Reelva
Sign in

Privacy Policy

Effective: May 19, 2026  ·  Last updated: May 19, 2026

1. Introduction

This Privacy Policy explains how Reelva (“we,” “us,” or “our”), operating at reelva.ai, collects, uses, stores, and shares your personal data when you use our Service.

By using Reelva, you agree to the collection and use of information as described in this policy. If you have questions or requests, contact us at support@reelva.ai.

2. Data We Collect

We collect the following categories of data:

  • Account data: Your email address and a hashed password (we never store plaintext passwords). Managed via Supabase Auth.
  • Generated content: The prompts you submit and the images, videos, or other outputs produced. These are stored in Supabase Storage in your account workspace.
  • Usage data: Which features and capabilities you use, credit consumption events, and timestamps of generation requests.
  • Technical data: IP address, browser type, and device information captured in server-side access logs.
  • Payment data (when payments are enabled): Billing is processed entirely by Creem.io (Singapore). We do not see, store, or have access to your credit card or banking details. We receive only billing status and subscription metadata from Creem.io webhooks.

3. How We Use Your Data

  • To create and manage your account and authenticate your sessions.
  • To generate AI content per your prompts by routing requests to upstream AI providers.
  • To apply automated content moderation to ensure compliance with our Acceptable Use Policy.
  • To process your subscription and credit transactions via Creem.io.
  • To monitor service health, detect abuse, and improve service quality.
  • To comply with applicable legal obligations.
  • To communicate with you about your account, significant service changes, and (with your consent) marketing updates.

4. AI Training Disclosure

We do not use your prompts, uploaded images, or generated outputs to train AI models.

Your data is transmitted to upstream AI providers (via toapis API aggregator) solely to fulfill your generation requests. Their data retention and training practices are governed by their own policies. We use Claude (Anthropic) via toapis for automated prompt moderation; per Anthropic's API usage policy, inputs sent via the API are not used to train Anthropic models by default.

5. Third-Party Service Providers

We share data with the following service providers, only to the extent necessary to operate the Service:

  • Supabase (Tokyo, Japan) — authentication, database, and file storage.
  • toapis — AI API aggregator routing requests to image generation (gpt-image-2), video generation (Seedance), and text/moderation (Claude via Anthropic).
  • Inngest — background job queue for asynchronous processing of generation tasks.
  • Vercel — application hosting and global CDN delivery.
  • Creem.io (Singapore, when payments are enabled) — payment processing as merchant of record.

We do not sell your personal data to third parties. We do not share your data with advertisers.

6. Data Location

Primary data (accounts, generated content, usage records) is stored on Supabase servers located in Tokyo, Japan. Application delivery is served through Vercel's global edge network, which may temporarily cache data in regions closer to you. AI inference requests are routed through toapis infrastructure.

7. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days after you close your account.
  • Generated content & prompts: Retained while your account is active or 90 days after generation (whichever is longer). Deleted upon account closure or on request.
  • Server logs (technical data): Retained for 30 days, then automatically purged.
  • Payment records: Retained for 7 years as required by applicable financial and tax regulations.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated personal data.
  • Portability: Request an export of your data in JSON format.
  • Objection: Object to certain types of processing, including direct marketing.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time.
  • Complaint: Lodge a complaint with your local data protection authority (e.g., your national DPA in the EU).

To exercise any of these rights, contact us at support@reelva.ai. We will respond within 30 days. EU/UK users: we aim to respond within the 30-day GDPR deadline. California users: we comply with CCPA rights requests.

9. Cookies

We use essential cookies to maintain your authenticated session (Supabase session cookies). These cookies are necessary for the Service to function and cannot be disabled.

We do not currently use third-party tracking, advertising, or analytics cookies. If we add analytics cookies in the future, we will update this policy with at least 7 days' advance notice.

10. Children's Privacy

Reelva is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal data from minors. If you believe a minor has created an account or submitted data through our Service, please contact us at support@reelva.ai and we will promptly delete the data and close the account.

11. Security

We implement industry-standard security measures: TLS encryption for all data in transit, and AES-256 encryption at rest via Supabase. Passwords are stored as salted hashes (bcrypt) and are never stored in plaintext.

No system is 100% secure. Despite our precautions, we cannot guarantee absolute security. You use the Service at your own risk and are responsible for maintaining the security of your account credentials.

12. International Data Transfers

By using Reelva, you acknowledge and consent to your data being transferred to and processed in Japan (Supabase), the United States and other countries (Vercel edge network), and the locations of our AI API providers (toapis and its upstream model providers). We take reasonable steps to ensure that these providers maintain appropriate data protection standards.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you at least 7 days in advance via email or an in-app notification. Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the new terms.

14. Contact

For privacy questions, data access requests, deletion requests, or complaints, contact us at: support@reelva.ai

Reelva — reelva.ai — Effective May 19, 2026