Legal

Privacy Policy

Effective date: March 19, 2026  ·  Last updated: April 30, 2026

Tour Reels ("we," "us," or "our") is operated by Moonshine Media Group LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Tour Reels platform and services.

1. Information We Collect

Account and Business Information

• Business name, owner name, email address, and phone number provided at signup
• Website URL and tour/activity product names
• Team member names and email addresses added to your account
• Staff (guide/captain/host/driver) names and phone numbers you add

Social Media Integration Data (Meta / Instagram / Facebook)

When you connect an Instagram Business Account or Facebook Page via Meta's OAuth flows, we receive and store only the data necessary to operate Tour Reels on your behalf. A detailed, permission-by-permission breakdown appears in Section 4 below. In summary, we collect:

• Instagram Business Account: username, numeric account ID, and a long-lived access token
• Facebook Page: Page ID, Page name, and a Page-scoped access token for the Page you explicitly connect
• IDs of posts we have published on your behalf, to enable later editing, deletion, and engagement retrieval
• Engagement metadata on posts Tour Reels published: like counts, comment counts, share counts, and impression/reach counts where available
• User-generated comment content and the commenter's public display name on posts Tour Reels published, so you (the Page admin) can read audience responses inside the Tour Reels dashboard

We do NOT retrieve data from posts Tour Reels did not publish, we do NOT build profiles of commenters, we do NOT access private messages, and we do NOT request access to any permission we do not actively use.

Photos and Content

• Photos sent by your staff via SMS (MMS) to the Tour Reels system number
• Photos captured or selected and uploaded by your staff using the Reel Social AI mobile app
• Photo metadata (EXIF) extracted from uploaded photos: capture timestamp, camera make and model, lens, focal length, exposure settings, and orientation
• GPS coordinates extracted from photo EXIF metadata, but only when the staff member has explicitly opted in via Settings → Privacy → Share Photo Location in the Reel Social AI app (off by default). See Section 12 for details
• An optional short text note that the staff member may attach to a submission to give context
• AI-generated captions, hashtags, and metadata associated with each post
• Photo analysis results generated by our AI service (subjects, mood, quality scores)

Reel Social AI Mobile App Account Data

• Phone number used to sign in (verified via one-time SMS code)
• A device identifier (Firebase user ID) returned by the phone-verification service to recognize the device on subsequent sign-ins
• Submission statistics (count of photos submitted, count approved, total likes earned) used for the in-app leaderboard and contest features
• Notification preferences and push notification device tokens (only if the staff member grants notification permission)
• Consent timestamps recording when the staff member accepted the participation consent and, separately, when (or if) they opted in to share photo location

Booking and Tour Data

• Tour schedule and booking information retrieved from Peek Pro (if you connect your Peek account) via the OCTO API
• Product names, departure times, and guest counts from upcoming bookings

Communications

• SMS messages sent to and received from your staff via Twilio
• Consent records: whether a guest or captain has granted consent for photo use

Usage and Technical Data

• Log data: IP addresses, browser type, pages accessed, response times
• Cookie data used for authentication (httpOnly session cookies)
• Anonymized crash reports and performance metrics from the Reel Social AI mobile app, sent to Firebase Crashlytics (stack traces, device model, OS version, app version, and an install-scoped identifier — never your name, phone, email, photos, or location)

2. How We Use Your Information

• Operate and deliver the Tour Reels service (photo intake, caption generation, post scheduling)
• Send shot brief and consent SMS messages to your staff on your behalf
• Publish approved posts to your connected Instagram and Facebook accounts
• Sync tour schedule data from Peek Pro to trigger automated workflows
• Generate AI captions and analytics using your content and tour context
• Send transactional emails (account verification, password reset, team invitations)
• Provide customer support and respond to your inquiries
• Monitor platform health, security, and performance
• Comply with legal obligations

3. Third-Party Services

We share data with the following third-party service providers as necessary to operate Tour Reels:

