Privacy Policy

When you create an account, use the Platform, or contact us, we may collect:

• Full name and email address
• Password (encrypted) and account preferences
• Company name, if applicable
• Payment information (handled via Stripe – we do not store full card data)
• User-generated content (e.g., prompts, text inputs, video or audio uploads)
• Responses to support tickets or feedback forms
• Parental or guardian consent documentation (for users under 18, when applicable)

When you interact with the Platform, we automatically collect technical and usage-related data, including:

• IP address, geolocation (approximate), and browser/device type
• Operating system, screen resolution, and language settings
• Session duration, clickstream behavior, and usage logs
• Pages visited, features used, time spent per action
• Referrer URLs and timestamps
• AI processing requests and generation metadata (e.g., type of model used, success/failure logs)

We may receive and process data from trusted external services integrated into the Platform:

• Stripe - payment tokens, transaction metadata, billing status
• OpenAI – AI-generated output data and usage logs (non-identifiable unless paired with user ID)
• Speechify & AssemblyAI – speech synthesis and transcription metadata (e.g., duration, language)
• YouTube API (Clipper Tool) – video IDs, clip parameters, and preview thumbnails
• Cloudflare – CDN usage data, image rendering requests, protection logs, anomaly detection

We ensure all third-party providers are contractually obligated to process Personal Data only as necessary to deliver their services in compliance with applicable privacy laws.

We use the information we collect for the following purposes:

We rely on one or more of the following legal bases when processing your Personal Data:

• Performance of a Contract – when data is required to provide you with access to the Platform or fulfill a service (e.g., AI content generation, account management)
• Legitimate Interests – when processing is necessary for the operation, improvement, or protection of our Platform, provided such interests are not overridden by your rights
• Consent - when we rely on your explicit permission to process your data, particularly for optional features, marketing communications, or parental authorization
• Legal Obligation – when required by law, regulation, court order, or public authority (e.g., tax records, fraud investigations)
• Vital Interests – in limited cases, to protect the rights or safety of individuals or the public (e.g., reporting abuse or criminal activity)

We may use the following categories of cookies:

• Essential Cookies: Required for the basic operation of the Platform, such as login sessions, security, and fraud prevention. Without these, the Platform cannot function properly.
• Functional Cookies: Enhance user experience by remembering preferences (e.g., language, layout settings) or allowing optional features to operate smoothly.
• Analytics Cookies: Collect aggregated, anonymous usage data to help us understand how users interact with the Platform. This includes session length, feature usage, and traffic sources.
• Performance and Debug Cookies: Used for platform monitoring, performance optimization, and internal diagnostics, particularly during beta features or whitelabel deployments.
• Marketing Cookies (if applicable): Used to deliver and track personalized content or promotional material. These are only enabled with your explicit consent.

Upon your first visit, we may display a cookie consent banner or preference center in order to comply with applicable data protection and ePrivacy laws, including but not limited to the GDPR and CCPA.

This mechanism allows users to:

• Accept or reject non-essential cookies
• Access detailed cookie preferences
• Read this Privacy Policy and our dedicated Cookie Policy

Your choices can be modified at any time via your browser preferences. Some features may be limited if certain cookies are disabled.

We may allow third-party services to set cookies or other tracking mechanisms through our Platform. These may include (but are not limited to):

• Google Analytics – for traffic and usage behavior analysis
• Cloudflare - for performance, CDN optimization, and bot mitigation
• Stripe - for secure payment authentication
• YouTube API – to load previews or enable video clipping
• OpenAI / Speechify / AssemblyAI – may log access requests for service integrity

These third parties may collect information under their own privacy and cookie policies. We recommend reviewing their terms for more detail.

We may disclose your Personal Data to the following categories of recipients:

• Payment Processors: To facilitate transactions, subscription billing, and fraud prevention
  • Stripe
• AI and Content Generation Providers: To process prompts, generate AI-based content, and support advanced features
  • OpenAI (text, video, and image generation)
  • Speechify and AssemblyAI (voice cloning, transcription)
• Security and Infrastructure Services: For system performance, uptime, DDoS protection, and secure content delivery
  • Cloudflare (CDN, image optimization, WAF)
• Analytics and Platform Monitoring: To analyze usage trends, optimize features, and enhance the user experience
  • Google Analytics (or equivalent, if enabled)
  • Internal tools and logs
• Third-Party API Services: To support user-requested features
  • YouTube API (used in the Clipper module)
• Internal Staff and Contractors: Authorized team members, agents, or contractors with a legitimate operational need, all of whom are subject to strict confidentiality obligations.

All third-party processors are contractually bound to:

• Process data only under our documented instructions
• Maintain appropriate technical and organizational safeguards
• Not share or use data for unrelated purposes
• Assist with compliance (e.g., data breach notification, subject access requests)

We conduct due diligence before onboarding any service provider and regularly review their compliance status.

