Privacy Policy

ReelEstate Oppong(trading as ReelEstate, “we”, “us”, “our”) operates the tryreelestate.io web application, which helps real estate professionals turn property photos into AI-generated marketing videos and publish them to their own social media channels.

We are established in Switzerland with our registered seat at Route Aloys-Fauquez 73, 1018 Lausanne, Switzerland. We are the data controller within the meaning of art. 5 lit. j of the Swiss revised Federal Act on Data Protection (“revFADP” / LPD) and, where applicable to users in the European Economic Area or United Kingdom, art. 4(7) GDPR. You can reach us at privacy@tryreelestate.io.

We collect only what we need to operate the service:

• Account information. When you sign in (typically via Google), we receive your name, email address, and profile photo through Firebase Authentication. We never see your Google or LinkedIn password.
• Phone number for verification. Once during sign-up we ask you to verify a mobile number by SMS code, processed by Firebase Authentication. We use this only to confirm you are a real person and to deter abuse — never for marketing, never for outbound calls, and we do not share it with any third party. You can request its deletion at any time (see §8).
• Brand Kit data. Your agency name, contact phone shown on branded videos, brand colors, uploaded logo, and headshot photos that you choose to provide. (This contact phone is separate from the verification number above — the verification number is never displayed in your videos.)
• Project content. Property photos you upload, prompts you write, scripts you compose, and the AI-generated videos, voiceovers, and music produced from them.
• Connected social accounts. When you connect a Facebook Page, Instagram Business account, or LinkedIn account, we record the public account name, account ID, and avatar so we can show you which account is linked. The underlying access tokens that allow us to publish on your behalf are stored in Google Secret Manager and are never returned to your browser or shared with third parties.
• Billing data. If you subscribe, Stripe collects and processes payment-card information directly. We receive only non-sensitive metadata (subscription tier, period end, customer ID).
• Operational logs. Standard request logs (timestamp, route, IP, user agent) needed to keep the service secure and debug failures. These are retained for up to 30 days.

• To authenticate you and keep your account secure.
• To render the AI videos, voiceovers, and music you request, and to store the resulting media in your account.
• When you click "Share", to publish the specific video and caption you select to the social account you have connected, with your explicit per-post action.
• To bill you, if you are on a paid plan.
• To provide customer support and to debug failures you report.
• To send essential service emails (e.g., billing receipts, security notices). We do not send marketing emails without separate opt-in.

Under the revFADP we process your data because it is necessary to perform the contract you enter into when you sign up, because we have a legitimate overriding interest (e.g. service security, fraud prevention, debugging), or because the law requires it (e.g. accounting). For users in the EEA / UK, the equivalent GDPR legal bases are art. 6(1)(b) (contract), art. 6(1)(f) (legitimate interest), and art. 6(1)(c) (legal obligation). When we ask for your consent (e.g. marketing emails or connecting a social account), the legal basis is your consent, which you can withdraw at any time.

We do not sell your personal data, your media, or your social-account data. We do not use your project content to train third-party AI models.

This section is provided to comply with LinkedIn's Platform Guidelines.

• When you click “Connect LinkedIn” we initiate an OAuth 2.0 flow with the scopes openid, profile, email, and w_member_social. You are shown the LinkedIn consent screen before any data leaves LinkedIn.
• We retrieve only your public profile (name, profile picture, member URN) and email address, and we use these solely to display which account is linked.
• We use the w_member_socialpermission only when you explicitly click “Post” in the share dialog, to publish the specific video and caption you selected.
• We do not auto-post, schedule posts in the background, or read your existing feed, connections, or messages.
• When you click “Disconnect” in your Brand Kit, your LinkedIn access and refresh tokens are immediately disabled in our credential store and the account metadata is removed from your profile. We do not retain a working copy.

We use a small number of vetted infrastructure providers. Each receives only the data strictly needed to perform its function on our behalf:

• Google Cloud Platform & Firebase — authentication, database, file storage, secret storage, and serverless hosting.
• Google Vertex AI / Gemini — the AI models that generate videos, voiceovers, music, and refined captions from your inputs.
• Stripe — payment processing for paid plans.
• Meta (Facebook / Instagram) & LinkedIn — only when you explicitly publish a post, and only the post content you authored.