• Meta (Instagram / Facebook) — Your access token and account ID are transmitted to the Instagram Graph API to publish posts and retrieve engagement data. Subject to Meta's Privacy Policy.
• Twilio — SMS/MMS delivery and receipt. Staff phone numbers and message content are processed by Twilio. Subject to Twilio's Privacy Policy.
• Anthropic — Photos and tour context are sent to Anthropic's Claude API for caption generation and photo analysis. Subject to Anthropic's Privacy Policy.
• Cloudflare R2 — Photos received via SMS are stored in Cloudflare's object storage. Subject to Cloudflare's Privacy Policy.
• Resend — Transactional email delivery (verification, invitations, password resets). Subject to Resend's Privacy Policy.
• Peek Pro — If you provide a Peek API key, we access your booking data via the Peek OCTO API (read-only). Subject to Peek's Privacy Policy.
• Stripe — Subscription billing. Payment information is provided directly to Stripe and is not stored on Tour Reels servers. Subject to Stripe's Privacy Policy.
• Railway / Vercel — Cloud infrastructure providers hosting our backend, frontend, and managed PostgreSQL database. Servers are located in the United States. Subject to Railway's Privacy Policy and Vercel's Privacy Policy.
• Google (Firebase Authentication) — When a staff member signs in to the Reel Social AI mobile app, their phone number is sent to Firebase Authentication to deliver and verify a one-time SMS code. Firebase returns a per-device user identifier that we store to recognize the device on subsequent sign-ins. Subject to Firebase's Privacy Policy and Google's Privacy Policy.
• Expo (Push Notification Service) — When a staff member grants notification permission in the Reel Social AI mobile app, the app receives a push device token from the operating system, which we forward to Expo's push notification service to deliver in-app notifications (tour reminders, post decisions, contest results). Notification content is generated by Tour Reels and sent only to the device tied to the staff member who opted in. Subject to Expo's Privacy Policy.
• Google (Firebase Crashlytics) — When the Reel Social AI mobile app crashes or experiences a performance issue, anonymized crash reports and performance metrics are sent to Firebase Crashlytics so we can diagnose and fix bugs. Reports include the stack trace, device model, OS version, app version, and an install-scoped identifier — they do NOT include your name, phone number, email, photos, location, or any other personal data. The install identifier is not linked to your user account. Subject to Firebase's Privacy Policy.
• Apple / Google (App Stores and Push Networks) — When you install the Reel Social AI mobile app from the Apple App Store or Google Play Store, those platforms collect installation, usage, and crash data per their own policies. Push notifications are delivered through Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) respectively.

We do not sell your data to third parties. We do not use your photos, tour content, or staff location for advertising purposes. We do not use any third-party advertising or tracking SDK.

4. Meta Platform Data — Permissions and Specific Uses

Tour Reels uses Meta's Graph API and Instagram Business Login under the following permissions. For each one, we disclose exactly what data we access, how we use it, and how long we retain it. We request only the permissions required to operate the features described below.

instagram_business_basic

• What we retrieve: the username, numeric account ID, and account type of the Instagram Business Account you connect.
• How we use it: we display the connected account in your Tour Reels Settings page so you can confirm the correct account is linked, and we associate scheduled posts with the correct account internally.
• Retention: retained while the account is connected. Deleted immediately on disconnection or account deletion.

instagram_business_content_publish

• What we retrieve: this permission is used only to write (publish) content; no read data is retrieved.
• How we use it: solely to publish photos with captions and hashtags that you (the account owner) have explicitly approved inside the Tour Reels approval queue. No content is published without your action — every post is reviewed and approved by a human before publishing.
• Retention: published post IDs are stored so we can retrieve engagement on those posts later. IDs are deleted on disconnection or account deletion.

pages_show_list

• What we retrieve: during Facebook Login for Business, the list of Facebook Pages you manage, shown so you can select which Page to connect.
• How we use it: we store only the Page ID and Page name of the specific Page you explicitly connect. Pages you do not select are not stored.
• Retention: retained while the Page is connected. Deleted on disconnection or account deletion.

pages_manage_posts

• What we retrieve: this permission is used to create, edit, and delete posts on your connected Page. Post IDs are returned and stored.
• How we use it: solely to publish approved content, edit captions of published posts when you choose to, and delete posts when you choose to — all initiated from within the Tour Reels dashboard by you or an authorized teammate.
• Retention: Page access token is stored in our managed PostgreSQL database, which provides encryption at rest at the infrastructure layer. Tokens are deleted immediately on disconnection. Post IDs are retained to enable later edit, delete, and engagement sync, and deleted on account deletion.

pages_read_engagement

• What we retrieve: aggregate engagement counts (like count, comment count, share count, and where available, impression/reach counts) on posts that Tour Reels has published to your Page.
• How we use it: displayed in your Tour Reels Analytics dashboard so you can see which posts perform best. Aggregate counts feed our monthly contest leaderboard that recognizes staff whose photos earn the most engagement.
• What we do NOT do: we do not access engagement data on posts Tour Reels did not publish. We do not build profiles of your followers.
• Retention: engagement snapshots are stored while your Tour Reels account is active and deleted within 30 days of account closure.