Your information may be processed in the United States or other countries outside your jurisdiction. In such cases, we ensure:

• Compliance with GDPR Chapter V for EU/EEA users
• Use of Standard Contractual Clauses (SCCs) or equivalent safeguards
• Compliance with CCPA and UK GDPR for California and UK residents
• Notification in case of change in data location or hosting policy

We may disclose Personal Data if required to:

• Comply with applicable law, court order, or government request
• Respond to lawful requests by public authorities, including to meet national security or law enforcement requirements
• Prevent, detect, or investigate fraud, abuse, or technical issues

Such disclosures will always be carefully reviewed and limited to the minimum necessary.

All user data is securely stored using reputable infrastructure and service providers, including but not limited to:

• Cloud-based storage hosted in the United States and other regions as needed for performance optimization (e.g., via Cloudflare CDN, Stripe, and OpenAI).
• Data may be replicated across secure servers for redundancy and reliability.

Note: Aggregated, anonymized usage data may be retained indefinitely for statistical and analytical purposes.

We perform regular data purging and archiving routines to ensure compliance with retention standards. Where data is no longer necessary:

• It is securely deleted, or
• Pseudonymized/anonymized and retained for legitimate internal use.

Users may also request manual deletion of their data at any time (see Section 8: Your Rights).

When a user deletes their account:

• Personal identifiers are removed from all live databases within 30 days.
• Residual data in backups and logs may persist up to 90 days but will not be actively processed.
• AI content stored manually by the user may remain accessible unless removed by the user directly.

You have the right to request confirmation of whether we process your Personal Data, and if so, to access a copy of the data along with information about the processing activities.

You may request that we correct or complete any inaccurate or incomplete Personal Data about you.

You have the right to request the deletion of your Personal Data, provided that:

• The data is no longer necessary for the purposes for which it was collected;
• You withdraw your consent (where applicable);
• There is no overriding legitimate interest or legal obligation to retain it.

We will fulfill such requests unless legally or contractually prohibited.

You may request that we limit the processing of your Personal Data when:

• The accuracy of the data is contested;
• Processing is unlawful and you oppose deletion;
• You need the data for legal claims;
• You object to processing pending verification.

You may object to the processing of your data based on our legitimate interests or for marketing purposes. We will honor all valid objections unless we have compelling legitimate grounds to continue processing.

Where processing is based on consent or a contract and carried out by automated means, you may request a structured, commonly used, and machine-readable copy of your Personal Data.

If you have given consent for a specific processing activity, you may withdraw it at any time without affecting the lawfulness of prior processing.

If you believe that your rights have been violated, you may contact us at [email protected] or lodge a complaint with your local data protection authority.

• For EU users: You may contact your national supervisory authority.
• For California residents: See Section 9 for specific CCPA rights. (Note: Section 9 covers Age, should link to relevant CCPA section if separate)

To protect your privacy, we may require you to verify your identity before fulfilling any data rights request. This may include providing specific information or responding to a confirmation email.

If a request is made on your behalf, we may require written authorization or a legal basis (e.g., parental consent for minors).

The Platform is not intended for use by children under the age of 13. We do not knowingly collect, store, or process Personal Data from anyone under this age threshold.

If we become aware that a user under the age of 13 has provided us with Personal Data, we will take immediate steps to delete that data and disable the associated account.

Users who are at least 13 years old may create and use an account on ReelsBuilder.ai. By accessing and using the Platform, users confirm that they are at least 13 years of age.

If you are between the ages of 13 and 17, you confirm that you are using the Platform with the knowledge and presumed consent of a parent or legal guardian.

We may request users to declare their date of birth during registration or in connection with age-sensitive features. If a user declares an age under 13, access will be denied, and no data will be collected.

For users between 13 and 17, no parental form is required, but use of the Platform implies parental awareness and consent.

We apply additional privacy safeguards for users between the ages of 13 and 17, including but not limited to:

• Default restrictions on public sharing of generated content
• Optional disabling of advanced features (e.g., voice cloning)
• Internal tagging of minor accounts for additional oversight
• Secure and confidential processing of all minor-related data

Parents or legal guardians of users aged 13 to 17 may, at any time:

• Request access to the minor's Personal Data
• Request correction or deletion of such data
• Request deactivation of the account and withdrawal of assumed consent

To exercise these rights, please contact us at [email protected] with proper identity verification.

