Privacy Policy

RealityMold ("we," "us," or "our") operates the RealityMold platform at realitymold.com. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our human-augmented AI UGC studio (the "Service").

We are committed to protecting your privacy and handling your data responsibly. This policy applies to all users of the Service, including visitors to our website, registered account holders, and anyone who interacts with us through our contact channels.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Service.

We collect the following categories of information when you use the Service:

• Account Information: Name, email address, and password (stored as a cryptographic hash, not in plain text). This is collected when you register for an account.
• Payment Information: Payment details are processed securely through Stripe. We do not store your full credit card numbers on our servers. We retain transaction records, billing addresses, and subscription status for accounting purposes.
• Product Information: Product titles, descriptions, brand associations, advantages, actor direction notes, product images, links, and other materials you upload as part of managing your products and submitting video requests.
• Client and Brand Information: Business names, brand details, and organizational information you create within the platform to manage your accounts and video requests.
• Video Request Data: Details about your video requests, including product selections, actor direction notes, request status, review decisions (approve, reject, extend), and associated metadata.
• Delivered Video Files: Video content produced by our team and delivered to you through the platform. These files are stored on Cloudflare R2 and linked to your account for access and download.
• Messaging Data: Text messages and image attachments sent through the platform's messaging system for communication related to video requests. This includes messages sent by you and by our team.
• Delivered Content: Videos and related assets produced by our team and delivered through the platform. We store these on Cloudflare R2 to allow you to review, approve, download, and manage your video content.
• Usage Data: Information about how you interact with the platform, including features used, pages visited, video generation history, and engagement patterns.
• Technical Data: IP address, browser type and version, device type, operating system, referring URLs, and general location data derived from your IP address.
• Cookie Data: Information collected through cookies and similar technologies as described in Section 9 of this policy.
• Communication Data: Messages you send through our contact form, support requests, and email correspondence with our team.

We use the information we collect for the following purposes:

• Providing the Service: Managing your account, processing video requests, delivering produced content, facilitating messaging between you and our team, tracking credit usage, and delivering the core functionality of the platform.
• Processing Payments: Managing subscriptions, processing transactions through Stripe, and maintaining billing records.
• Transactional Communications: Sending account confirmations, subscription receipts, service notifications, and other operational emails related to your use of the Service.
• Customer Support: Responding to your inquiries, troubleshooting issues, and providing assistance with the platform.
• Analytics and Improvement: Analyzing usage patterns to improve the Service, optimize performance, develop new features, and enhance the overall user experience.
• Security: Detecting, preventing, and responding to fraud, abuse, security incidents, and technical issues.
• Legal Compliance: Meeting our legal obligations, including tax reporting, responding to lawful requests from authorities, and enforcing our Terms of Service.

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following legal bases:

• Contract Performance: Processing necessary to fulfill our obligations under the Terms of Service, including account management, video generation, and payment processing.
• Legitimate Interest: Processing for our legitimate business interests, including platform analytics, security monitoring, fraud prevention, and service improvement. We balance these interests against your rights and only proceed where our interests do not override your fundamental rights.
• Consent: Processing based on your explicit consent, such as marketing emails and optional analytics. You may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.
• Legal Obligation: Processing required to comply with applicable laws, such as tax record retention and responding to lawful government requests.

We share your information only with the following categories of third parties, and only to the extent necessary to provide and operate the Service:

• Stripe (payment processing): Receives payment information to process transactions and manage subscriptions.
• SendGrid (email delivery): Receives email addresses and message content to deliver transactional emails and communications.
• MongoDB / Northflank (data storage and hosting): Stores account data, product information, and generated content on our behalf.
• Railway (application hosting): Hosts the Service infrastructure and processes requests.
• Cloudflare R2 (file storage and CDN): Stores delivered video files, product images, and message attachments. Provides content delivery and security services.
• AI Production Technology (content creation): Your product data and direction are used in combination with our proprietary AI technology and real human talent to produce video content. This is a core function of the Service.

We do NOT sell your personal data to third parties. We have never sold personal data and have no plans to do so.

