Privacy Policy

1.1 Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Password (hashed, never stored in plain text)

1.2 Face and Voice Data

When you use our cloning feature, we collect:

• A video recording of your face and voice (uploaded by you)
• Extracted facial reference data used for video generation
• A voice model created from your audio

This data is classified as biometric data and is handled with the highest level of protection. See Section 4 for details.

1.3 Content Data

• Scripts you create or approve
• Videos generated by the Service
• Content preferences, niche selection, and style profiles
• Scheduling and posting preferences

1.4 Connected Social Media Accounts

When you connect your TikTok, Instagram, YouTube, X (Twitter), Facebook, or LinkedIn account, we receive:

• An OAuth access token and refresh token (used to post on your behalf)
• Your platform username and user ID
• Basic profile information provided by the platform

We use the minimum scopes required for publishing + reading your own post metrics. We do not access your direct messages, your followers list (other than aggregate counts where the API provides them as part of post metrics), or any data unrelated to publishing or analytics.

Per-platform OAuth scopes we request:

1.5 Usage Data

• Pages visited, features used, and actions taken within the Service
• Device type, browser, operating system
• IP address (used for security and fraud prevention)
• Timestamps of activity

1.6 Payment Information

Payments are processed by our third-party payment provider (Dodo Payments), which acts as our merchant of record and handles tax collection and remittance globally. We do not store your credit card number, bank account details, or other payment credentials. We receive only:

• Subscription status (active, cancelled, expired)
• Plan type (Starter, Pro, Max)
• Credit pack purchase history
• Per-call credit usage records (which features you used)
• The Dodo customer ID and subscription ID linked to your account

1.7 AI-Generated Content Disclosure

All videos generated by reelmee are marked as AI-generated:

• Captions automatically include an “#AIgenerated” hashtag where relevant
• TikTok publishes set the platform's is_aigc AI-generated content flag
• Video descriptions on YouTube include the AI-generated label per YouTube's synthetic-content policy

This is required by every platform's 2024+ AI content rules and is non-optional.

We use your information solely to provide, maintain, and improve the Service:

We do not:

• Sell your personal information to anyone
• Use your face or voice data to train models for other users
• Share your data with advertisers
• Use your content for our own marketing without your explicit permission

We share your information only in these limited circumstances:

3.1 Third-Party Service Providers

We use trusted third-party services to operate the platform:

All providers are bound by their own privacy policies and data processing agreements.

3.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

3.3 Business Transfers

If Reelmee is acquired, merged, or sells assets, your information may be transferred. We will notify you before your data is subject to a different privacy policy.

3.4 With Your Consent

We may share information for any other purpose with your explicit consent.

We understand that face and voice data is sensitive. We apply additional protections:

4.1 Collection

• We collect face and voice data only when you explicitly upload a video for cloning
• You must confirm that you are the person in the video, or that you have written consent from the person depicted
• We never collect face or voice data passively or without your action

4.2 Storage

• Face and voice models are encrypted at rest using industry-standard encryption (AES-256)
• Data is encrypted in transit using TLS 1.2+
• Stored on secure, access-controlled infrastructure
• Access is limited to automated systems that generate your content — no human reviews your biometric data

4.3 Usage

• Your face and voice data is used exclusively to generate content for your account
• We do not use your biometric data to train general AI models
• We do not use your biometric data to identify you or anyone else
• We do not share your biometric data with other users

4.4 Retention and Deletion

• Your face and voice data is retained only as long as your account is active
• Upon account deletion, all biometric data is permanently deleted within 30 days
• You can request immediate deletion of your face and voice data at any time from your account settings, without deleting your entire account
• Once deleted, biometric data cannot be recovered

4.5 Compliance

We handle biometric data in accordance with applicable regulations including but not limited to:

• Illinois Biometric Information Privacy Act (BIPA) principles
• EU General Data Protection Regulation (GDPR) — biometric data as special category data
• UK Data Protection Act 2018
• California Consumer Privacy Act (CCPA)

After account deletion:

• All personal data is deleted within 30 days
• Anonymized, aggregated usage data may be retained for analytics (this data cannot identify you)

6.1 All Users

• Access: Request a copy of your personal data
• Deletion: Delete your account and all associated data
• Correction: Update inaccurate information
• Data portability: Export your content data
• Withdraw consent: Disconnect social accounts, delete biometric data, or close your account at any time

6.2 EU/UK Users (GDPR)

In addition to the above:

• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with a supervisory authority
• Legal basis for processing: consent (biometric data), contract performance (account and service data), legitimate interest (usage data and security)

6.3 California Users (CCPA)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights

6.4 How to Exercise Your Rights

• Self-service: Most actions (deletion, data export, disconnecting accounts) are available in your account settings
• Email: For any request, contact us at hello@reelmee.app
• Response time: We respond to all requests within 30 days

We implement appropriate technical and organizational measures to protect your data:

• Encryption at rest (AES-256) and in transit (TLS 1.2+)
• Secure authentication with hashed passwords
• OAuth tokens encrypted in database
• Access controls limiting data access to necessary systems only
• Regular security reviews
• No human access to biometric data — processing is fully automated

No system is 100% secure. If we become aware of a security breach affecting your personal data, we will notify you and relevant authorities as required by law.

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal data, contact us at hello@reelmee.app.

Your data may be processed in countries other than your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (EU/UK transfers)
• Data processing agreements with all service providers
• Encryption of data in transit and at rest

We use minimal cookies:

We do not use:

• Third-party advertising cookies
• Cross-site tracking
• Fingerprinting

We may use basic analytics (e.g., Vercel Analytics) to understand page views and feature usage. This data is aggregated and does not personally identify you.

The Service may contain links to third-party websites or services (e.g., TikTok, Instagram, YouTube). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, contact us at:

Email: hello@reelmee.app
Website: reelmee.app

For the purposes of GDPR and UK data protection law, the data controller is:

Reelmee
Email: hello@reelmee.app
Website: reelmee.app