Legal
Privacy Policy
Effective date: March 19, 2026 · Last updated: July 2, 2026
Tour Reels ("we," "us," or "our") is operated by Moonshine Media Group LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Tour Reels platform and services.
1. Information We Collect
Account and Business Information
- Business name, owner name, email address, and phone number provided at signup
- Website URL and tour/activity product names
- Team member names and email addresses added to your account
- Staff (guide/captain/host/driver) names and phone numbers you add
Social Media Integration Data (Meta / Instagram / Facebook)
When you connect an Instagram Business Account or Facebook Page via Meta's OAuth flows, we receive and store only the data necessary to operate Tour Reels on your behalf. A detailed, permission-by-permission breakdown appears in Section 4 below. In summary, we collect:
- Instagram Business Account: username, numeric account ID, and a long-lived access token
- Facebook Page: Page ID, Page name, and a Page-scoped access token for the Page you explicitly connect
- IDs of posts we have published on your behalf, to enable later editing, deletion, and engagement retrieval
- Engagement metadata on posts Tour Reels published: like counts, comment counts, share counts, and impression/reach counts where available
- User-generated comment content and the commenter's public display name on posts Tour Reels published, so you (the Page admin) can read audience responses inside the Tour Reels dashboard
We do NOT retrieve data from posts Tour Reels did not publish, we do NOT build profiles of commenters, we do NOT access private messages, and we do NOT request access to any permission we do not actively use.
Photos and Content
- Photos captured or selected and uploaded by your staff using the Reel Social AI mobile app
- Photo metadata (EXIF) extracted from uploaded photos: capture timestamp, camera make and model, lens, focal length, exposure settings, and orientation
- GPS coordinates extracted from photo EXIF metadata, but only when the staff member has explicitly opted in via Settings → Privacy → Share Photo Location in the Reel Social AI app (off by default). See Section 12 for details
- An optional short text note that the staff member may attach to a submission to give context
- AI-generated captions, hashtags, and metadata associated with each post
- Photo analysis results generated by our AI service (subjects, mood, quality scores)
Reel Social AI Mobile App Account Data
- Phone number used to sign in (verified via one-time SMS code)
- A device identifier (Firebase user ID) returned by the phone-verification service to recognize the device on subsequent sign-ins
- Submission statistics (count of photos submitted, count approved, total likes earned) used for the in-app leaderboard and contest features
- Notification preferences and push notification device tokens (only if the staff member grants notification permission)
- Consent timestamps recording when the staff member accepted the participation consent and, separately, when (or if) they opted in to share photo location
Booking and Tour Data
- Tour schedule and booking information retrieved from Peek Pro (if you connect your Peek account) via the OCTO API
- Product names, departure times, and guest counts from upcoming bookings
Communications
- In-app and push notifications sent to your staff (tour reminders, post decisions, contest results)
- One-time SMS verification codes sent at sign-in via Firebase Authentication
- Consent records: whether a guest or captain has granted consent for photo use
Usage and Technical Data
- Log data: IP addresses, browser type, pages accessed, response times
- Cookie data used for authentication (httpOnly session cookies)
- Anonymized crash reports and performance metrics from the Reel Social AI mobile app, sent to Firebase Crashlytics (stack traces, device model, OS version, app version, and an install-scoped identifier — never your name, phone, email, photos, or location)
2. How We Use Your Information
- Operate and deliver the Tour Reels service (photo intake, caption generation, post scheduling)
- Send shot briefs and notifications to your staff through the app on your behalf
- Publish approved posts to your connected Instagram and Facebook accounts
- Sync tour schedule data from Peek Pro to trigger automated workflows
- Generate AI captions and analytics using your content and tour context
- Send transactional emails (account verification, password reset, team invitations)
- Provide customer support and respond to your inquiries
- Monitor platform health, security, and performance
- Analyze and improve the service, including our features, algorithms, and AI/machine-learning models (see below)
- Comply with legal obligations
Service improvement and de-identified data. We use your content, usage information, and the engagement and performance outcomes of published posts (for example, likes, saves, shares, and reach) to operate, analyze, and improve the service — including developing and improving our features, recommendations, algorithms, and AI/machine-learning models. We also create aggregated and de-identified data derived from this information. Aggregated and de-identified data does not identify you, your business, or any individual; we may retain and use it indefinitely for purposes such as product development, analytics, benchmarking, and training and improving our models, including after your account is closed. We do not sell your data, and we do not use it for third-party advertising.
