Privacy Policy

This Privacy Policy explains how ReelAutopilot (referred to as “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you visit our website, create an account, connect a social media platform, or otherwise use the ReelAutopilot service (the “Service”).

We operate from Canada and the United States. Depending on where you live, you may have additional rights under laws such as Canada’s PIPEDA, Quebec’s Law 25, the California Consumer Privacy Act (as amended by the CPRA), the EU/UK GDPR, and similar legislation. This policy is intended to satisfy our notice obligations under those laws as they apply to you.

For the purposes of the GDPR and similar laws, we act as the controller of the personal data we collect about you through the Service.

For any privacy-related question or request, contact us at help@reelautopilot.com.

ReelAutopilot is intended for users who are at least 18 years old, or the age of majority in their jurisdiction if that is higher. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so we can delete it.

We collect personal information in three main ways: directly from you, automatically as you use the Service, and from third parties you choose to connect.

3.1 Information you give us

• Account profile. Email address, display name, password (hashed), language, time zone, profile image, and any other details you add to your profile.
• Workspace content. The prompts, scripts, voice selections, brand assets, references, captions, and other inputs you provide to generate videos.
• Billing details. When you subscribe or buy credits, our payment processor (Stripe) collects your payment method, name, billing address, and tax-relevant information. We do not see or store full card numbers ourselves; we receive an opaque customer/charge identifier and minimum metadata required for receipts, taxes, and fraud prevention.
• Support communications. Anything you send us by email, chat, or contact form, including attachments and the headers needed to reply.

3.2 Information we collect automatically

• Device and connection data. IP address, browser type, operating system, device identifiers, referring URL, and timestamps.
• Usage data. Pages viewed, features used, generation jobs queued and completed, credit consumption, error events, and similar telemetry needed to operate and improve the Service.
• Cookies and similar technologies. See the “Cookies” section below.

3.3 Information from connected accounts

When you connect a third-party account to the Service (for example, signing in with Google, or linking YouTube, TikTok, or Instagram for publishing), we receive limited information from that provider as authorized by you. This typically includes:

• Your account identifier, display name, profile image, and channel or page name;
• OAuth access and refresh tokens needed to publish content on your behalf;
• Basic metadata about uploads we initiate for you (such as upload status, scheduled time, and the resulting post URL).

We do not download your followers, browsing history, private messages, or analytics beyond what is strictly required to operate the integration.

We use personal information to:

• Provide, maintain, and secure the Service (account creation, authentication, generation jobs, publishing, customer support);
• Process payments, manage subscriptions and credits, and meet our tax and accounting obligations;
• Communicate with you about your account, billing, security, and material changes to the Service or this policy;
• Send product update emails and, where permitted, marketing emails — you can unsubscribe from marketing emails at any time via the link in each message;
• Monitor and improve the Service: diagnose bugs, measure feature adoption, prevent abuse, and tune performance;
• Comply with legal obligations and enforce our Terms of Service, including responding to lawful requests from authorities and protecting our users and operations.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR:

• Performance of a contract — to provide the Service you have signed up for (account, generation, publishing, billing).
• Legitimate interests — to keep the Service secure, prevent fraud, understand product usage, and send product/service-related communications to existing customers. We balance these interests against your rights and freedoms.
• Consent — for non-essential cookies, marketing emails to non-customers, and certain optional features such as the social-proof use of profile avatars. You may withdraw consent at any time.
• Legal obligation — to retain invoices, respond to lawful requests, and meet tax, anti-fraud, and similar obligations.

ReelAutopilot uses third-party AI models (for example, large language models and voice-synthesis models) to generate the outputs you request. The prompts, scripts, and reference assets you supply are sent to those providers strictly to fulfill your request.

We do not sell your inputs or outputs. We do not use the personal information in your inputs or outputs to train our own foundation models. Where we operate fine-tuned or evaluation pipelines, we use anonymized or aggregated data that does not identify you. We require our model providers to limit their own use of your data to running the request, and we choose providers whose terms align with that.

The Service does not make automated decisions that produce legal or similarly significant effects on you within the meaning of Article 22 of the GDPR.

We keep personal information only as long as we need it for the purposes described above, unless the law requires us to keep it longer. Typical retention windows are:

• Account profile: while your account is active, and for up to 24 months after extended inactivity or account deletion, whichever comes first.
• Billing and tax records:retained for the period required by Canadian and U.S. tax/accounting law (typically 6–7 years).
• Connected-account tokens:until you disconnect the integration or revoke access from the provider’s side, after which the tokens are deleted from our systems on the next sync.
• Generated videos and inputs: 3 months from creation by default, after which they may be removed from active storage. Earlier on request.
• Operational logs: up to 12 months for security, abuse-prevention, and debugging.
• Marketing contact data: until you unsubscribe or, for prospects, up to 24 months from your last engagement.

We may keep backups for a short additional period for disaster recovery; those backups roll over and are overwritten on a defined schedule.

We do not sell your personal information. We share it only in the situations described below.

