Privacy Policy

Last updated: 2026-04-13

This Privacy Policy explains how Reelforges (operated by the data controller identified at the bottom of this page) collects, uses, and protects your personal information when you use our service at reelforges.com and related applications (the "Service").

1. Who we are

Reelforges is operated by IT42 d.o.o., a limited liability company registered in the Republic of Croatia. Contact details are listed under "Contact" below. We are the data controller for the personal data you provide to us.

2. What we collect

3. How we use your data

4. What we do NOT do

5. Third-party providers you choose

When you use the Service, we forward the prompts and content you submit to the AI providers you select (e.g. Anthropic, OpenAI, Google, fal.ai, ElevenLabs, Microsoft Azure). Each provider processes that data under its own privacy policy. We do not control their practices. Using Reelforges means you accept the terms of any provider whose key you have connected.

When you publish to Instagram, your generated video is uploaded through Meta Platforms' Instagram API. Meta's data practices apply to all content passing through that API.

6. Legal basis (GDPR)

7. Your rights

You have the right to access, correct, export, restrict, and delete your personal data. You also have the right to withdraw consent and to lodge a complaint with your data protection authority. To exercise any right, email us or use the self-service tools in your account dashboard.

8. Data retention

9. Security

We use AES-256-GCM envelope encryption for stored credentials, HTTPS/TLS 1.3 for all transport, and logical isolation between customer workloads. We do not log API keys, tokens, or generated content.

10. Data deletion

You can delete your data at any time:

11. International transfers

The Service is hosted on infrastructure located in the European Union. When you use third-party AI providers, your requests may be transferred to jurisdictions where that provider operates. Those providers are responsible for their applicable transfer safeguards.

12. Cookies

We use strictly necessary cookies for authentication and session management. The public site also uses privacy-focused aggregate analytics; it does not use advertising cookies. Review browser storage and analytics configuration whenever this policy changes.

13. Children

The Service is not directed at children under 16. We do not knowingly collect data from children.

14. Changes

We may update this policy. Material changes will be notified by email at least 14 days before taking effect.

15. Contact

Data controller: IT42 d.o.o., Croatia. Email: [email protected]. Registered-office information is available from the official Croatian Court Register.