3. Third-Party Services
We share data with the following third-party service providers as necessary to operate Tour Reels:
- Meta (Instagram / Facebook) — Your access token and account ID are transmitted to the Instagram Graph API to publish posts and retrieve engagement data. Subject to Meta's Privacy Policy.
- Anthropic — Photos and tour context are sent to Anthropic's Claude API for caption generation and photo analysis. Under Anthropic's commercial API terms, these inputs are processed only to return results to us and are not used by Anthropic to train its models. Subject to Anthropic's Privacy Policy.
- Cloudflare R2 — Photos uploaded through the app are stored in Cloudflare's object storage. Subject to Cloudflare's Privacy Policy.
- Resend — Transactional email delivery (verification, invitations, password resets). Subject to Resend's Privacy Policy.
- Peek Pro — If you provide a Peek API key, we access your booking data via the Peek OCTO API (read-only). Subject to Peek's Privacy Policy.
- Stripe — Subscription billing for team plans. Payment information is provided directly to Stripe and is not stored on Tour Reels servers. Subject to Stripe's Privacy Policy.
- RevenueCat / Apple / Google — Solo plans purchased in the Reel Social AI mobile app are processed as in-app subscriptions by Apple or Google; we use RevenueCat to manage subscription entitlements and receipts. We receive subscription status and an anonymized purchase identifier, not your payment card details. Subject to RevenueCat's Privacy Policy, Apple's Privacy Policy, and Google's Privacy Policy.
- Railway / Vercel — Cloud infrastructure providers hosting our backend, frontend, and managed PostgreSQL database. Servers are located in the United States. Subject to Railway's Privacy Policy and Vercel's Privacy Policy.
- Google (Firebase Authentication) — When a staff member signs in to the Reel Social AI mobile app, their phone number is sent to Firebase Authentication to deliver and verify a one-time SMS code. Firebase returns a per-device user identifier that we store to recognize the device on subsequent sign-ins. Subject to Firebase's Privacy Policy and Google's Privacy Policy.
- Expo (Push Notification Service) — When a staff member grants notification permission in the Reel Social AI mobile app, the app receives a push device token from the operating system, which we forward to Expo's push notification service to deliver in-app notifications (tour reminders, post decisions, contest results). Notification content is generated by Tour Reels and sent only to the device tied to the staff member who opted in. Subject to Expo's Privacy Policy.
- Google (Firebase Crashlytics) — When the Reel Social AI mobile app crashes or experiences a performance issue, anonymized crash reports and performance metrics are sent to Firebase Crashlytics so we can diagnose and fix bugs. Reports include the stack trace, device model, OS version, app version, and an install-scoped identifier — they do NOT include your name, phone number, email, photos, location, or any other personal data. The install identifier is not linked to your user account. Subject to Firebase's Privacy Policy.
- Apple / Google (App Stores and Push Networks) — When you install the Reel Social AI mobile app from the Apple App Store or Google Play Store, those platforms collect installation, usage, and crash data per their own policies. Push notifications are delivered through Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) respectively.
We do not sell your data to third parties. We do not use your photos, tour content, or staff location for advertising purposes. We do not use any third-party advertising or tracking SDK.
4. Meta Platform Data — Permissions and Specific Uses
Tour Reels uses Meta's Graph API and Instagram Business Login under the following permissions. For each one, we disclose exactly what data we access, how we use it, and how long we retain it. We request only the permissions required to operate the features described below.
instagram_business_basic
- What we retrieve: the username, numeric account ID, and account type of the Instagram Business Account you connect.
- How we use it: we display the connected account in your Tour Reels Settings page so you can confirm the correct account is linked, and we associate scheduled posts with the correct account internally.
- Retention: retained while the account is connected. Deleted immediately on disconnection or account deletion.
instagram_business_content_publish
- What we retrieve: this permission is used only to write (publish) content; no read data is retrieved.
- How we use it: solely to publish photos with captions and hashtags that you (the account owner) have explicitly approved inside the Tour Reels approval queue. No content is published without your action — every post is reviewed and approved by a human before publishing.
- Retention: published post IDs are stored so we can retrieve engagement on those posts later. IDs are deleted on disconnection or account deletion.
pages_show_list
- What we retrieve: during Facebook Login for Business, the list of Facebook Pages you manage, shown so you can select which Page to connect.
- How we use it: we store only the Page ID and Page name of the specific Page you explicitly connect. Pages you do not select are not stored.
- Retention: retained while the Page is connected. Deleted on disconnection or account deletion.
pages_manage_posts
- What we retrieve: this permission is used to create, edit, and delete posts on your connected Page. Post IDs are returned and stored.
