REI Social Machine — Privacy Policy

Effective Date: April 22, 2026 Last Updated: April 22, 2026

IMPORTANT DISCLAIMER: This document is a template drafted by an AI assistant. It has NOT been reviewed by a licensed attorney. Before publishing this policy (including for Meta App Access Verification), you MUST have it reviewed and finalized by a qualified attorney. Privacy law varies by jurisdiction and changes over time.

1. Introduction

Deal Genius Investments LLC ("DGI," "we," "us," "our") operates REI Social Machine (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Service.

By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

When you sign up and use the Service, we collect:

  • Account information: name, email address, password (hashed), phone number, business name
  • Business information: company name, website, address, owner name, geographic market, pain points you target, brand colors, logo, tagline
  • Payment information: processed by Stripe. We do not store your full credit card number. We retain the last four digits, card type, and billing address.
  • Platform authorization tokens: OAuth tokens from Facebook, Instagram, YouTube, and TikTok when you connect those accounts
  • Content and settings: your configured content mix, cadence, cast selection, approval preferences
  • Communications: emails, support tickets, feedback you send us

2.2 Information from Connected Platforms

When you connect social media accounts, we receive from those platforms:

  • Your Facebook Page ID and name
  • Your Instagram Business Account ID and name
  • Permission tokens to post content and read engagement metrics
  • Aggregate engagement data (likes, comments, shares, reach) for posts we published

We do NOT collect:

  • Your personal profile data
  • Private messages or DMs
  • Contact lists of your followers
  • Information about your followers' identities

2.3 Information We Generate

  • AI-generated content created for your account (text, images, videos)
  • Usage data (login times, feature usage, API call counts)
  • Support and audit logs

2.4 Information Collected Automatically

  • IP address
  • Browser type and version
  • Device type
  • Pages visited on our dashboard
  • Timestamps of actions taken

We use cookies and similar technologies for authentication, session management, and analytics.

3. How We Use Information

We use collected information to:

  • Deliver the Service: generate, schedule, and publish content to your connected platforms
  • Process payments: via Stripe
  • Improve the Service: aggregate, anonymized usage data helps us identify bugs and improvement opportunities
  • Communicate: send service notifications, billing receipts, security alerts, and product updates
  • Provide support: respond to your requests
  • Comply with law: respond to legal requests, enforce our Terms, prevent fraud

We do NOT:

  • Sell your personal information
  • Use your content to train AI models outside of your own account
  • Share your business data with competitors
  • Use your connected platform data for any purpose other than delivering the Service

4. How We Share Information

4.1 Third-Party Service Providers

We share data with third-party vendors strictly as necessary to operate the Service. Current vendors include:

  • Payment processing (e.g., Stripe)
  • Database and authentication hosting (e.g., Supabase)
  • AI content generation providers (e.g., Anthropic, Higgsfield, kie.ai, ElevenLabs)
  • Social media platforms you connect (e.g., Meta, Google, ByteDance)
  • Workflow orchestration and error monitoring (e.g., Inngest, Sentry)
  • Web hosting (e.g., Vercel)

This list may change as we update our technology stack. We will update this policy to reflect material changes to our vendor relationships. Each vendor has its own privacy practices. We select vendors with commercially reasonable security standards but cannot guarantee their practices.

4.2 Legal Requirements

We may disclose information if required by law, subpoena, or to protect the rights, property, or safety of DGI, our users, or others.

4.3 Business Transfers

If we are acquired or merged, your information may be transferred to the acquiring party.

4.4 With Your Consent

We may share your information with third parties with your explicit consent.

5. Data Retention

  • Active account data: retained for the duration of your subscription
  • Cancelled accounts: archived for 30 days after cancellation, then permanently deleted from active systems
  • Records required by law: payment records, tax records, and audit records are retained as required by applicable law and industry standards (typically seven years)
  • Support tickets: retained for two (2) years
  • Audit and security logs: retained for one (1) year
  • Backup archives: subject to normal retention cycles and may persist beyond the deletion window before rolling off

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal information we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your data (subject to legal retention requirements)
  • Data portability: request your data in a machine-readable format
  • Objection: object to certain processing of your data
  • Withdraw consent: for processing that requires your consent

6.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising your rights

6.2 European Residents (GDPR)

If you are in the European Economic Area, you have additional rights under the GDPR:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object

6.3 Data Deletion Request

To exercise any of these rights, email privacy@dealgeniusinvestments.com, submit a request through our data deletion page at reisocialmachine.com/data-deletion, or use the account deletion feature in your dashboard. We will respond as required by applicable law, typically within 30 days.

7. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your information, including:

  • Encryption in transit (HTTPS/TLS)
  • Industry-standard encryption at rest for sensitive data
  • Encrypted storage of third-party platform authorization tokens
  • Role-based access controls for DGI personnel
  • Regular security reviews
  • Incident response procedures

No security measure is perfect. We cannot guarantee absolute security.

8. Data Breach Notification

If we experience a confirmed data breach that materially affects your personal information, we will notify affected users as required by applicable law. Where feasible, we aim to notify within 72 hours of confirming a breach, consistent with applicable law and best practices.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from minors. If we learn we have collected information from a minor, we will delete it.

10. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US. By using the Service, you consent to this transfer.

11. Third-Party Platforms

When you connect Facebook, Instagram, YouTube, or TikTok to the Service, you are also subject to their privacy policies:

We are not responsible for the privacy practices of third-party platforms.

12. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential cookies — authentication, session management, security. These cannot be disabled while using the Service.
  • Analytics cookies — anonymous usage patterns to improve the Service. You can opt out via browser settings or our cookie preference tool (when available).
  • Preference cookies — remembering your settings and preferences.

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning.

If you access the Service from the European Economic Area or the United Kingdom, we will present a cookie consent banner when required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' notice via email and on our website. Continued use of the Service after the effective date of changes constitutes acceptance.

14. Contact Us

For privacy questions or requests:

Deal Genius Investments LLC Florida, United States Email: privacy@dealgeniusinvestments.com Website: dealgeniusinvestments.com Data Deletion: reisocialmachine.com/data-deletion

[ATTORNEY REVIEW REQUIRED BEFORE PUBLICATION]