R
ReelPilot

Privacy Policy

Last updated: June 2026

ReelPilot is committed to protecting your data. This policy explains what we collect, how we use it, and your rights.

1. Information We Collect

We collect information you provide when creating your account: name, email address, and country. When you connect a YouTube channel, we receive and store OAuth access and refresh tokens. We collect usage data including video generation history, credit transactions, and pipeline job metadata.

2. How We Use Your Data

Your data is used to: operate the video generation pipeline, publish content to your connected YouTube channels, process credit purchases and wallet transactions, send transactional notifications (email, in-app, push), and improve the Service. We do not sell your personal data to third parties.

3. YouTube API & OAuth Data

ReelPilot accesses your YouTube channel via OAuth 2.0. We store the minimum tokens required to upload videos and manage channel metadata. Tokens are encrypted at rest using AES-256 encryption. You can revoke ReelPilot's access at any time through your Google Account security settings, which will immediately prevent further uploads.

4. API Keys (BYOK)

If you provide your own API keys for third-party services (OpenAI, ElevenLabs, Pexels, etc.), these keys are encrypted at rest and stored in our database. Keys are decrypted only at runtime during pipeline execution. We never log, share, or expose your API keys.

5. Payment Data

Credit purchases are processed by Korapay, Fincra, or via USDT (TRC-20 on TRON network) depending on your country. We do not store full credit card numbers. Payment webhooks are processed idempotently, and transaction records (amount, currency, reference, status) are stored for billing history.

6. Data Retention

Account data is retained as long as your account is active. Generated video metadata, analytics snapshots, and ledger entries are retained indefinitely for your records. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

7. Security

We use industry-standard security practices: encrypted connections (TLS), encrypted storage for sensitive fields (OAuth tokens, API keys), server-side session management, and webhook signature verification for payment providers. Infrastructure runs on isolated, access-controlled environments.

8. Contact

For privacy-related inquiries, contact us at support@reelpilot.cloud.