- How we use it: solely to publish approved content, edit captions of published posts when you choose to, and delete posts when you choose to — all initiated from within the Tour Reels dashboard by you or an authorized teammate.
- Retention: Page access token is stored in our managed PostgreSQL database, which provides encryption at rest at the infrastructure layer. Tokens are deleted immediately on disconnection. Post IDs are retained to enable later edit, delete, and engagement sync, and deleted on account deletion.
pages_read_engagement
- What we retrieve: aggregate engagement counts (like count, comment count, share count, and where available, impression/reach counts) on posts that Tour Reels has published to your Page.
- How we use it: displayed in your Tour Reels Analytics dashboard so you can see which posts perform best. Aggregate counts feed our monthly contest leaderboard that recognizes staff whose photos earn the most engagement.
- What we do NOT do: we do not access engagement data on posts Tour Reels did not publish. We do not build profiles of your followers.
- Retention: engagement snapshots are stored while your Tour Reels account is active and deleted within 30 days of account closure.
pages_read_user_content
- What we retrieve: the text of comments left on posts that Tour Reels has published to your Page, together with the commenter's public display name and the comment timestamp. We do not retrieve email addresses, phone numbers, or any private data of commenters.
- How we use it: the comment text and display name are shown to you (the Page admin) in the Tour Reels dashboard so you can see what your audience is saying on content you published.
- What we do NOT do: we do not use commenter data for advertising, profile-building, targeting, resale, or any purpose beyond displaying it back to the Page admin. We do not access comments on posts Tour Reels did not publish.
- Retention: comment content is retained for up to 90 days and then automatically purged. Commenters may request deletion of data referring to them by emailing the address in Section 13.
public_profile
- What we retrieve: your Facebook user ID and public display name when you sign in via Facebook Login.
- How we use it: to authenticate you during the OAuth flow and associate the Facebook connection with your Tour Reels account.
- What we do NOT do: we do not publish to your personal Facebook profile. Tour Reels only publishes to the Facebook Page you explicitly connect.
- Retention: Facebook user ID retained while the account is connected; deleted on disconnection.
All Meta access tokens are stored in our managed PostgreSQL database hosted by Railway, which provides encryption at rest at the infrastructure layer. Tokens are transmitted only over HTTPS/TLS and are deleted on disconnection or account deletion. You may revoke Tour Reels' access to your Meta accounts at any time via Facebook Settings → Apps and Websites, or by clicking "Disconnect" in Tour Reels Settings.
5. Data Retention
We retain each category of data for the minimum period necessary for the purpose disclosed above:
- Account and business information: retained while your subscription is active, plus 30 days after cancellation to allow account recovery.
- Photos and captions: retained in Cloudflare R2 while your account is active; deleted within 30 days of account deletion.
- Meta access tokens: deleted immediately on platform disconnection or account deletion.
- Meta engagement data (likes, comments counts): retained while your account is active; deleted within 30 days of account closure.
- Facebook comment content and commenter display names (under pages_read_user_content): retained for up to 90 days, then automatically purged.
- Sign-in verification (SMS one-time codes): delivered by Firebase Authentication; we do not store the codes themselves. The verified phone number and Firebase user identifier are retained while the staff member is active (see below).
- Aggregated and de-identified data: data that does not identify you, your business, or any individual may be retained indefinitely for product improvement, analytics, benchmarking, and model training, including after account closure.
- Photo EXIF metadata (camera make/model, capture timestamp, exposure data): retained alongside the photo while your account is active; deleted with the photo within 30 days of account deletion.
- Photo GPS coordinates (only stored when the staff member opted in): retained alongside the photo while your account is active; deleted with the photo within 30 days of account deletion. If the staff member revokes the GPS opt-in, future uploads do not store GPS, but historical GPS already stored remains until photo deletion.
- Mobile app account data (Firebase user ID, push device tokens, notification preferences): retained while the staff member is active; deleted within 30 days of removal from the business or account deletion.
- Crash and performance reports (Firebase Crashlytics): retained per Firebase's default Crashlytics policy (typically 90 days for crash data and 60 days for performance traces). Reports are install-scoped and not linked to your user account, so deleting your account does not require a separate Crashlytics deletion request.
- Billing records: financial records may be retained for up to 7 years as required by U.S. tax law; these are minimized and do not include Meta platform data.
You may request deletion of your account and associated data at any time. See Section 13 or our Data Deletion Instructions.
6. Guest Consent and Photo Use
Tour Reels includes a consent management workflow. Before photos of identifiable guests are captioned or published, the system records consent status. We require our customers to obtain appropriate consent from guests and staff before using their likeness. Tour Reels customers are responsible for compliance with applicable privacy laws regarding guest photography.
