Privacy Policy

Effective: May 23, 2026 · Last updated: May 23, 2026

This Privacy Policy explains what data Reeva ("we", "us", "Reeva") collects when you use the Reeva mobile app, why we collect it, who we share it with, and the rights you have over your data.

Reeva is published by Metin Güner, an independent developer. If you have any privacy questions, write to mtngnr7@gmail.com.

1. Quick summary

No tracking, no ads. Reeva does not show ads, does not use an advertising SDK, does not collect your advertising identifier (IDFA / AAID), and does not share your data with data brokers.
You're in control. You can delete your account and all associated data from inside the app at any time.
Minimum data, clear purpose. We collect what we need to authenticate you, render your videos, and run subscriptions — and nothing else.

2. Data we collect

Reeva collects the following categories of data. The "Linked to you" column means the data is associated with your account on our backend.

Data	Linked to you?	Purpose	Where it goes
Email address	Yes	Account, sign-in, account-recovery emails	Supabase (our auth provider)
User ID (random UUID)	Yes	Linking your renders, subscription, credits	Supabase
Photos you upload	Yes	Source image for the AI video render you requested	Cloudflare R2 (storage) and fal.ai (the AI render provider)
Generated videos	Yes	Showing them in your gallery, letting you download them	Cloudflare R2
Purchase history (subscription, credit packs)	Yes	Granting subscription access and credits	RevenueCat (our IAP provider) and Supabase
Push notification token	Yes	Letting you know when a render finishes	Firebase Cloud Messaging
Crash logs and basic diagnostics	No (not linked to your user ID)	Fixing bugs and stability issues	Firebase Crashlytics
Approximate device locale and OS version	No	Localized UI and compatibility	On-device only (sent only as HTTP headers)

We do not collect: your real name, your phone number, your contacts, your precise location, your browsing history, your microphone audio, or any biometric data.

3. Who we share data with

Reeva relies on a small set of carefully chosen service providers to run the app. Each one is bound by their own privacy policy and is contractually limited to processing your data only for Reeva's benefit:

Supabase — authentication and database. Hosted in the EU (Frankfurt). Supabase privacy policy.
fal.ai — AI render provider. Photos you upload are sent to fal.ai to produce your video. fal.ai may retain the request briefly to deliver the result and for service reliability. fal.ai privacy policy.
Cloudflare R2 — object storage for your uploaded photos and finished videos. Cloudflare privacy policy.
RevenueCat — manages your subscription and credit-pack purchases on top of Apple App Store / Google Play. RevenueCat privacy policy.
Firebase (Google) — push notifications, crash reporting. Only the three Firebase products listed above are enabled. Google privacy policy.
Apple App Store / Google Play — payment processing for subscriptions and credit packs. We never receive your payment-card data; only the purchase event.

We do not sell your data, and we do not share it with advertisers, marketing networks, or data brokers.

4. AI-generated content and prompt moderation

Photos and prompts you submit are passed through automated moderation to detect disallowed content (for example, sexual or violent imagery). Moderation is performed by AWS Rekognition (for images) and OpenAI Moderation (for text prompts). These providers receive only the content of the specific render request and do not retain it beyond the moderation call.

The videos Reeva produces are generated by AI models hosted by fal.ai. You own the videos you create through Reeva, subject to the Terms of Service.

5. How long we keep your data

Account data (email, user ID, purchase history): kept while your account exists. Deleted on request.
Uploaded photos: automatically purged from temporary storage 30 days after upload (lifecycle rule on the uploads/ bucket). The originals are never re-used beyond completing your render.
Generated videos: kept until you delete them from the app, or until you delete your account.
Crash logs: retained by Firebase Crashlytics for up to 90 days by default.
Push notification token: deleted when you sign out or revoke notification permission.

6. Your rights

Depending on where you live, you may have rights over your personal data under laws such as the EU GDPR, the UK GDPR, California's CCPA / CPRA, and Turkey's KVKK. Reeva grants the following to all users, regardless of jurisdiction:

Right to access — request a copy of the personal data we hold about you. In the app: Settings → Export my data.
Right to delete — permanently delete your account and all associated data. In the app: Settings → Delete account. This cascades through Supabase, R2, and RevenueCat.
Right to correct — update your email by contacting us.
Right to withdraw consent — you can revoke notification permission and disable analytics from your device settings at any time.
Right to lodge a complaint — EU users may complain to their local data-protection authority; Turkish users may apply to KVKK.

To exercise any of these rights, write to mtngnr7@gmail.com. We respond within 30 days.

7. Children

Reeva is not directed to children under 13. In the EU, the age threshold for processing under the GDPR is 16 in some member states. If you are under the applicable age in your country, do not use Reeva. If we learn that we have collected personal data from a child below the applicable age without parental consent, we will delete it.

8. International transfers

Reeva's primary backend (Supabase) is hosted in the EU. Other providers — fal.ai, RevenueCat, Cloudflare, Firebase — operate from multiple regions including the United States. By using Reeva you acknowledge that your data may be processed in countries outside your own. We rely on the standard contractual clauses and the providers' own safeguards for international transfers.

9. Security

Data in transit is encrypted with TLS (HTTPS). Data at rest is encrypted by our providers using industry-standard algorithms. Access to the production backend is limited to the developer using strong authentication. No system is perfectly secure; if we ever experience a breach affecting your personal data, we will notify you and the relevant authorities within the timelines required by applicable law (72 hours under GDPR).

10. Tracking, advertising, and cookies

Reeva does not display ads and does not engage in cross-app tracking. On iOS, Reeva does not show the App Tracking Transparency prompt because the app does not track. On Android, no advertising identifier is collected.

This website (the one you're reading) does not set any cookies and does not run any analytics or tracking scripts. It's plain HTML.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top and, for material changes, notify you inside the app on next launch. Continued use of Reeva after a change means you accept the updated policy.

12. Contact

Privacy questions, data requests, or anything else:
mtngnr7@gmail.com