Privacy Policy

From business owners (account holders)

• Account info: name, email, organization name, and profile image, provided through our identity vendor at signup.
• Business profile: business name, slug, logo, location, brand color, booking and social URLs that you choose to enter.
• Payment info: handled by our payments vendor. We receive plan, subscription status, and billing-period metadata, but we never see or store full card numbers.
• Usage telemetry: pages viewed inside the dashboard, decisions you make on submissions, audit-log entries (who approved or rejected what, when).

From end customers (the people who scan a QR)

• Phone number: required so we can SMS the perk if the business approves the submission. Stored in encrypted form.
• Video and audio: the testimonial recording. Uploaded directly from the customer’s browser to our video infrastructure provider; not stored on our application servers.
• Consent record: the text shown at the moment of capture, the consent-version identifier, the customer’s IP address, and the user agent. Stored to evidence valid opt-in.
• Device and connection metadata: IP address, user agent, and approximate region. Used for rate-limiting, fraud prevention, and basic analytics.
• SMS interaction: delivery status, STOP/HELP replies, and timestamps from our SMS vendor.

• To provide the Service: capture, store, transcode, and replay videos; deliver SMS perks.
• To maintain the audit and compliance record (who approved or rejected each submission).
• To bill business owners through our payments vendor.
• To detect and prevent abuse, spam, and fraud.
• To respond to support requests sent via the contact form or by email.
• To improve the Service in aggregate, non-identifying ways.

We do not sell personal information. We do not use Customer Content (videos, phone numbers, consent records) to train machine-learning models for other customers.

We rely on the following processors to run the Service. Each one handles a defined slice of personal data and is bound by contract to process it only on our instructions.

• Clerk— business-owner authentication and organization management.
• Stripe— payment processing and subscription management.
• Cloudflare Stream— video upload, storage, transcoding, and signed playback.
• Cloudflare R2— storage for business logos and other static assets.
• Twilio— SMS perk delivery to end customers and STOP/HELP processing.
• SendGrid (Twilio)— transactional email delivery (e.g., contact-form submissions).
• Our hosting platform— application servers and database infrastructure.

When you submit a video through a business’s ReelPerk page, your phone number is provided so the business can text you the perk if they approve your submission.

• Frequency: typically one SMS per approved submission. We do not use the Service for marketing blasts.
• Carrier fees: standard message and data rates may apply.
• Opt-out: reply STOP to any ReelPerk message to be removed. We honor STOP across all businesses on the platform, not just the one that messaged you. You can reply HELP at any time for support contact information.

We use a small set of cookies and browser-local-storage entries that are strictly necessary for the Service:

• Authentication cookies set by our identity vendor (business-owner sign-in only).
• A short-lived submission token used on the capture page to prevent duplicate uploads.

We do not use third-party advertising, profiling, or cross-site tracking cookies.

• Approved videos: retained while your business account is active. You can delete an individual approved video from the dashboard. After account termination, approved videos remain downloadable for 30 days, then are deleted.
• Rejected videos: retained for 30 days for dispute and compliance purposes, then deleted.
• Customer phone numbers: stored in encrypted form. Deleted when the associated submission is deleted, when the customer’s number is suppressed via STOP, or upon a verified deletion request.
• Audit logs: retained for at least 12 months to evidence compliance and to investigate abuse.

Depending on where you live, you may have rights to access, correct, delete, or export the personal information we hold about you, and to opt out of certain processing. To exercise these rights, email privacy@thinkdefinecreate.com. We will verify your identity before acting on a request and respond within the time frame required by applicable law.

End customers can ask the business that collected their submission to delete it. We will assist any business that asks us to delete a customer’s submission on their behalf.

We use industry-standard safeguards including TLS in transit, encryption at rest for sensitive fields (phone numbers), signed short-lived URLs for video playback, role-based access controls, and audit logging. No system is perfectly secure; if you believe your data has been exposed, please contact security@thinkdefinecreate.com.

The Service is not directed to children under 13. Businesses must not deploy ReelPerk in a way that knowingly collects testimonials from children. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete it.

The Service is operated from the United States. If you access the Service from outside the US, you understand that information will be transferred to, stored, and processed in the US. The US may not provide the same data-protection regime as your country of residence.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, for material changes affecting current users, provide additional notice (such as by email or in-product banner).

Privacy questions or requests: privacy@thinkdefinecreate.com.

Security disclosures: security@thinkdefinecreate.com.

THINK DEFINE CREATE LLC