Reelygood

Privacy Policy

Last updated April 5, 2026

Reelygood (“we”, “us”) operates the website and services at www.reelygood.club (the “Service”). This policy describes how we handle personal information when you use the Service.

What we collect

Account data. When you register, we store your email address (used as your login username), a salted password hash (not your plain password), and account timestamps. Session authentication uses secure cookies on the web and signed tokens for our API (including the mobile app).

Pins and content you add. When you save an Instagram Reel link, we store the link, text and media we derive from that page (caption, thumbnails, and similar metadata), place names, optional coordinates, and short AI-generated summaries that help you browse your map. This may include information inferred from video and audio when our analysis pipeline runs.

Approximate location of places (not your GPS). We may store latitude and longitude for a pin after we infer a place and geocode it so it appears on your map. That reflects the venue or area tied to the Reel, not your device’s live location.

Device location on your device only. In the map and discovery experiences, your browser or app may request access to location so we can center the map, show what’s nearby, or sort pins by distance. That location is used on your device for those features; we do not upload your live GPS coordinates to our servers in the current product.

Support and email. If you contact us or use password reset or welcome email, we process your email address through our email provider as described below.

How we use information

  • Create and maintain your account and sessions.
  • Fetch public Instagram pages you link, extract place cues, and save pins.
  • Run AI analysis to infer names, categories, and descriptions for your pins.
  • Geocode place text into map coordinates using a public geocoding API.
  • Show your pins on your map, feed, and swipe views; open directions via maps apps when you choose.
  • Send transactional email (e.g. welcome, password reset) when email is configured.
  • Protect the Service, enforce limits (such as daily extraction quotas), and troubleshoot issues.

Who we share data with

We use service providers that process data on our behalf:

  • Hosting and database — our application and your account data are stored with our cloud host and managed PostgreSQL (e.g. Neon).
  • Google AI (Gemini) — caption text and short video/audio segments may be sent to Google’s generative AI API to infer place details. See Google’s AI terms and privacy notices for how they handle API content.
  • OpenStreetMap Nominatim — place queries may be sent to Nominatim to resolve coordinates. Requests originate from our servers.
  • Email (Resend) — we send transactional mail through Resend; they receive recipient addresses and message content.
  • Map tiles — when you view the map, your browser loads raster tiles from CARTO (served from OpenStreetMap data). Those requests may reveal IP address and general area to the tile provider under their policies.
  • Instagram / Meta — we request public Instagram pages and media URLs you submit. We are not endorsed by Meta; processing is subject to Instagram’s terms and technical limits.
  • Optional automation webhook — if the operator configures a webhook (e.g. Make), new sign-ups may send your email and a signup timestamp to that URL for internal automation — not for third-party ads in the app.

We do not sell your personal information. We do not use in-app advertising trackers in the codebase as shipped; if that changes, we will update this policy.

Public links

Pins may be reachable via unguessable share links so you can open or share a spot. Anyone with the link can see the pin page limited to what that view exposes — treat links like private URLs unless we offer a separate visibility control.

Retention and deletion

We keep your data while your account is active and as needed for security and legal obligations. You can request deletion of your account or data by contacting us at Support; we will describe any technical steps (e.g. removing pins and credentials).

Security

We use industry-standard measures including hashed passwords, HTTPS, and access controls on our infrastructure. No method of transmission or storage is 100% secure.

Children

The Service is not directed at children under 13 (or the age required in your region). We do not knowingly collect personal information from children.

International users

If you access the Service from outside the country where our servers are located, your information may be transferred to and processed in those countries.

Changes

We may update this policy from time to time. We will post the new date at the top and, where appropriate, provide additional notice.

Contact

Questions about privacy: see Support.