ReelRecs Privacy Policy

Effective date: 2026-05-18 Last updated: 2026-05-19 Version: 1.3.1

A quick summary

This is the short version. The full policy is below; it's the one that controls.

ReelRecs is a social app for movies and TV. We collect your email, name, username, ratings, reviews, social connections, and the streaming services you subscribe to.
We have not sold personal information or shared it for cross-context behavioral advertising in the past 12 months, as those terms are defined under California law.
You can sign in with email, Apple, or Google. We don't integrate with Facebook Login.
ReelRecs is for users 18 and older. Signup requires you to confirm you're 18+.
By default, your profile and activity are public to other ReelRecs users. You can switch to private in Settings.
We use your activity to train our recommendation models, power Friend Score / Group Score / World Score, and personalize content. You can object to recommendation-model training by emailing privacy@reelrecs.com.
ReelRecs may include advertising in the future, including personalized advertising based on inferences from your activity. Where consent is required by law before that begins, we'll obtain it.
You can delete your account any time from Settings → Account → Delete Account. Deletion is immediate and not reversible.
Contact: privacy@reelrecs.com.

About this notice
What we collect
How we use it
Who we share with
Public profile and social features
Training our recommendation models
Your rights and choices
Account deletion and data retention
Security
International data transfers
Age requirement (18+)
Third-party services and SDKs
Cookies and tracking
Changes to this notice
Contact us
Region-specific disclosures

1. About this notice

ReelRecs is a social recommendation app for movies and TV. The more you rate, the better your recommendations. Features like Friend Score, Group Score, and Watch+ groups help you pick something to watch with friends.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and the choices you have. It applies to the ReelRecs apps on iOS and Android and any ReelRecs website. It does not apply to other services you link to from inside ReelRecs — for example, when you tap "Watch Now," we send you to Netflix or Disney+. Those services have their own privacy policies.

Who we are. ReelRecs is operated by REEL RECS INC, a Delaware corporation ("we," "us," "our"). Questions: privacy@reelrecs.com.

2. What we collect

Email address — required, used for sign-in and account recovery.
Password — required; we store a hashed version, never the plain text.
First and last name — required, shown on your profile.
Username — required, unique.
Age confirmation — required checkbox: "I confirm I am 18 years of age or older." We do not collect your date of birth. See § 11.
Marketing email preference — optional checkbox. We use the country derived from your IP address at signup to apply regional defaults (off for EU/UK/Swiss/Canadian residents, on otherwise). You can change this preference any time in Settings → Notifications.

We also use the country derived from your IP address at signup to apply regional defaults required by law (for example, defaulting Quebec residents to a private profile). You separately tell us which country's streaming services you subscribe to when you set up your Streaming preferences inside the app — that's a different field, used to filter recommendations.

2.2 What you add to your profile

Profile photo, bio, the streaming services you subscribe to. You can edit or remove any of these in Settings → Edit Profile.

2.3 What we generate as you use ReelRecs

Your ratings ("Loved it" / "Okay" / "Didn't Like It"), pairwise comparisons, reviews and comments, "Want to Watch" bookmarks, search queries, trailer playback timestamps, follows and unfollows, Watch+ group activity, and in-app interactions (taps, dwell time on titles, swipes).

2.4 Technical information

Device type and operating system, app version, IP address (used for security, abuse prevention, and approximate country detection), push notification token (if you grant notification permission), and crash logs (stored only on your device).

If you sign in with Apple or Google, we receive your name and email (and a profile picture URL from Google). We don't request access to your friends list, posts, calendar, date of birth, or anything else from these providers. We do not offer Facebook Login and we do not include Meta's Facebook SDK in our app.

Apple Sign-In offers a Hide My Email relay option — if you choose it, we receive a randomized @privaterelay.appleid.com address that forwards to your real address. You can revoke the relay at any time from your Apple ID settings; if you do, our emails to that address will stop being delivered.

2.6 What we infer

To power recommendations and group features, we generate:

Rec Score — our estimate of how much you would rate a title you haven't seen yet.
Friend Score — an aggregate of how friends you follow rated a title.
Group Score — an aggregate of how members of a Watch+ group rated a title.
World Score — an aggregate of all ReelRecs users' ratings of a title.
Suggested friends — users you might want to follow.

2.7 What we don't collect

We don't access your location (we use approximate country from your IP — see § 13), microphone, contacts, camera or photo library (except the photo you pick for your profile), or biometric data. We do not have a direct-message feature.

