Legal

Privacy Policy

Effective date: March 19, 2026  ·  Last updated: July 2, 2026

Tour Reels ("we," "us," or "our") is operated by Moonshine Media Group LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Tour Reels platform and services.

1. Information We Collect

Account and Business Information

Social Media Integration Data (Meta / Instagram / Facebook)

When you connect an Instagram Business Account or Facebook Page via Meta's OAuth flows, we receive and store only the data necessary to operate Tour Reels on your behalf. A detailed, permission-by-permission breakdown appears in Section 4 below. In summary, we collect:

We do NOT retrieve data from posts Tour Reels did not publish, we do NOT build profiles of commenters, we do NOT access private messages, and we do NOT request access to any permission we do not actively use.

Photos and Content

Reel Social AI Mobile App Account Data

Booking and Tour Data

Communications

Usage and Technical Data

2. How We Use Your Information

Service improvement and de-identified data. We use your content, usage information, and the engagement and performance outcomes of published posts (for example, likes, saves, shares, and reach) to operate, analyze, and improve the service — including developing and improving our features, recommendations, algorithms, and AI/machine-learning models. We also create aggregated and de-identified data derived from this information. Aggregated and de-identified data does not identify you, your business, or any individual; we may retain and use it indefinitely for purposes such as product development, analytics, benchmarking, and training and improving our models, including after your account is closed. We do not sell your data, and we do not use it for third-party advertising.

3. Third-Party Services

We share data with the following third-party service providers as necessary to operate Tour Reels:

We do not sell your data to third parties. We do not use your photos, tour content, or staff location for advertising purposes. We do not use any third-party advertising or tracking SDK.

4. Meta Platform Data — Permissions and Specific Uses

Tour Reels uses Meta's Graph API and Instagram Business Login under the following permissions. For each one, we disclose exactly what data we access, how we use it, and how long we retain it. We request only the permissions required to operate the features described below.

instagram_business_basic

instagram_business_content_publish

pages_show_list

pages_manage_posts

pages_read_engagement

pages_read_user_content

public_profile

All Meta access tokens are stored in our managed PostgreSQL database hosted by Railway, which provides encryption at rest at the infrastructure layer. Tokens are transmitted only over HTTPS/TLS and are deleted on disconnection or account deletion. You may revoke Tour Reels' access to your Meta accounts at any time via Facebook Settings → Apps and Websites, or by clicking "Disconnect" in Tour Reels Settings.

5. Data Retention

We retain each category of data for the minimum period necessary for the purpose disclosed above:

You may request deletion of your account and associated data at any time. See Section 13 or our Data Deletion Instructions.

6. Guest Consent and Photo Use

Tour Reels includes a consent management workflow. Before photos of identifiable guests are captioned or published, the system records consent status. We require our customers to obtain appropriate consent from guests and staff before using their likeness. Tour Reels customers are responsible for compliance with applicable privacy laws regarding guest photography.

7. Security

We implement industry-standard security measures including:

No system is completely secure. If you believe your account has been compromised, contact us immediately.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you. To exercise these rights, contact us at the address below. We will respond within 30 days.

9. Children's Privacy

Tour Reels is intended for use by businesses and is not directed at individuals under 18. We do not knowingly collect personal information from minors. Our AI photo analysis flags images that may contain minors for special handling.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify account holders of material changes via email. Continued use of Tour Reels after changes take effect constitutes acceptance of the updated policy.

11. Account Verification and Notifications

Tour Reels no longer operates a marketing or content-brief SMS program. Staff communication now happens inside the Reel Social AI mobile app.

Sign-in verification. When a staff member signs in to the app, a one-time verification code is sent by SMS to their phone number through Firebase Authentication. This is a transactional message required to log in; standard carrier message and data rates may apply. We do not store the codes, and phone numbers are not shared with third parties for marketing or promotional purposes.

Shot briefs and notifications. After a staff member allows notifications, pre-tour content briefs, submission confirmations, and contest updates are delivered as in-app push notifications (see Section 12), not SMS. Staff can disable notification categories in the app or revoke notification permission in their device settings at any time.

12. Reel Social AI Mobile App

Reel Social AI is the companion mobile app for Tour Reels, available on iOS (App Store) and Android (Google Play). It is used by tour staff (captains, guides, hosts, and drivers — collectively referred to here as "staff" or "captains") to submit photos directly from their phone to the tour business that employs them. This section describes data practices specific to the app.

Who sees your data. Photos and any associated metadata you upload through Reel Social AI are visible only to the tour business that issued your captain account (the "owner" account holder and their authorized team members). Tour Reels does not share your photos, your location, or your contact information with any third party for advertising, marketing, or profiling. Your tour-business owner is your employer, not a third party in the regulatory sense.

Account creation and authentication. Reel Social AI uses Google Firebase Authentication to verify your phone number via a one-time SMS code at sign-in. We receive a Firebase user identifier and your phone number. We do not receive your contacts, calendar, location, or any other device data through the authentication flow.

Camera and photo library access. The app requests permission to use your device's camera so you can capture tour photos to submit, and permission to access your photo library so you can select existing photos to submit. Photos are uploaded only when you explicitly tap Submit. The app does not scan, index, or upload any photo without your explicit submission action.

Photo location data — opt-in only, off by default. Photos taken by modern smartphones often include GPS coordinates inside the photo's metadata (EXIF). When you submit a photo, Reel Social AI reads this metadata so it can pass relevant fields (capture timestamp, camera info) to your tour business. GPS coordinates are NOT sent unless you have explicitly opted in via Settings → Privacy → Share Photo Location. This setting is OFF by default. When the setting is OFF, the server discards GPS data at the time of upload — it is never written to our database or visible to your business owner. You may turn the setting on or off at any time. Turning it OFF stops new uploads from including GPS; previously stored GPS coordinates can be removed by requesting account or photo deletion (see Section 13 contact below).

Reel Social AI does not use Location Services (Core Location on iOS or the Android Location API). The app does not track your live location at any time. The only location signal the app ever handles is the GPS field already embedded in the photos you choose to submit, and only when you have opted in.

Push notifications. If you allow the app to send notifications, we use the Expo push notification service to deliver: (a) a heads-up before a scheduled tour begins, (b) confirmations when your photos are approved, rejected, or selected as contest entries, (c) engagement milestones on posts that include your photos, and (d) monthly contest results. You can disable any of these categories at any time in Settings → Notifications, or revoke notification permission entirely in your device's system settings.

In-app analytics. The app does not embed any third-party analytics, advertising, or tracking SDK. Submission counts, approval rates, and engagement totals visible in the in-app leaderboard are derived from the photos you submit and the posts your business publishes; they are not used outside the app.

App Store privacy disclosures. The Apple App Store "App Privacy" labels and the Google Play "Data Safety" disclosures for Reel Social AI mirror the practices described in this Section 12 and in Sections 1, 2, 3, and 5 of this policy.

Account deletion. You may request deletion of your Reel Social AI account, your submitted photos, and all associated metadata (including any GPS coordinates) by contacting your tour-business owner (who can remove you from their staff roster) or by emailing the address in Section 13 of this policy. Deletion is processed within 30 days.

13. Contact Us

For privacy inquiries or data requests, contact:


Moonshine Media Group LLC
Operating Tour Reels
Email: info@moonshinemediagroup.com