Privacy Policy

Who we are

Reelzy is an Instagram analytics platform built for Indian content creators. We are operated by Reelzy (referred to as "Reelzy", "we", "our", or "us") and accessible at reelzy.in and app.reelzy.in.

For any privacy-related questions, you can reach us at hello@reelzy.in.

What data we collect

We collect only the data necessary to provide you with the Reelzy service. Here is a complete breakdown:

Data type	What it includes	Why we collect it
Account data	Email address, name (optional), account creation date	To create and manage your Reelzy account
Instagram profile data	Instagram username, profile picture URL, follower count, following count, bio, account type	To display your profile and identify your account
Instagram media data	Post captions, media type (Reel, Carousel, Static), timestamp, permalink, thumbnail URL	To show your post history and allow post-by-post analysis
Instagram insights data	Reach, impressions, saves, shares, comments, likes, video views, follower growth per post	To power your analytics dashboard and pattern detection
OAuth tokens	Instagram access token (encrypted), token expiry date	To authenticate API requests to Instagram on your behalf
Usage data	Pages visited, features used, session duration, click events (anonymised)	To improve the product and understand how creators use Reelzy
Technical data	IP address, browser type, device type, operating system	For security monitoring and error debugging

Instagram data specifically

Because Reelzy is built on the Meta Instagram Graph API, we want to be completely transparent about what Instagram data we access, how we get it, and the limits we operate within.

How we access your Instagram data: When you connect your Instagram account, you are redirected to Instagram's official login page. You grant Reelzy specific permissions using Meta's OAuth 2.0 protocol. We only request the permissions listed below — nothing more.

Permissions we request:

• instagram_basic — Access your basic profile information (username, follower count, account type)
• instagram_manage_insights — Access post-level and account-level insights (reach, saves, impressions, etc.)
• pages_read_engagement — Required by Meta to read Instagram insights for business accounts connected to a Facebook Page
• pages_show_list — Required by Meta to identify which Facebook Page is connected to your Instagram account

How we store Instagram data: Your Instagram data is stored in encrypted form in our database (Supabase PostgreSQL hosted on servers in compliance with Indian data localisation requirements). Access tokens are encrypted at rest using AES-256 encryption.

Data freshness: We sync your Instagram data once daily via an automated process. You can trigger a manual sync from your dashboard at any time.

Meta Platform Policy compliance: Our use of Instagram data complies with Meta's Platform Terms and Developer Policies. We do not scrape Instagram, use unofficial APIs, or access data beyond what is explicitly granted through the official OAuth flow.

How we use your data

We use your data for the following specific purposes, and only these purposes:

1. Providing the analytics dashboard — Displaying your reach, engagement, saves, follower growth, and post performance over time.
2. Pattern detection — Analysing your historical post data to identify which content formats, posting times, and topics perform best for your specific account.
3. Niche benchmarking — Comparing your anonymised metrics against aggregated data from other creators in your niche to show you where you stand. Your individual data is never revealed to other users.
4. Media kit generation — Compiling your stats, top posts, and audience data into a downloadable PDF on your request.
5. Account management — Sending you account-related emails (login confirmations, password resets, important service updates).
6. Product improvement — Understanding which features are used most to prioritise our development roadmap.
7. Security and fraud prevention — Monitoring for unauthorised access and protecting your account.

Free tier data program

Reelzy offers a free tier. To sustain this free access, free tier users participate in our anonymised data program. We tell you this clearly, upfront, before you sign up — not buried in fine print.

What this means: Your anonymised, aggregated metrics contribute to the niche benchmark pool and trend intelligence signals that we provide to all users and sell as anonymised trend reports to brands and agencies.

What "anonymised and aggregated" means in practice:

• Your individual Instagram username, follower count, or post performance is never shared with or sold to any third party.
• Data is combined with hundreds of other creators and expressed only as category-level averages — for example, "food creators in Mumbai average 4.2% engagement in Q4."
• No brand or agency can trace any aggregated data point back to your specific account.
• The anonymisation process is irreversible before any data leaves our systems.

Consent under DPDP Act 2023: Your participation in the data program is covered by a specific, granular consent notice displayed during onboarding. This consent is separate from your general account creation consent, as required by Indian law.

What we never do

We want to be absolutely clear about the lines we will not cross:

• We never sell your individual data. Your personal profile, follower count, post performance, or any individually identifiable data is never sold to brands, agencies, data brokers, or any third party.
• We never share your data with brands without your explicit opt-in. Brand discovery features, if introduced, will always require a separate, explicit consent from you — and you will always control your own visibility.
• We never run advertising against your data. Reelzy is a SaaS product. We do not run ads and we do not enable third-party advertisers to target you based on your usage.
• We never access data we haven't been explicitly granted permission for. We only use the Instagram API permissions listed in Section 3.
• We never store your Instagram password. Authentication is handled entirely by Meta's OAuth system.
• We never share your data with Meta beyond what is required to make API calls. We are a consumer of Instagram's API, not a data partner of Meta.
• We never use your data to train AI models for third parties.