3. How we use it

What we do	Data used	Legal basis (EU/UK/Swiss users)
Provide and operate ReelRecs	Account, profile, activity (§§ 2.1–2.6)	Performance of contract
Generate recommendations (Rec Score, Friend/Group/World Score)	Ratings, comparisons, follows, country, subscriptions, in-app interactions	Performance of contract
Train our recommendation models	Same as above	Legitimate interests (see § 6)
Enable social features	Profile, ratings, reviews, follows, group memberships	Performance of contract
Send essential service emails (verification, password reset, security alerts)	Email	Performance of contract
Send marketing emails (only if you opted in)	Email	Consent
Keep ReelRecs safe (spam, fake accounts, harassment)	Account, session, behavioral data	Legitimate interests
Comply with law / protect rights	Any of the above as needed	Legal obligation; legitimate interests
Aggregate de-identified analytics	Aggregated forms of § 2.3 and § 2.6	Legitimate interests
Show advertising, including personalized advertising	Inferences from § 2.6, account data	Consent (where law requires); legitimate interests otherwise

We may show personalized advertising in ReelRecs that uses inferences about your taste to choose which ads you see. Where consent is required by law before personalized advertising starts (for example, EU/UK/Swiss users), we'll obtain it.

We share information only in the categories below. See § 4.5 for our current "sale" and "sharing" disclosure and your California opt-out rights.

4.1 With other ReelRecs users

Your profile, ratings, reviews, and follow relationships are visible to other ReelRecs users according to your privacy settings. By default, profiles are public — see § 5.

4.2 With service providers

Our current vendors:

Amazon Web Services — cloud hosting and storage of all backend data (us-east-1, Northern Virginia). Privacy Notice
Amazon SES — transactional and marketing email delivery.
Apple Push Notification service — iOS push delivery (when notifications are enabled).
Google Firebase Cloud Messaging — Android push delivery (when notifications are enabled).
Apple Sign-In and Google Sign-In — only if you use one of them to sign in. The respective SDKs only contact Apple/Google after you tap the sign-in button; nothing is sent at app launch.
Our EU/UK GDPR representative — currently [TBD — to be inserted from DataRep or Prighter before this policy goes Effective].

These vendors process data on our behalf, under contract, only as needed to operate ReelRecs. They're prohibited from using your data for their own AI training, advertising, or other purposes. We may add or change vendors over time and will update this list.

4.3 For legal reasons

If we receive a valid legal request — a subpoena, court order, or government request — we may have to share your data. We push back on requests we think are too broad or unlawful. We may also share data to protect the rights, safety, or property of ReelRecs, our users, or the public.

4.4 In a business transfer

If REEL RECS INC is involved in a merger, acquisition, restructuring, bankruptcy, financing, or sale of all or part of our assets, your personal information may be transferred as part of the transaction. The acquirer's privacy policy and practices will apply to information transferred to them going forward. We'll provide notice — through this notice, in the app, or by email — where required by applicable law.

We have not sold personal information or shared it for cross-context behavioral advertising in the past 12 months, as those terms are defined under the California Consumer Privacy Act / CPRA. If our practices change in the future, we'll update this notice and provide any notice required by applicable law.

Settings → Privacy → Opt Out of Third-Party Data Sharing is your forward-looking preference (§ 5.5): if we ever begin selling or sharing personal information, we will honor a previously-recorded opt-out without requiring you to revisit the toggle.

You may submit a formal "Do Not Sell or Share" request by emailing privacy@reelrecs.com. We don't require identity verification for these requests. We honor opt-outs as soon as feasibly possible and within 15 business days of receipt, consistent with 11 C.C.R. § 7026(f)(1). Authorized agents may submit opt-outs on your behalf with signed authorization or a power of attorney under Cal. Probate Code §§ 4121–4130.

ReelRecs is fundamentally social. Here's specifically what other users can see.

Public by default. Your profile is public when you create it. That means the following are visible to other ReelRecs users and may appear on the public-facing parts of any ReelRecs website:

Username, display name, profile photo, bio.
The titles you've rated and the rating you gave.
The reviews and comments you've written.
The titles in your "Want to Watch" list.
The users you follow and who follow you.
The Watch+ groups you belong to.