We do not share your data with advertising networks, data brokers, or analytics companies that build cross-site profiles.

Your data is hosted on Google Cloud infrastructure. Our primary database and file storage regions are located in the European Union and Switzerland (Zurich, europe-west6). AI inference (Vertex AI / Gemini) and certain Google support services may process your data in the United States or other regions where Google operates.

Where personal data is transferred outside Switzerland or the EEA to a country that has not been recognised as providing an adequate level of protection, we rely on appropriate safeguards under art. 16 revFADP and art. 46 GDPR. In particular:

• Transfers to the EEA / UKrely on the Federal Council's adequacy decision and the European Commission's adequacy decision for Switzerland.
• Transfers to the United States rely on the Swiss-U.S. Data Privacy Framework (where the importer is certified) and, as a fallback, the Standard Contractual Clauses approved by the European Commission, as adapted by the Swiss FDPIC for use in Switzerland.
• Transfers to any other third country rely on those Standard Contractual Clauses, supplemented by technical measures such as in-transit and at-rest encryption.

You can request a copy of the relevant safeguards by emailing privacy@tryreelestate.io.

• Account information: as long as your account exists, plus up to 90 days after deletion for safety and dispute resolution.
• Project content (photos, videos, scripts): until you delete the project or your account.
• Connected social account tokens: until you click "Disconnect" or delete your account.
• Billing and accounting records: ten years from the close of the financial year, as required by art. 958f of the Swiss Code of Obligations.
• Operational logs: up to 30 days.

Under the revFADP (and GDPR, where it applies to you), you have the following rights with respect to your personal data:

• Right of access (art. 25 revFADP / art. 15 GDPR) — to obtain confirmation of whether we process your data and a copy of it. We respond free of charge within 30 days.
• Right to rectification (art. 32 revFADP / art. 16 GDPR) — to have inaccurate data corrected.
• Right to erasure (art. 32 revFADP / art. 17 GDPR) — to have your data deleted, subject to our legal retention duties (see §7).
• Right to data portability (art. 28 revFADP / art. 20 GDPR) — to receive your data in a structured, commonly used, machine-readable format.
• Right to object to processing based on a legitimate interest, on grounds relating to your situation.
• Right to withdraw consent at any time, where consent is the basis for processing, without affecting the lawfulness of prior processing.
• Right not to be subject to a decision based solely on automated individual decision-making with legal or similarly significant effects. We do not currently make such decisions.

To exercise any of these rights, email privacy@tryreelestate.io. We may need to verify your identity before responding.

You can also delete your account at any time from Settings. Deletion removes your projects, brand kit, and connected-account metadata, and disables any stored OAuth credentials.

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (PFPDT / FDPIC), Feldeggweg 1, 3003 Bern (www.edoeb.admin.ch). EEA / UK users may instead complain to their local supervisory authority.

We follow industry-standard practices to protect your data: TLS in transit, encryption at rest for database and file storage, and isolation of third-party access tokens in Google Secret Manager with IAM-scoped access.

In line with art. 24 revFADP and art. 33 GDPR, if we become aware of a personal data breach likely to result in a high risk to your rights, we will notify the FDPIC (and, where applicable, the relevant EEA supervisory authority) as soon as possible, and we will inform affected users without undue delay where the law requires it.

No system is perfectly secure, and we encourage you to use a unique password for your authentication provider and to enable two-factor authentication there.

tryreelestate.io is a B2B tool and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with information, contact us and we will delete it.

We may update this policy as the service evolves. Material changes will be announced by email and a notice in the app at least 14 days before they take effect. The effective date at the top of this page is updated with each revision.

This privacy notice and any non-contractual obligations arising out of it are governed by Swiss law, to the exclusion of conflict-of-laws rules and the United Nations Convention on Contracts for the International Sale of Goods.

Subject to mandatory consumer-protection rules that may apply in your country of residence, the exclusive place of jurisdiction for any dispute is Lausanne, Canton of Vaud, Switzerland. Nothing in this clause limits your right to lodge a complaint with the FDPIC or, where applicable, your local supervisory authority.

For privacy questions, data-access requests, or to report a concern, email privacy@tryreelestate.io or write to ReelEstate Oppong, Route Aloys-Fauquez 73, 1018 Lausanne, Switzerland. A French-language version of this notice is available on request.