or to exercise your data protection rights, contact us at privacy@reelry.app. We will respond within 30 days (or sooner if required by applicable law).
Postal address:
Health3 AG
Wiesenstrasse 10A
8952 Schlieren
Switzerland
EU and UK Representatives (Article 27)
Health3 AG is based in Switzerland, outside the EU/EEA and the UK. Under Article 27 of the EU GDPR and the UK GDPR we have appointed representatives that you and data protection authorities can contact about how your personal data is handled:
- EU representative: iuro Rechtsanwälte GmbH t/a Prighter, Schellinggasse 3, 1010 Vienna, Austria.
- UK representative: Prighter Ltd, United Kingdom.
You can contact the relevant representative about any data protection matter concerning your personal data.
See also: Terms of Service · Refund Policy
Get started free