You can switch to private. Any user can switch to private in Settings → Privacy → Private Account. When private, only users who follow you (and that you have approved, if you require approval) see your profile and activity. Your past activity still contributes — de-identified — to aggregate metrics like the World Score. If you've objected to recommendation training under § 6, your contributions to those aggregates are suppressed too.

Watch+ groups. In Watch+ groups, your votes are visible to the other members. Turn on Settings → Privacy → Require Watch+ Group Approval if you don't want to be added to a group without permission.

Third-party data sharing. Settings → Privacy → Opt Out of Third-Party Data Sharing is a forward-looking preference. We don't currently provide data to commercial partners. If we ever do in aggregate de-identified form, we'll respect a previously-recorded opt-out.

6. Training our recommendation models

ReelRecs runs on machine learning, and the recommendations get better the more you rate. Training is integral to how the service works.

What we train on: ratings, pairwise comparisons, bookmarks, reviews, follows, group activity, country, the streaming services you subscribe to, and in-app interactions (taps, dwell time, swipes).

What we don't train on: your password, contacts, location, microphone, photos (except the profile photo you picked), support messages, direct messages to us, or anything else in § 2.7.

You can object. Email privacy@reelrecs.com with subject "Recommendation training objection" (EU/UK users can also use "Article 21 objection"). We'll exclude your identifiable data from our training datasets within 30 days and suppress your prior ratings from the Friend Score, Group Score, and World Score outputs shown to other users. Your account stays open in a read-only catalog browsing mode — you can browse, search, and rate, but the personalized features (Rec Score, Friend Score, Group Score, personalized Feed) turn off because they depend on the same recommendation system.

What account deletion does to trained models. When you delete your account, we remove your identifiable data from active training datasets within 30 days. Information already incorporated into trained model parameters cannot be selectively removed; it ages out as we retrain. Our target retraining cadence is at least every 12 months.

Reviews and free text. Your free-text reviews and comments are part of training scope. If you write something you wouldn't want used to inform recommendations, edit or delete the review at any time, or object to training entirely per the paragraph above.

Automated decisions. The recommendation system suggests titles. It does not make decisions that produce legal or similarly significant effects on you. You are free to ignore any suggestion. California's final Automated Decisionmaking Technology (ADMT) regulations cover only "significant decisions" (financial services, housing, education, employment, healthcare); content recommendations are out of scope.

Advertising and AI. We may show advertising in ReelRecs, including personalized advertising that uses inferences from your activity to choose ads relevant to you. Where consent is required by law before personalized advertising starts, we'll obtain it. Today, we don't license your personal data to other companies for their AI training, and our service-provider agreements with vendors require them to use your data only to provide services to us.

7. Your rights and choices

7.1 Controls in the app

Edit profile: name, username, bio, country, streaming services, profile photo — Settings → Edit Profile.
Private account: Settings → Privacy → Private Account.
Watch+ group approval: Settings → Privacy → Require Watch+ Group Approval.
Push notifications: in the OS settings or Settings → Notifications.
Marketing emails: Settings → Notifications, or the unsubscribe link in any marketing email.
Edit or delete reviews/comments: directly in the app.
Object to recommendation training (any region): email privacy@reelrecs.com (see § 6).
Do Not Sell or Share (California): see § 4.5 for our current disclosure and how to submit an opt-out by email.
Delete your account: Settings → Account → Delete Account. See § 8.

7.2 Data rights

You may request to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your account and associated personal data.
Receive a portable copy of your data in a structured, machine-readable format.
Restrict or limit processing in certain circumstances.
Object to processing based on legitimate interests, including recommendation training (see § 6).
Withdraw consent for any processing based on consent.

To exercise any of these, email privacy@reelrecs.com. We may verify your identity by sending a code to the email on your account for requests other than opt-out of sale/sharing (which doesn't require verification). We respond within the timeframes required by law — generally 30 days for access, correction, and deletion, and 15 business days for opt-out of sale or sharing.

If we deny a request, we'll tell you why and give you a way to appeal by replying with the subject "Appeal." We'll respond to your appeal within 60 days. California residents can also contact the California Privacy Protection Agency or the California Attorney General. EU, UK, and Swiss users can lodge a complaint with their national authority any time (see § 15).

Region-specific rights are detailed in § 16.