pages_read_user_content

• What we retrieve: the text of comments left on posts that Tour Reels has published to your Page, together with the commenter's public display name and the comment timestamp. We do not retrieve email addresses, phone numbers, or any private data of commenters.
• How we use it: the comment text and display name are shown to you (the Page admin) in the Tour Reels dashboard so you can see what your audience is saying on content you published.
• What we do NOT do: we do not use commenter data for advertising, profile-building, targeting, resale, or any purpose beyond displaying it back to the Page admin. We do not access comments on posts Tour Reels did not publish.
• Retention: comment content is retained for up to 90 days and then automatically purged. Commenters may request deletion of data referring to them by emailing the address in Section 13.

public_profile

• What we retrieve: your Facebook user ID and public display name when you sign in via Facebook Login.
• How we use it: to authenticate you during the OAuth flow and associate the Facebook connection with your Tour Reels account.
• What we do NOT do: we do not publish to your personal Facebook profile. Tour Reels only publishes to the Facebook Page you explicitly connect.
• Retention: Facebook user ID retained while the account is connected; deleted on disconnection.

All Meta access tokens are stored in our managed PostgreSQL database hosted by Railway, which provides encryption at rest at the infrastructure layer. Tokens are transmitted only over HTTPS/TLS and are deleted on disconnection or account deletion. You may revoke Tour Reels' access to your Meta accounts at any time via Facebook Settings → Apps and Websites, or by clicking "Disconnect" in Tour Reels Settings.

5. Data Retention

We retain each category of data for the minimum period necessary for the purpose disclosed above:

• Account and business information: retained while your subscription is active, plus 30 days after cancellation to allow account recovery.
• Photos and captions: retained in Cloudflare R2 while your account is active; deleted within 30 days of account deletion.
• Meta access tokens: deleted immediately on platform disconnection or account deletion.
• Meta engagement data (likes, comments counts): retained while your account is active; deleted within 30 days of account closure.
• Facebook comment content and commenter display names (under pages_read_user_content): retained for up to 90 days, then automatically purged.
• SMS message logs: retained for operational and carrier-compliance purposes for the duration of enrollment plus a reasonable period thereafter.
• Photo EXIF metadata (camera make/model, capture timestamp, exposure data): retained alongside the photo while your account is active; deleted with the photo within 30 days of account deletion.
• Photo GPS coordinates (only stored when the staff member opted in): retained alongside the photo while your account is active; deleted with the photo within 30 days of account deletion. If the staff member revokes the GPS opt-in, future uploads do not store GPS, but historical GPS already stored remains until photo deletion.
• Mobile app account data (Firebase user ID, push device tokens, notification preferences): retained while the staff member is active; deleted within 30 days of removal from the business or account deletion.
• Crash and performance reports (Firebase Crashlytics): retained per Firebase's default Crashlytics policy (typically 90 days for crash data and 60 days for performance traces). Reports are install-scoped and not linked to your user account, so deleting your account does not require a separate Crashlytics deletion request.
• Billing records: financial records may be retained for up to 7 years as required by U.S. tax law; these are minimized and do not include Meta platform data.

You may request deletion of your account and associated data at any time. See Section 13 or our Data Deletion Instructions.

6. Guest Consent and Photo Use

Tour Reels includes a consent management workflow. Before photos of identifiable guests are captioned or published, the system records consent status. We require our customers to obtain appropriate consent from guests and staff before using their likeness. Tour Reels customers are responsible for compliance with applicable privacy laws regarding guest photography.

7. Security

We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• HttpOnly, Secure cookies for session management
• Bcrypt password hashing
• Rate limiting on authentication endpoints
• Security headers via Helmet.js

No system is completely secure. If you believe your account has been compromised, contact us immediately.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you. To exercise these rights, contact us at the address below. We will respond within 30 days.

9. Children's Privacy

Tour Reels is intended for use by businesses and is not directed at individuals under 18. We do not knowingly collect personal information from minors. Our AI photo analysis flags images that may contain minors for special handling.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify account holders of material changes via email. Continued use of Tour Reels after changes take effect constitutes acceptance of the updated policy.

