Legal

Privacy Policy

Effective date: March 19, 2026  ·  Last updated: March 19, 2026

Tour Reels ("we," "us," or "our") is operated by Moonshine Media Group LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Tour Reels platform and services.

1. Information We Collect

Account and Business Information

• Business name, owner name, email address, and phone number provided at signup
• Website URL and tour/activity product names
• Team member names and email addresses added to your account
• Staff (guide/captain/host/driver) names and phone numbers you add

Social Media Integration Data

• Instagram Business account ID and access tokens obtained through Meta's Instagram Business Login flow
• Facebook Page ID and related credentials (when Facebook integration is enabled)
• Post performance data (likes, comments, reach) retrieved from the Instagram Graph API

Photos and Content

• Photos sent by your staff via SMS (MMS) to the Tour Reels system number
• AI-generated captions, hashtags, and metadata associated with each post
• Photo analysis results generated by our AI service (subjects, mood, quality scores)

Booking and Tour Data

• Tour schedule and booking information retrieved from Peek Pro (if you connect your Peek account) via the OCTO API
• Product names, departure times, and guest counts from upcoming bookings

Communications

• SMS messages sent to and received from your staff via Twilio
• Consent records: whether a guest or captain has granted consent for photo use

Usage and Technical Data

• Log data: IP addresses, browser type, pages accessed, response times
• Cookie data used for authentication (httpOnly session cookies)

2. How We Use Your Information

• Operate and deliver the Tour Reels service (photo intake, caption generation, post scheduling)
• Send shot brief and consent SMS messages to your staff on your behalf
• Publish approved posts to your connected Instagram and Facebook accounts
• Sync tour schedule data from Peek Pro to trigger automated workflows
• Generate AI captions and analytics using your content and tour context
• Send transactional emails (account verification, password reset, team invitations)
• Provide customer support and respond to your inquiries
• Monitor platform health, security, and performance
• Comply with legal obligations

3. Third-Party Services

We share data with the following third-party service providers as necessary to operate Tour Reels:

• Meta (Instagram / Facebook) — Your access token and account ID are transmitted to the Instagram Graph API to publish posts and retrieve engagement data. Subject to Meta's Privacy Policy.
• Twilio — SMS/MMS delivery and receipt. Staff phone numbers and message content are processed by Twilio. Subject to Twilio's Privacy Policy.
• Anthropic — Photos and tour context are sent to Anthropic's Claude API for caption generation and photo analysis. Subject to Anthropic's Privacy Policy.
• Cloudflare R2 — Photos received via SMS are stored in Cloudflare's object storage. Subject to Cloudflare's Privacy Policy.
• Resend — Transactional email delivery (verification, invitations, password resets). Subject to Resend's Privacy Policy.
• Peek Pro — If you provide a Peek API key, we access your booking data via the Peek OCTO API (read-only). Subject to Peek's Privacy Policy.
• Railway / Vercel — Cloud infrastructure providers hosting our backend and frontend. Data is stored in Railway's managed PostgreSQL database.

We do not sell your data to third parties. We do not use your photos or tour content for advertising purposes.

4. Data Retention

We retain your account data for as long as your subscription is active. Photos are stored in Cloudflare R2 and retained for operational purposes. You may request deletion of your account and associated data at any time by contacting us.

SMS message logs are retained for operational and troubleshooting purposes. Instagram access tokens are stored encrypted and are refreshed automatically; revoked tokens are deleted.

5. Guest Consent and Photo Use

Tour Reels includes a consent management workflow. Before photos of identifiable guests are captioned or published, the system records consent status. We require our customers to obtain appropriate consent from guests and staff before using their likeness. Tour Reels customers are responsible for compliance with applicable privacy laws regarding guest photography.

6. Security

We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• HttpOnly, Secure cookies for session management
• Bcrypt password hashing
• Rate limiting on authentication endpoints
• Security headers via Helmet.js

No system is completely secure. If you believe your account has been compromised, contact us immediately.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you. To exercise these rights, contact us at the address below. We will respond within 30 days.

8. Children's Privacy

Tour Reels is intended for use by businesses and is not directed at individuals under 18. We do not knowingly collect personal information from minors. Our AI photo analysis flags images that may contain minors for special handling.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify account holders of material changes via email. Continued use of Tour Reels after changes take effect constitutes acceptance of the updated policy.

10. Contact Us