8. Account deletion and data retention

8.1 Account deletion

Delete your account any time from Settings → Account → Delete Account. (If you've lost access to your account, email privacy@reelrecs.com from the account email.) When you delete:

We delete your identifiable data from our active production systems — your profile, ratings, reviews, watchlist, follow list, and group memberships. We log you out.
If you used Sign in with Apple, we revoke your Apple refresh token as part of deletion.
Residual copies persist temporarily in encrypted backups (which roll on a 35-day cycle as part of our standard disaster-recovery practice) and operational logs. We don't access these copies for any purpose other than disaster recovery.
Aggregate, de-identified data and information already incorporated into trained recommendation models is retained after deletion. We may also retain a small set of records to defend or pursue legal claims, comply with court orders, or prevent abuse.

Account deletion is immediate and not reversible. If you change your mind, you can sign up again with the same email, but your prior activity (ratings, reviews, follows) will not be restored.

This satisfies the GDPR Article 17 right to erasure and the CCPA right to delete.

8.2 How long we keep your data while your account is active

Data	Retention
Account, profile, activity	While your account is active
Server access logs (including IPs)	Up to 12 months, for security, abuse prevention, and operational troubleshooting
Encrypted backups	35-day rolling window
On-device crash logs	Last 100 entries, rotated automatically
Deleted reviews and comments	30 days, then permanently removed from active systems
Support, feedback, and inquiry messages	As long as reasonably needed to support you, resolve disputes, and comply with legal obligations
Records of past consent and policy versions agreed to	As long as reasonably needed to demonstrate compliance with applicable law
Other business records	As long as reasonably needed for the purposes for which they were collected, or as required by law

9. Security

We work to keep your data safe. No system is ever perfectly secure; here's what we do:

In transit: HTTPS / TLS 1.2 or higher. iOS App Transport Security does not permit TLS 1.0 or 1.1.
At rest: encrypted at the volume level using AWS Key Management Service.
Passwords: never stored in plain text; hashed with PBKDF2-SHA256 (1,000,000 iterations) and a random salt.
Authentication: bearer tokens, invalidated on logout or deletion.
Access: limited to the founder and a small group of contractors (under 10 people). Everyone signs a confidentiality agreement; production access is logged.
Crash logs stay on your device.

We don't currently hold a SOC 2 report or run a formal pentest program. Both are on our roadmap.

Reporting security issues: security@reelrecs.com. We won't pursue legal action against good-faith reports that avoid accessing other users' data.

Breach notification: if we have a personal-data breach that creates a risk to your rights, we'll notify the relevant authorities within the timeframes required by law (72 hours under GDPR Art. 33; the timeframes vary under US state laws, generally 30–60 days) and notify you without undue delay by email and in-app.

10. International data transfers

REEL RECS INC is operated from the United States, and our servers are hosted with AWS in us-east-1 (Northern Virginia).

If you use ReelRecs from outside the US, your data is transferred to the US. For users in the EEA, UK, or Switzerland, this is an international transfer under data protection law. For these transfers we rely on the 2021 EU Standard Contractual Clauses and the UK International Data Transfer Addendum, executed with AWS through the AWS GDPR Data Processing Addendum. We conduct transfer impact assessments where required. A summary is available on request.

11. Age requirement (18+)

ReelRecs is for users 18 and older. At signup, we require you to confirm you are 18 or older. We do not knowingly collect personal information from anyone under 18, and ReelRecs is not directed to children. Because we don't accept under-18 users, US and international laws that specifically govern the processing of children's or teens' personal data do not apply to our processing.

If we learn that a user is under 18, we will promptly close the account and delete the associated data.

12. Third-party services and SDKs

ReelRecs includes the third-party software listed below. We don't currently include a third-party crash reporting or product-analytics SDK in production; if we add one, we'll update this list and this notice first.

Apple Sign-In — only if you sign in with Apple. Privacy Policy.
Google Sign-In — only if you sign in with Google. Privacy Policy.
Amazon Web Services / SES — backend hosting and email delivery. Privacy Notice.
Apple Push Notification service — iOS push delivery when enabled.
Google Firebase Cloud Messaging — Android push delivery when enabled.
Notifee — open-source library to show local notifications. Runs on your device.
react-native-image-crop-picker — open-source library to pick or take a profile photo. Runs on your device.
react-native-permissions — open-source library to request OS permissions.

13. Cookies and tracking

In the mobile app: we don't use cookies for analytics or advertising. Sessions use bearer tokens stored on your device. In-app webviews for sign-in flows and policy pages may set cookies the respective providers' pages need (for example, an OAuth login session cookie); those cookies are governed by the providers' policies.

