ReelmsReelms

Safety & Privacy

Deep Dive: Safety, Privacy
& Data Governance

01 — Core Pillars of Privacy

Data Minimization

We only collect what is strictly necessary to provide the service.

Transparency

You should never have to guess how your data is being used.

User Control

Tools to export, delete, or restrict your data are built-in, not buried.

Security Excellence

Using industry-leading encryption and threat detection.

02 — Data Collection & Usage Logic

Understanding what happens behind the scenes is crucial. The table below categorizes the types of data we interact with.

Data CategoryExamplesPurposeRetention Period
Identity DataEmail, Username, IP AddressAccount security and session management.Duration of account life.
Interaction DataPrompts, Feedback, SettingsImproving model accuracy and personalization.18–24 months (de-identified).
Technical DataBrowser type, Latency logsTroubleshooting and system optimization.30–90 days.
Sensitive DataFinancial info, Health (if provided)Specifically encrypted; never used for training.Immediate encryption / Short-term.

03 — How We Protect Your Conversations

Encryption Standards

In Transit: All data is encrypted using TLS 1.2+ (Transport Layer Security) to prevent man-in-the-middle attacks.

At Rest: Data stored on our servers uses AES-256 encryption, the same standard used by banks and government agencies.

The Anonymization Pipeline

Before any data is used to improve our systems, it undergoes a scrubbing process. Personal identifiers are detected and redacted before data reaches the research database.

Example: If a user types, “My name is John Doe and I live in New York, help me with my taxes,” our safety filters identify and redact “John Doe” and “New York” before the data reaches the research database.

04 — Advanced Safety Measures

Automated Classifiers

These scan for Prohibited Content — hate speech, self-harm, or illegal acts — before any data is processed or stored.

Differential Privacy

A mathematical technique that adds “noise” to datasets. This allows us to learn patterns from a crowd without being able to identify a single individual.

P(M(D₁) ∈ O) ≤ eε · P(M(D₂) ∈ O)

The probability of an outcome O is nearly identical whether or not a specific individual’s data is included.

Red Teaming

We hire ethical hackers to try and “break” our privacy protocols to find vulnerabilities before bad actors do.

05 — Your Rights & Controls

Data Portability

You can request a full export of your interaction history at any time. We provide this in standard .json or .csv formats.

The “Forget Me” Option

Under GDPR and CCPA regulations, you have the Right to Erasure.

Individual Deletion: Delete specific chats.

Account Deletion: Permanently wipe all associated data from our active production databases within 30 days.

06 — Third-Party Sharing Policies

We do not sell your personal information to data brokers. Sharing only occurs in these specific scenarios:

Legal Compliance: When served with a valid legal warrant or subpoena.

Service Providers: Infrastructure partners (like cloud hosting) who are contractually bound to the same privacy standards.

Safety Emergency: To prevent imminent physical harm or threats to public safety.

07 — Enterprise & Corporate Data Governance

For professional environments, the “Safety” definition shifts from general privacy to Intellectual Property (IP) Protection and Compliance.

The Enterprise “Zero-Retention” Policy

No Training on Corporate Data: Unlike consumer versions, prompts and outputs from Enterprise accounts are never used to train the underlying models.

Workspace Isolation: Your data is siloed within your organization's instance. Information from "Company A" can never leak into the responses of "Company B."

Compliance & Certifications

StandardDescriptionRelevance
ISO/IEC 27001Information Security ManagementEnsures systematic risk management.
SOC 2 Type IITrust Services CriteriaIndependent audit of security and confidentiality.
GDPRGeneral Data Protection RegulationProtects the rights of EU-based employees and clients.
HIPAAHealth Insurance Portability(Optional) Compliance for medical/healthcare professionals.

08 — Educational Safety & Student Privacy

When tools are used in a classroom setting (K–12 or Higher Ed), we apply a specialized safety layer designed for minors and academic integrity.

Student Privacy Protections (COPPA & FERPA)

COPPA Compliance: We do not collect personal information from children under 13 without verifiable parental/school consent.

FERPA Alignment: Data is handled in accordance with the Family Educational Rights and Privacy Act, ensuring student records remain confidential and are only used for educational purposes.

Academic Integrity & Content Filtering

Strict Age-Appropriate Filtering: Our "Safety Classifiers" are tuned to a higher sensitivity for educational licenses, blocking adult content, extremist views, and age-inappropriate language.

Anti-Plagiarism Guardrails: While we assist in learning, we provide tools for educators to understand how AI is used in the writing process to maintain academic honesty.

Proactive Mentorship Tone: The AI is programmed to act as a tutor, not a shortcut, encouraging critical thinking by providing explanations rather than just final answers.

09 — Comparative Security Framework

How your data is treated based on the environment.

FeatureIndividual (Free/Pro)Corporate (Enterprise)Educational (School)
Model TrainingOptional (Opt-out available)Strictly ProhibitedStrictly Prohibited
Admin ControlsSelf-managedCentralized IT DashboardSchool/District Admin
Data OwnershipShared/User100% Client OwnedManaged via FERPA
Safety FiltersStandardCustom ProfessionalMaximum/Age-Strict

Security Summary

End-to-End Encryption (Transit)

SOC2 Type II Compliance

Multi-Factor Authentication (MFA) Support

Regular Independent Security Audits

Pro Tip

For maximum privacy, avoid sharing sensitive Personally Identifiable Information (PII) like Social Security Numbers or credit card details directly in chat interfaces, even with high-level encryption.