7. Security
We implement industry-standard security measures including:
- HTTPS/TLS encryption for all data in transit
- HttpOnly, Secure cookies for session management
- Bcrypt password hashing
- Rate limiting on authentication endpoints
- Security headers via Helmet.js
No system is completely secure. If you believe your account has been compromised, contact us immediately.
8. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you. To exercise these rights, contact us at the address below. We will respond within 30 days.
9. Children's Privacy
Tour Reels is intended for use by businesses and is not directed at individuals under 18. We do not knowingly collect personal information from minors. Our AI photo analysis flags images that may contain minors for special handling.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify account holders of material changes via email. Continued use of Tour Reels after changes take effect constitutes acceptance of the updated policy.
11. Account Verification and Notifications
Tour Reels no longer operates a marketing or content-brief SMS program. Staff communication now happens inside the Reel Social AI mobile app.
Sign-in verification. When a staff member signs in to the app, a one-time verification code is sent by SMS to their phone number through Firebase Authentication. This is a transactional message required to log in; standard carrier message and data rates may apply. We do not store the codes, and phone numbers are not shared with third parties for marketing or promotional purposes.
Shot briefs and notifications. After a staff member allows notifications, pre-tour content briefs, submission confirmations, and contest updates are delivered as in-app push notifications (see Section 12), not SMS. Staff can disable notification categories in the app or revoke notification permission in their device settings at any time.
12. Reel Social AI Mobile App
Reel Social AI is the companion mobile app for Tour Reels, available on iOS (App Store) and Android (Google Play). It is used by tour staff (captains, guides, hosts, and drivers — collectively referred to here as "staff" or "captains") to submit photos directly from their phone to the tour business that employs them. This section describes data practices specific to the app.
Who sees your data. Photos and any associated metadata you upload through Reel Social AI are visible only to the tour business that issued your captain account (the "owner" account holder and their authorized team members). Tour Reels does not share your photos, your location, or your contact information with any third party for advertising, marketing, or profiling. Your tour-business owner is your employer, not a third party in the regulatory sense.
Account creation and authentication. Reel Social AI uses Google Firebase Authentication to verify your phone number via a one-time SMS code at sign-in. We receive a Firebase user identifier and your phone number. We do not receive your contacts, calendar, location, or any other device data through the authentication flow.
Camera and photo library access. The app requests permission to use your device's camera so you can capture tour photos to submit, and permission to access your photo library so you can select existing photos to submit. Photos are uploaded only when you explicitly tap Submit. The app does not scan, index, or upload any photo without your explicit submission action.
Photo location data — opt-in only, off by default. Photos taken by modern smartphones often include GPS coordinates inside the photo's metadata (EXIF). When you submit a photo, Reel Social AI reads this metadata so it can pass relevant fields (capture timestamp, camera info) to your tour business. GPS coordinates are NOT sent unless you have explicitly opted in via Settings → Privacy → Share Photo Location. This setting is OFF by default. When the setting is OFF, the server discards GPS data at the time of upload — it is never written to our database or visible to your business owner. You may turn the setting on or off at any time. Turning it OFF stops new uploads from including GPS; previously stored GPS coordinates can be removed by requesting account or photo deletion (see Section 13 contact below).
Reel Social AI does not use Location Services (Core Location on iOS or the Android Location API). The app does not track your live location at any time. The only location signal the app ever handles is the GPS field already embedded in the photos you choose to submit, and only when you have opted in.
Push notifications. If you allow the app to send notifications, we use the Expo push notification service to deliver: (a) a heads-up before a scheduled tour begins, (b) confirmations when your photos are approved, rejected, or selected as contest entries, (c) engagement milestones on posts that include your photos, and (d) monthly contest results. You can disable any of these categories at any time in Settings → Notifications, or revoke notification permission entirely in your device's system settings.
In-app analytics. The app does not embed any third-party analytics, advertising, or tracking SDK. Submission counts, approval rates, and engagement totals visible in the in-app leaderboard are derived from the photos you submit and the posts your business publishes; they are not used outside the app.
App Store privacy disclosures. The Apple App Store "App Privacy" labels and the Google Play "Data Safety" disclosures for Reel Social AI mirror the practices described in this Section 12 and in Sections 1, 2, 3, and 5 of this policy.
Account deletion. You may request deletion of your Reel Social AI account, your submitted photos, and all associated metadata (including any GPS coordinates) by contacting your tour-business owner (who can remove you from their staff roster) or by emailing the address in Section 13 of this policy. Deletion is processed within 30 days.
13. Contact Us