Our security infrastructure includes, but is not limited to:

• Encrypted data transmission (TLS/SSL) for all network communication
• Encrypted storage of sensitive information (e.g., credentials, API keys)
• Role-based access control (RBAC) for internal systems
• Two-factor authentication (2FA) for administrative access
• Firewall, DDoS protection and bot mitigation powered by Cloudflare
• Data isolation between users, including for whitelabel clients
• Regular vulnerability scanning and penetration testing

Content generated via ReelsBuilder.ai (text, images, video, voice) is:

• Processed via secure and authenticated APIs (e.g., OpenAI, AssemblyAI)
• Stored only as long as necessary (see Section 7 – Retention)
• Not publicly accessible unless explicitly shared by the user
• Subject to deletion or anonymization upon user request

We maintain an internal incident response plan to detect, investigate, and mitigate potential data breaches or system anomalies. In the event of a data breach involving your Personal Data:

• We will notify you without undue delay, and no later than 72 hours when legally required
• We will provide details about the nature of the breach, affected data, and corrective actions taken

While we take extensive precautions, users are responsible for:

• Keeping their login credentials secure
• Avoiding reuse of passwords across platforms
• Not sharing account access with unauthorized individuals
• Reporting suspicious activity or potential vulnerabilities to [email protected]

While we follow strict protocols to safeguard data, no online service can guarantee absolute security. You acknowledge that transmission of data over the internet involves inherent risks and that we cannot warrant the security of information transmitted to or from the Platform.

Prompts, text instructions, audio clips, and other materials submitted by users to generate AI content are processed securely and:

• Are not used to train public models (e.g., OpenAI's general foundation models),
• Are retained temporarily and exclusively for the purpose of delivering your requested output,
• May be anonymized and aggregated for internal analysis to improve service performance and reliability.

We do not share user prompts or inputs with third parties beyond the scope of content generation.

Content generated by the Platform—such as AI-edited videos, synthesized voice, or generated images—remains under the control of the user (see Section 4 and 6). We do not use AI-generated output for public dataset creation, third-party model training, or resale purposes.

To ensure the reliability, accuracy, and security of our AI systems, we may:

• Analyze usage patterns in an aggregated, non-identifiable manner
• Review failed generation logs for troubleshooting
• Monitor model performance (e.g., latency, error rates)
• Improve prompt handling for better relevance and safety

Such activities are performed under strict confidentiality and with no impact on personal privacy.

Users operating under a paid plan or whitelabel agreement may contact us at [email protected] to request that their AI input/output data be excluded from anonymized internal analysis. This opt-out will not affect core functionality, but may limit our ability to troubleshoot issues related to your account.

The ReelsBuilder.ai Platform may contain links to external websites, APIs, tools, or services that are operated by third parties and not controlled by Ace of Diamonds INC. These may include, but are not limited to:

• Payment processors (e.g., Stripe)
• AI model providers (e.g., OpenAI, Speechify, AssemblyAI)
• Security and performance providers (e.g., Cloudflare)
• Video and content platforms (e.g., YouTube API)
• Third-party digital shops or promotional offers

We are not responsible for the privacy practices, content, terms, or data handling procedures of any third-party services not owned or directly operated by Ace of Diamonds INC. When you interact with a third-party service:

• Their own privacy policy will apply to any data you provide to them directly
• Your use of such service is governed solely by their terms and conditions
• We do not guarantee the accuracy, availability, or safety of external content

If you are redirected from ReelsBuilder.ai to a third-party shop, marketplace, or product page (e.g., Gumroad, LemonSqueezy):

• The transaction will be handled externally and separately from your ReelsBuilder.ai subscription
• We are not responsible for purchases made outside of the Platform
• No refund, support, or liability will be assumed for third-party sales unless otherwise stated

Some third-party services may be embedded directly within the Platform for feature delivery (e.g., YouTube Clipper, AI generation, voice cloning). These integrations operate under contractual agreements, and:

• Process only the data required for functionality
• Are listed in Section 6 (Data Sharing and Disclosure)
• Are subject to strict confidentiality, data minimization, and security obligations

You are encouraged to read the privacy and terms documents of any third-party service you interact with via the Platform. You agree that use of such services is at your own risk and that Ace of Diamonds INC disclaims all responsibility for any data loss, content misuse, or harm resulting from third-party websites or tools.

When changes are made, we will:

• Update the “Last Updated" date at the top of this Privacy Policy
• Post the revised version directly on our website at reelsbuilder.ai/privacy-policy

We encourage all users to review this page regularly.

• Material changes include any modification to how we collect, use, share, or protect Personal Data that could reasonably impact your rights or expectations.
• Non-material changes may include stylistic updates, language improvements, or clarifications that do not alter the underlying data processing activities.

Your continued use of the Platform following the effective date of any changes constitutes acceptance of the updated Privacy Policy.

If you disagree with the new terms, you should discontinue use of the Platform and contact us to exercise your data rights, including deletion of your account.