We may also disclose your information if required by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

We retain your data for as long as necessary to fulfill the purposes described in this policy. Specific retention periods are as follows:

• Account Data: Retained while your account is active, plus 90 days after account closure to allow for reactivation or data retrieval.
• Payment Records: Retained for 7 years after the transaction date to comply with tax and financial reporting obligations.
• Delivered Content Metadata: Records of video requests, review decisions, and delivery status are retained while your account is active. Permanently deleted 30 days after account closure.
• Video Files: Delivered video files stored on Cloudflare R2 are retained while your account is active. Files are permanently deleted 30 days after account closure.
• Messages and Attachments: Messaging data is retained while your account is active. Permanently deleted 30 days after account closure.
• Credit Transaction Records: Records of credit allocations, deductions, and balances are retained for 7 years after the transaction date to comply with financial reporting obligations.
• Usage Logs: Retained on a 12 month rolling basis. Older logs are automatically purged.

When your account is closed, we initiate a deletion process. Account data and generated content are removed within 30 days of closure. Payment records are retained for the legally required period. You may request earlier deletion of non-required data by contacting us or submitting a request through our GDPR data request form.

If you are located in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances.
• Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
• Right to Object: You may object to the processing of your personal data for direct marketing or where processing is based on legitimate interest.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, submit a request through our GDPR data request form or email us at [email protected]. We will respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reasons for the delay.

If you are a California resident, the California Consumer Privacy Act provides you with the following rights:

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of collection, our business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Opt Out of Sale: We do not sell your personal information. Because we do not engage in the sale of personal data, there is no need to opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or access levels for making a privacy request.

To exercise your rights, email us at [email protected] or submit a request through our data request form. We will verify your identity before processing your request by confirming information associated with your account.

We use cookies and similar technologies to operate and improve the Service. The types of cookies we use include:

• Essential Cookies: Required for the Service to function properly. These include session cookies for authentication, security tokens, and preferences. These cannot be disabled without breaking core functionality.
• Analytics Cookies: Used to understand how visitors interact with the Service, including page views, navigation patterns, and feature usage. This data helps us improve the platform experience.

We do not use third party advertising cookies. We do not serve ads on the platform and do not share cookie data with advertising networks.

You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling essential cookies may prevent you from using certain features of the Service, including logging in to your account.

We implement technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at Rest: Sensitive data stored in our databases is encrypted at rest.
• Access Controls: We follow the principle of least privilege. Access to personal data is restricted to team members who need it to perform their responsibilities.
• Security Reviews: We conduct regular reviews of our security practices and infrastructure to identify and address potential vulnerabilities.
• Incident Response: We maintain an incident response process and will notify affected users and relevant authorities of data breaches as required by applicable law.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

RealityMold is based in the United States. Your personal information is primarily processed and stored on servers located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the US.

For users in the European Economic Area and United Kingdom, we ensure that international data transfers are conducted with appropriate safeguards in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission, or other legally recognized transfer mechanisms.

By using the Service from outside the United States, you acknowledge and consent to the transfer of your personal information to the United States and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have inadvertently collected personal data from a minor, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us at [email protected] so we can take appropriate action.

The Service may contain links to third party websites, services, or applications that are not operated by RealityMold. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party sites or services.

Clicking a link to a third party site does not imply our endorsement of that site. We encourage you to review the privacy policy of every site you visit. Your interactions with third party services are governed by their own terms and privacy policies.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, we will provide at least 30 days advance notice through:

• An email notification to the address associated with your account
• A prominent banner or notice on the Service

Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree with the revised policy, you should stop using the Service and close your account before the changes take effect.

We recommend reviewing this policy periodically to stay informed about how we protect your information.

If you have questions or concerns about this Privacy Policy or our data practices, you can reach us through the following channels:

• Email: [email protected]
• GDPR Data Requests: realitymold.com/gdpr
• Contact Form: realitymold.com/contact

We aim to respond to all privacy-related inquiries within two business days. For formal GDPR requests, we will respond within 30 days as required by regulation.