11. SMS Communications and Consent

Tour Reels uses Twilio to send and receive SMS text messages between tour businesses and their staff (guides, captains, hosts, and drivers). Phone numbers and consent records collected as part of the SMS opt-in process are used solely to operate the Tour Reels messaging service.

No sharing of SMS opt-in data. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories described above exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Information sharing with subprocessors that support SMS delivery (such as Twilio) is permitted solely for the purpose of delivering the messaging service.

Opt-in process. When a tour business adds a staff member's phone number to Tour Reels, the staff member receives a single SMS asking them to reply YES to opt in. No further messages of any kind are sent until the staff member explicitly consents by replying YES. The complete opt-in flow, including exact message text, is documented at tourreels.com/consent.

Message types and frequency. After opting in, staff may receive: (a) pre-tour content briefs with photo and video tips, (b) content submission confirmations, and (c) monthly leaderboard or contest updates. Message frequency varies based on tour schedule. Message and data rates may apply.

How to opt out. Staff may opt out at any time by replying STOP to any message. Replying HELP returns program and support information. Once a staff member opts out, all SMS messaging from Tour Reels ceases immediately.

Data retention. SMS message logs and consent records are retained for operational and compliance purposes for the duration of the staff member's enrollment, plus a reasonable period thereafter to satisfy carrier and legal requirements.

12. Reel Social AI Mobile App

Reel Social AI is the companion mobile app for Tour Reels, available on iOS (App Store) and Android (Google Play). It is used by tour staff (captains, guides, hosts, and drivers — collectively referred to here as "staff" or "captains") to submit photos directly from their phone to the tour business that employs them. This section describes data practices specific to the app.

Who sees your data. Photos and any associated metadata you upload through Reel Social AI are visible only to the tour business that issued your captain account (the "owner" account holder and their authorized team members). Tour Reels does not share your photos, your location, or your contact information with any third party for advertising, marketing, or profiling. Your tour-business owner is your employer, not a third party in the regulatory sense.

Account creation and authentication. Reel Social AI uses Google Firebase Authentication to verify your phone number via a one-time SMS code at sign-in. We receive a Firebase user identifier and your phone number. We do not receive your contacts, calendar, location, or any other device data through the authentication flow.

Camera and photo library access. The app requests permission to use your device's camera so you can capture tour photos to submit, and permission to access your photo library so you can select existing photos to submit. Photos are uploaded only when you explicitly tap Submit. The app does not scan, index, or upload any photo without your explicit submission action.

Photo location data — opt-in only, off by default. Photos taken by modern smartphones often include GPS coordinates inside the photo's metadata (EXIF). When you submit a photo, Reel Social AI reads this metadata so it can pass relevant fields (capture timestamp, camera info) to your tour business. GPS coordinates are NOT sent unless you have explicitly opted in via Settings → Privacy → Share Photo Location. This setting is OFF by default. When the setting is OFF, the server discards GPS data at the time of upload — it is never written to our database or visible to your business owner. You may turn the setting on or off at any time. Turning it OFF stops new uploads from including GPS; previously stored GPS coordinates can be removed by requesting account or photo deletion (see Section 13 contact below).

Reel Social AI does not use Location Services (Core Location on iOS or the Android Location API). The app does not track your live location at any time. The only location signal the app ever handles is the GPS field already embedded in the photos you choose to submit, and only when you have opted in.

Push notifications. If you allow the app to send notifications, we use the Expo push notification service to deliver: (a) a heads-up before a scheduled tour begins, (b) confirmations when your photos are approved, rejected, or selected as contest entries, (c) engagement milestones on posts that include your photos, and (d) monthly contest results. You can disable any of these categories at any time in Settings → Notifications, or revoke notification permission entirely in your device's system settings.

In-app analytics. The app does not embed any third-party analytics, advertising, or tracking SDK. Submission counts, approval rates, and engagement totals visible in the in-app leaderboard are derived from the photos you submit and the posts your business publishes; they are not used outside the app.

App Store privacy disclosures. The Apple App Store "App Privacy" labels and the Google Play "Data Safety" disclosures for Reel Social AI mirror the practices described in this Section 12 and in Sections 1, 2, 3, and 5 of this policy.

Account deletion. You may request deletion of your Reel Social AI account, your submitted photos, and all associated metadata (including any GPS coordinates) by contacting your tour-business owner (who can remove you from their staff roster) or by emailing the address in Section 13 of this policy. Deletion is processed within 30 days.

13. Contact Us