IP-derived country: we use the country code derived from your IP for streaming localization, regional defaults, and security. This is approximate and is not precise location.

On any ReelRecs website: when our website launches, it may use cookies and similar technologies to keep you signed in and to understand how the site is used. The website will include a cookie consent banner for users in regions that require one and will treat Global Privacy Control (GPC) signals as valid Do Not Sell or Share signals.

14. Changes to this notice

We update this notice from time to time. When we make material changes to how we collect or use personal information, we will update the document and provide notice — through this notice, in the app, or by email — at or before the change takes effect, as required by applicable law. Your continued use of ReelRecs after a change takes effect constitutes acceptance of the updated notice. If you don't agree, you can stop using ReelRecs and delete your account.

15. Contact us

For privacy questions or to exercise a right: privacy@reelrecs.com. For security issues: security@reelrecs.com.

Operator: REEL RECS INC, a Delaware corporation.
Response time: we aim to respond to questions within 7 days and formal data rights requests within the timeframes required by law (generally 30 days; 15 business days for CCPA opt-out of sale or sharing).

EU / UK / Swiss representative: REEL RECS INC has appointed [TBD — representative entity, EU postal address, UK postal address, Swiss address (if separate), and routing email — to be inserted from DataRep or Prighter before this policy goes Effective] as its representative under GDPR Article 27, UK GDPR, and Swiss FADP Art. 14. EU, UK, and Swiss residents may contact the representative for any data-protection inquiry.

EU / UK / Swiss residents may lodge a complaint with their national data protection authority. Lead authorities are listed by the European Data Protection Board and the UK ICO. Swiss residents may contact the FDPIC.

16. Region-specific disclosures

Rights below apply to residents of the regions named. Where a regional law gives you a stronger right than the rest of this notice describes, the regional rule controls.

16.1 California (CCPA / CPRA)

Applicability. REEL RECS INC may not yet meet the CCPA "business" threshold (Cal. Civ. Code § 1798.140(d)) at v1 (annual revenue ≥ $26.625M, or ≥ 100,000 consumers/households whose personal information we buy/sell/share, or ≥ 50% of revenue from selling/sharing). Where CCPA applies, the rights below apply as a matter of law. Where it does not yet, we offer the same mechanisms voluntarily.

If you are a California resident, you have the right to:

Know what personal information we collect, how we use it, and who we share it with (§ 2, § 3, § 4).
Access the specific pieces of personal information we have collected about you in the past 12 months.
Delete your personal information (§ 8).
Correct inaccurate personal information.
Opt out of the sale or sharing of your personal information for cross-context behavioral advertising. See § 4.5 for our current disclosure and how to opt out.
Limit the use of sensitive personal information. We collect only sign-in credentials as sensitive personal information, used only to authenticate you. We don't use it for inferences, so a "Limit" link is not required.
Non-discrimination for exercising any of these rights.
Appeal a denied request (§ 7.2).

Categories collected (using § 1798.140(v)'s enumerated categories):

Category	What we collect
Identifiers	email, name, username, IP address, push token
Customer records	profile fields, password hash, profile photo, country
Protected classification characteristics	none — we do not collect age, date of birth, or any other category enumerated under Cal. Civ. Code § 1798.140(v)(1)(C)
Internet activity	ratings, comparisons, reviews, follows, searches, in-app interactions (taps, dwell, swipes)
Geolocation	IP-derived country only (approximate)
Inferences	Rec Score, Friend Score, Group Score, World Score, suggested friends, recommendations
Sensitive personal information	sign-in credentials only

Categories shared for cross-context behavioral advertising in the past 12 months: none. See § 4.5 for our current disclosure and how to opt out.

Notice at Collection: a short version of this notice is shown at signup.

Shine the Light (Cal. Civ. Code § 1798.83): we don't disclose personal information to third parties for their direct marketing purposes.

Automated Decisionmaking Technology: California's final ADMT regulations cover ADMT used for "significant decisions" — financial services, housing, education, employment, healthcare. Content recommendations are not in scope. See § 6.

16.2 Other US state privacy laws

The state laws below give residents similar rights with some variations. The mechanisms in § 7 and § 4.5 implement those rights.

State	Statute	Effective	Notes
Virginia	VCDPA	2023	Access, correct, delete, port, opt out of targeted ads / sale / significant-decision profiling.
Colorado	CPA	2023	Same; plus GPC honoring on web.
Connecticut	CTDPA	2023	Same as Colorado.
Utah	UCPA	2023	Access, delete, port, opt out of targeted ads / sale.
Texas	TDPSA	2024	Same as Virginia. We don't sell sensitive or biometric data, so Tex. Bus. & Com. Code § 541.102(c) notice is not required.
Oregon	OCPA	2024	Same as Colorado.
Montana	MCDPA	2024	Same as Connecticut.
Tennessee	TIPA	2025	Same as Connecticut.
Iowa	Iowa CDPA	2025	Access, delete, port, opt out of sale.
Indiana	Indiana CDPA	2026	Same as Connecticut.
Florida	FDBR	2024	We don't meet the $1B threshold; FDBR may not apply. Where it does, the rights here apply.
Delaware	DPDPA	2025	Same as Connecticut.
New Hampshire	NHPA	2025	Same as Connecticut.
New Jersey	NJDPA	2025	Same as Connecticut.
Kentucky	KCDPA	2026	Same as Connecticut.
Rhode Island	RIDTPPA	2026	Same as Connecticut.
Nebraska	NDPA	2025	Same as Texas.

Maryland (MODPA): we commit to data minimization — we collect only what is reasonably necessary and proportionate to provide ReelRecs. We don't sell sensitive personal data. MODPA's minor-specific provisions do not apply because ReelRecs is an 18+ service (see § 11).

Washington / Nevada health-data laws: we don't target the inference of health information. To the extent these laws apply to titles or activity that could be characterized as health-related signals, we have not sold, shared, or used such signals for targeted advertising in the past 12 months. Residents of Washington and Nevada can exercise their rights under these laws using the mechanisms in § 7.2.

Universal opt-out signals: when our website launches, we will honor Global Privacy Control as a valid Do Not Sell or Share signal for visitors from all US states. The mobile app does not yet process a universal opt-out signal; we're tracking the IAB Global Privacy Platform mobile spec.

If you are in the EEA, UK, or Switzerland, you have the following rights:

Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21 — see § 6), withdrawal of consent (Art. 7(3)), and lodging a complaint with your supervisory authority (Art. 77).
Article 22: our recommendation system does not produce legal or similarly significant effects on you. You're free to ignore any suggestion.

Legal bases for processing: see the table in § 3.

Why we think legitimate interests is fair (the balancing test, in summary):

Recommendations are the core of a free app like ReelRecs.
The data is non-sensitive — primarily ratings you chose to give and activity within the app.
You can object to recommendation training (§ 6) or delete your account at any time.
The impact on your rights is proportionate to the benefit you receive from using a personalized service.

The full balancing test is available on request.

Sensitive categories: we don't process special categories of personal data under Art. 9.

International transfers: see § 10.

Data Protection Officer: REEL RECS INC has not appointed a DPO because we do not meet the Art. 37(1) criteria at v1.

EU / UK / Swiss representative: see § 15.

16.4 Quebec (Law 25)

Quebec residents have the rights in § 7.2 plus:

Right to be informed of automated processing (see § 6).
Right to data mobility (see § 7.2).
Right to deindexation of certain personal information you have made public — email privacy@reelrecs.com.

Default-private signup: Quebec residents are offered a default-private signup consistent with Law 25 Art. 9.1.

Person in charge of personal information protection: William Gorfein, privacy@reelrecs.com. Complaints to the Commission d'accès à l'information du Québec.

16.5 Rest of Canada (PIPEDA)

Canadian residents outside Quebec have the right to access, correct, and withdraw consent under PIPEDA. Privacy Officer: William Gorfein, privacy@reelrecs.com. Complaints to the Office of the Privacy Commissioner of Canada.

16.6 Brazil (LGPD)

Brazilian residents have the rights in § 7.2 plus the right to information about entities with which we share data (§ 4). Encarregado (Art. 41): William Gorfein, privacy@reelrecs.com. Complaints to the Autoridade Nacional de Proteção de Dados (ANPD).

16.7 Australia (Privacy Act / APPs)

Australian residents have the right to access, correct, and complain to the Office of the Australian Information Commissioner. Personal information is disclosed overseas to the United States (§ 10) for hosting.

16.8 Other jurisdictions

We aim to honor equivalent rights for residents of any jurisdiction with comprehensive privacy legislation. Email privacy@reelrecs.com.