Privacy Policy

1. Data We Collect

1.1 Account Information

When you create an account, we collect your email address and, where you sign in with Google, your name and Google profile picture. If you register with email and password, we store a hashed (never plain-text) version of your password.

1.2 Product URLs and Scraped Content

When you submit a product URL to generate an ad, we store that URL and pass it to our web-scraping pipeline, which fetches publicly available text and screenshots from the target page. The scraped content (product name, description, pricing, images) is stored temporarily to generate your video and may be retained as part of your project history.

1.3 Generated Assets

We store the intermediate and final outputs of the generation pipeline on your behalf, including AI-generated scripts, synthesized voiceover audio files, and the final rendered MP4 video advertisements. These files are associated with your account and are accessible to you through the Service dashboard.

1.4 Usage and Technical Data

We automatically collect certain technical data when you use the Service, including your IP address, browser type and version, operating system, pages visited within the Service, timestamps, and error logs. This data is used for security, debugging, and improving the Service. We do not use this data to build advertising profiles.

1.5 Payment Information

We do not collect or store your payment card details. All payment processing is handled directly by Paddle (see Section 3). We receive only non-sensitive billing metadata from Paddle, such as your subscription status, plan type, and transaction IDs.

2. How We Use Your Data

We use the data we collect for the following purposes:

• Providing the Service: Processing your product URLs, running the generation pipeline, delivering finished video ads, and displaying your project history.
• Account management: Creating and maintaining your account, authenticating you, managing your credit balance, and processing subscription billing.
• Communication: Sending transactional emails (e.g., generation complete, payment receipts, account security alerts). We may also send product update emails; you can unsubscribe from these at any time.
• Service improvement: Analyzing aggregate, anonymized usage patterns to improve generation quality, performance, and user experience.
• Security and fraud prevention: Detecting and responding to abuse, unauthorized access, or violations of our Terms of Service.
• Legal compliance: Meeting obligations under applicable law or responding to valid legal process.

We do not sell your personal data, rent it to advertisers, or use your submitted product content or generated videos to train generative AI models without your explicit, opt-in consent.

3. Third-Party Services

To operate the Service, we engage the following sub-processors. Each processes only the minimum data necessary for their function.

4. Data Storage and Security

Your data is stored in Supabase-managed PostgreSQL databases and object storage, backed by AWS. All data is encrypted in transit using TLS 1.2 or higher. Database backups and stored files are encrypted at rest using AES-256. Row-level security (RLS) policies ensure that each user can only access their own data.

We implement reasonable administrative, technical, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a data breach that affects your personal information, we will notify you by email within 72 hours of becoming aware, where required by applicable law.

5. Cookies and Local Storage

We use a minimal set of cookies. The Service sets Supabase authentication cookies (session tokens) solely to keep you logged in across page loads. These are strictly necessary for the Service to function and cannot be disabled without breaking authentication.

We do not use any third-party advertising, analytics, or tracking cookies. We do not embed tracking pixels or fingerprinting scripts.

You can clear cookies at any time via your browser settings, which will log you out of the Service.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide you with the Service. Specifically:

• Account data (email, name): Retained until you delete your account, plus up to 30 days for backup recovery.
• Project data (URLs, scripts, generated videos): Retained while your account is active. Videos older than 12 months may be archived or deleted to manage storage costs; we will notify you before deleting your content.
• Usage logs (IP, browser, timestamps): Retained for up to 90 days for security and debugging purposes, then purged.
• Billing records: Retained for 7 years as required by applicable accounting and tax law.

Upon account deletion, all personal data (except billing records and any data required by law) will be permanently deleted from our live systems within 30 days and from backup systems within 90 days.

7. Your Privacy Rights

Depending on where you reside, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@reelforge.ai and we will respond within 30 days.

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to our retention obligations described in Section 6.
• Export / Portability: Request an export of your generated videos and project data in a machine-readable format. You can also download individual videos directly from your dashboard at any time.
• Objection / Restriction: Object to or request restriction of certain processing activities (e.g., direct marketing emails).
• Withdrawal of consent: Where processing is based on consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.

8. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@reelforge.ai and we will take steps to delete that information. If you are between 13 and 18 years of age, you must have the consent of a parent or legal guardian to use the Service.

9. International Data Transfers

Reelforge is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States and potentially other countries where our sub-processors operate. These countries may have data protection laws that differ from those in your home country. Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms to protect your data in cross-border transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email and by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the Service after the revised policy takes effect constitutes your acceptance of the changes. If you do not agree to the revised policy, please stop using the Service and delete your account.

11. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our privacy team: