Privacy Policy

Effective Date: April 20, 2026

PhotoReel ("we", "our", "us") takes privacy seriously. This Privacy Policy explains what personal data we collect when you use photoreel.app, how we use it, who we share it with, and the rights you have over it. It applies to all visitors and registered users worldwide.

1. Data We Collect

  • Account data — email address, display name, and (optionally) profile picture when you sign up or sign in through Google / GitHub OAuth.
  • Content you upload — reference photos, text prompts, and any other inputs you submit to generate video.
  • Generated content — videos produced from your inputs, stored so you can redownload them.
  • Billing data — subscription tier, credit balance, and transaction IDs. Card / bank details are handled directly by our payment processor (Creem); we never see or store your card number.
  • Technical data — IP address, browser / device type, and timestamps. Used for security monitoring and abuse prevention only.

2. How We Use Your Data

  • To provide the video generation service itself.
  • To process payments, manage credit balances, and send receipts.
  • To send essential service notifications (failed generations, billing issues, security alerts). We do not send marketing email without explicit opt-in.
  • To improve the service through aggregated, anonymized usage analytics. We do not use your uploaded photos or generated videos to train AI models.
  • To detect and prevent fraud, abuse, and violations of our Terms of Service.

3. Data Retention

Uploaded reference photos and generated videos are automatically deleted from our infrastructure 30 days after creation. Account metadata (email, credit balance, purchase history) is retained for as long as your account is active and for up to 12 months after account closure to comply with financial record-keeping obligations.

You can request earlier deletion of specific videos directly from the "My Creations" page, or request full account deletion by emailing support@photoreel.app.

4. How We Share Data

We do not sell your personal data. We share data only with the following categories of subprocessors, strictly for the purpose of running PhotoReel:

  • Cloud infrastructure & storage — the servers that host the site and the object storage that holds your uploads and generated videos.
  • AI inference providers — the engines that actually generate your video. Prompts and reference photos are sent to the inference provider solely to run the generation, and the provider is contractually prohibited from retaining them beyond that.
  • Payment processor — Creem, for billing and subscription management.
  • Email delivery — for transactional email (receipts, password resets, security alerts).

We may also disclose data when legally required (court order, lawful request from a government agency) or when necessary to protect the rights, property, or safety of PhotoReel, our users, or the public.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Request a portable copy of your data in a machine-readable format.
  • Object to or restrict certain processing (e.g. the security-monitoring use of IP address data).
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with a data protection authority (e.g. the ICO in the UK, a DPA in the EU).

EU / UK / Swiss users: under GDPR / UK GDPR, our lawful bases for processing are contractual necessity (to deliver the service you purchased), consent (for optional marketing), and legitimate interest (for security / abuse-prevention). You can exercise any of these rights by emailing us at the address below — we respond within 30 days.

California residents: you have the rights described in the CCPA / CPRA, including the right to know, delete, and correct. We do not sell personal information and do not share it for cross-context behavioral advertising.

6. Data Security

Data in transit is protected with TLS. Stored media is access-controlled and isolated per-user. Passwords are never stored — authentication goes through OAuth providers. No online service can guarantee absolute security; if we ever become aware of a breach affecting your data, we will notify you as required by applicable law.

7. International Transfers

PhotoReel operates globally. Your data may be transferred to and processed in countries other than the one you live in. When we transfer data out of the EU / UK, we rely on Standard Contractual Clauses approved by the European Commission (and the UK IDTA where applicable).

8. Children's Privacy

PhotoReel is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you are a parent / guardian and believe your child has provided us personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in-product or by email at least 14 days before they take effect. The "Effective Date" at the top of this page always reflects the current version.

10. Contact

For privacy questions, data-subject requests, or to report a concern, email support@photoreel.app.