8.1 Service providers

We rely on a small number of vendors to run the Service. They process personal data only on our instructions and under contracts that require appropriate security and confidentiality:

• Vercel— web hosting, edge network, and rendering compute.
• Supabase— managed Postgres database, authentication, and file storage.
• Stripe— payment processing, subscription management, tax calculation, and invoicing.
• Resend— transactional and product-update email delivery.
• ElevenLabsand other AI inference providers — voice synthesis and language-model inference used to fulfill your generation requests.
• YouTube, TikTok, and Instagram APIs— only to publish content you explicitly schedule.
• Analytics and product-telemetry tools— used to understand aggregate product usage and detect errors.

8.2 At your direction

When you publish a video to a connected social account, the video and its metadata go to that platform under their own terms and privacy policies.

8.3 Legal and safety

We may disclose information if we believe in good faith that disclosure is required by law, court order, or governmental request, or is necessary to protect the rights, property, or safety of ReelAutopilot, our users, or the public, or to investigate fraud or security incidents.

8.4 Business transfers

If ReelAutopilot is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to the receiving party honoring this policy or providing reasonable notice of any change.

Because we operate from Canada and the United States and use service providers in those countries, personal information you submit will be transferred to, stored, and processed in jurisdictions outside your country of residence, including jurisdictions whose data-protection laws may differ from yours.

When we transfer personal data of EU/UK/Swiss users outside their region, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses, the UK Addendum, and equivalent mechanisms.

Where you connect a YouTube channel, the Service uses the YouTube API Services to read minimal channel information and to upload videos that you explicitly schedule. Your use of that integration is also subject to the YouTube Terms of Service and the Google Privacy Policy.

We store the OAuth access and refresh tokens issued by Google solely so we can publish content on your behalf. You can revoke that access at any time from your Google security settings, or by disconnecting the channel inside ReelAutopilot, which removes the tokens from our systems.

Google user data limits. Where we receive Google user data through Google API Services we:

• Use it only to provide the user-facing features you have enabled (for example, identity, channel selection, publishing);
• Do not use it to develop, improve, or train any generalized AI or ML model;
• Do not transfer it to third parties for advertising, resale, credit assessment, or any purpose other than operating the requested feature;
• Do not allow humans to read it, except with your explicit consent, when required for security or to comply with law, or when the data has been aggregated and de-identified.

Our handling of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

We use a small number of strictly necessary cookies (for authentication and basic session handling), as well as analytics and product-telemetry cookies that help us understand how the Service is used and where it breaks.

Where required by law, we ask for your consent before setting non-essential cookies. You can change your choices at any time via the cookie preferences control in the footer of our site, and you can also clear or block cookies in your browser settings. Blocking strictly necessary cookies will prevent you from signing in.

We may also use server-side measurement to track conversions and ad performance with platforms such as Google, Meta, and TikTok. When required by law, this is done only with your consent, and where we share hashed identifiers (such as a hashed email) the receiving platform is bound by its own published advertiser terms.

We take reasonable technical and organizational measures designed to protect personal information, including encryption in transit (TLS), encryption at rest for our databases and storage buckets, strict access controls on our production environment, single-sign-on for our staff, audit logging, regular dependency updates, and a least-privilege approach to service-account scopes.

No internet-based service is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority and, where required, affected users without undue delay (and within 72 hours where feasible).

Subject to local law and verification of your identity, you may have the right to:

• Access the personal information we hold about you;
• Correct information that is inaccurate or incomplete;
• Delete personal information (with exceptions for data we are legally required to keep);
• Restrict or object to certain processing, including processing based on legitimate interests;
• Receive a portable copy of certain personal data in a machine-readable format;
• Withdraw consent at any time, without affecting the lawfulness of processing done before withdrawal;
• Lodge a complaint with a supervisory authority. In Canada, this is the Office of the Privacy Commissioner; in the EU, your local data-protection authority; in the UK, the ICO. We would appreciate the chance to address your concerns first.

California residents have additional rights under the CCPA/CPRA, including the right to know the categories of personal information collected and shared, the right to delete, the right to correct, the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising these rights. We do not sell personal information and do not knowingly share it for cross-context behavioral advertising of minors under 16.

To exercise any of these rights, email help@reelautopilot.com. We will respond within the timeframes required by applicable law (typically 30 days).

If you are an existing customer, we may send you product-related emails based on our legitimate interest in telling you about features and improvements that are relevant to your account. If you are not yet a customer, we only send marketing emails with your consent.

Every marketing email contains an unsubscribe link. You can also email help@reelautopilot.com to opt out. Even if you opt out of marketing, we will still send essential transactional emails such as receipts, security alerts, and important changes to the Service.

Our team members and contractors who handle personal information are bound by written confidentiality obligations that continue after their engagement ends. We grant access on a need-to-know basis and review access regularly.

We may update this Privacy Policy from time to time. When we do, we will update the “Effective date” at the top of this page. If a change is material, we will give you additional notice in the product or by email. Continued use of the Service after the updated policy takes effect means you accept it.

For any privacy question, access or deletion request, or complaint, email help@reelautopilot.com.