Data sharing & processors

We share your data only with the third-party service providers ("data processors") that are strictly necessary to operate Reelzy. These processors act on our instructions and are contractually bound to protect your data.

Processor	Purpose	Data shared
Supabase	Database and authentication hosting	All account and analytics data (stored encrypted)
Meta (Instagram Graph API)	Source of Instagram data via official API	OAuth tokens for API authentication only
Vercel	Frontend hosting (reelzy.in)	Server logs including IP addresses
Railway	Backend API hosting	API request logs
Resend	Transactional email delivery	Your email address only
Razorpay	Payment processing (paid plans)	Billing information (Razorpay handles payment data; we do not store card details)
PostHog	Product analytics (feature usage, not personal data)	Anonymised usage events only
Sentry	Error monitoring	Error logs (personal data scrubbed before sending)

We do not sell, rent, or trade your data to any other parties beyond the processors listed above. If we add a new processor, we will update this policy before doing so.

Legal disclosures: We may disclose your data if required to do so by Indian law, a court order, or a lawful government request. We will notify you of such requests where legally permitted to do so.

Data retention

We retain your data for as long as your account is active and as required to provide the service. Specific retention periods:

• Instagram analytics data: Retained for the lifetime of your account. This is the core value of Reelzy — unlimited history. You can request deletion at any time.
• Account data: Retained until you delete your account, then deleted within 30 days.
• OAuth access tokens: Deleted immediately upon disconnecting your Instagram account.
• Usage and technical logs: Retained for 90 days for security and debugging purposes, then automatically deleted.
• Aggregated, anonymised benchmark data: May be retained indefinitely as it cannot be traced back to any individual.
• Billing records: Retained for 7 years as required by Indian tax law (GST compliance).

Your rights

You have the following rights with respect to your personal data. You can exercise any of these rights by emailing us at hello@reelzy.in or through the account settings in your dashboard.

• Right to access — You can request a copy of all personal data we hold about you. We will provide it within 30 days.
• Right to correction — You can request that we correct any inaccurate data we hold about you.
• Right to deletion — You can request that we delete your account and all associated personal data. We will complete this within 30 days.
• Right to disconnect Instagram — You can disconnect your Instagram account from Reelzy at any time from your dashboard settings. This immediately revokes our access token and stops all future data syncing.
• Right to withdraw consent — You can withdraw your consent to the data program at any time by upgrading to a paid plan or deleting your account.
• Right to data portability — You can request an export of your analytics data in a machine-readable format (CSV or JSON).
• Right to lodge a complaint — If you believe we have mishandled your data, you have the right to lodge a complaint with India's Data Protection Board (once constituted under the DPDP Act 2023).

DPDP Act 2023 (India)

Reelzy is built to comply with India's Digital Personal Data Protection Act 2023 ("DPDP Act"). Here is how the key provisions apply to us:

• Lawful basis for processing: We process your personal data on the basis of your explicit, informed consent and for the performance of our contractual obligations to you.
• Purpose limitation: We collect data only for the specific purposes described in this policy. We do not use your data for any other purpose without obtaining fresh consent.
• Data minimisation: We collect only the data that is necessary for the purpose stated. We regularly review our data collection to ensure we are not holding data we don't need.
• Consent notices: We provide separate, specific consent notices for each distinct processing activity — including the data program for free tier users.
• Data Fiduciary obligations: As the entity determining the purpose and means of processing, Reelzy acts as the Data Fiduciary under the DPDP Act and accepts the responsibilities that entails.
• Grievance officer: You can reach our grievance officer at hello@reelzy.in. We will respond to grievances within 30 days.

Security

We take the security of your data seriously and implement the following measures:

• Encryption at rest: All data stored in our database is encrypted. OAuth access tokens are encrypted using AES-256 before storage.
• Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2 or higher (HTTPS).
• Access controls: Access to production data is restricted to authorised personnel only and protected by multi-factor authentication.
• Security monitoring: We use Sentry for error monitoring and have automated alerts for unusual activity patterns.
• Regular reviews: We review our security practices regularly and update them as threats evolve.

In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of it, as required by applicable law.

Children's privacy

Reelzy is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. Instagram's own terms of service require users to be at least 13 years old, and our service requires a Professional Instagram account which is subject to Meta's age requirements.

If we become aware that we have collected personal data from a person under 18 without verified parental consent, we will delete that data promptly. If you believe we have such data, please contact us at hello@reelzy.in.

Changes to this policy

We may update this privacy policy from time to time. When we do:

• We will update the "Last updated" date at the top of this page.
• For material changes — those that significantly affect your rights or how we use your data — we will notify you by email at least 14 days before the changes take effect.
• For minor changes (such as clarifications or typographical corrections), we will update the policy without separate notification.
• Your continued use of Reelzy after a material change takes effect constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically. The current version is always available at reelzy.in/privacy.

Contact us

If you have any questions about this privacy policy, want to exercise your data rights, or have a privacy-related concern, please contact us: