Privacy Policy

This Privacy & Cookies Policy ("Policy") explains how ZEPHIRIX LTD, trading as "Reelzilla" ("Reelzilla," "we," "us," "our") collects, uses, discloses, and protects personal data when you use:

• our website reelzila.studio (the "Site"); and
• our AI-powered video-generation SaaS platform, applications, and related services (together, the "Service").

Reelzilla is operated by:

For most processing described in this Policy, ZEPHIRIX LTD is the "controller" under UK GDPR and (where applicable) EU GDPR. If you have any questions, please contact us at support@reelzila.studio

1. Scope & Relationship with Other Terms

This Policy applies to personal data we process about:

• visitors to the Site;
• individual users and representatives of business customers using the Service; and
• contacts, prospects, and other people who interact with us (e.g. by email or social media).

This Policy should be read together with our Terms & Conditions, which govern your use of the Service and describe certain AI-specific features (e.g. model training, content moderation, and acceptable use).

If you use the Service as part of an organization (e.g. your employer), that organization may be the controller for some data processed in the Service (e.g. Inputs and Outputs it manages); in those cases, we act as its processor under a separate agreement, and that organization's privacy notice may also apply.

2. Types of Data We Collect

We collect the following categories of personal data, depending on how you use the Site and Service:

2.1 Account & Contact Data

• Name, username, display name
• Email address and password (hashed)
• Workspace or company name; role or job title
• Contact preferences, language, time zone

2.2 Billing Data

• Credit purchase history
• Billing contact details
• Payment-related information (e.g. last 4 digits of card, card type, billing address) processed via our payment processor; we do not store full card numbers ourselves.

2.3 Service Usage & Technical Data

• Log-in records (date/time, IP address, device identifiers)
• Browser type, operating system, referring URLs
• Feature usage data (e.g. which tools you use, generation counts, success/error logs)
• Session activity, crash logs, and performance metrics

2.4 Content & Generation Data (Inputs and Outputs)

As an AI-powered video generation platform, we process:

• Inputs: text prompts, images, reference media, metadata (e.g. tags, project names), and other information you upload or enter into the Service.
• Outputs / Generated Content: AI-generated videos, frames, images, audio, thumbnails, intermediate representations, and associated metadata.

Inputs and Outputs may contain personal data, including faces, voices, or other biometric identifiers. You are responsible for ensuring you have all necessary rights and valid consents before uploading personal data of third parties.

2.5 Communications & Support Data

• Content of messages you send us (e.g. support tickets, feedback, feature requests)
• Recordings or transcripts of calls or video meetings if we host them and you are notified in advance
• Marketing preferences, such as whether you have opted into product updates or newsletters

2.6 Marketing & Analytics Data

• Cookie IDs and other online identifiers
• Page views, clickstream data, campaign performance
• Basic demographic inferences where available (at aggregated or pseudonymous level)

2.7 Special Categories of Data

We do not intentionally seek to collect "special category" data (e.g. data revealing racial or ethnic origin, political opinions, religious beliefs, health, or sexual orientation) through the Service. If such data appears in Inputs or Outputs, you are responsible for having lawful grounds (including explicit consent where needed) before uploading and using that content.

3. How We Collect Data

We collect personal data from the following sources:

• Directly from you when you create an Account, use the Service, contact us, or subscribe to marketing.
• Automatically via cookies and similar technologies when you visit the Site or use the Service (see Section 10).
• From third parties, such as payment processors, authentication providers (e.g. single sign-on), analytics and error-tracking vendors, and business partners or resellers who refer you to us.

4. Purposes and Legal Bases for Processing

Where UK/EU data protection law applies, we rely on the following legal bases:

• Contract – to provide the Service you have requested;
• Legitimate interests – e.g. improving our Service, preventing abuse, defending legal claims;
• Consent – e.g. for certain cookies, optional marketing, and specific model-training scenarios;
• Legal obligation – e.g. tax, accounting, regulatory compliance.

5. AI-Specific Processing: Content, Training & Safety

5.1 Service Operation

We process Inputs and Outputs in order to:

• generate content (e.g. videos) using AI Models;
• provide features like storage, editing, and export;
• maintain logs for troubleshooting and performance;
• detect and respond to abuse (e.g. non-consensual deepfakes, CSAM, hate content).

5.2 Model Improvement and Training

In addition to operating the Service, we may—if allowed by law and in line with our Terms:

• use de-identified or aggregated content and telemetry to train and improve our own models, safety systems, and product features;
• store limited content samples to review and improve generation quality and safety.

We do not use content for training where law requires consent and you have not given it.

5.3 Opt-Out / Withdrawal of Consent

You can opt-out (or withdraw consent) from having your content used for model improvement by:

• adjusting your settings in Account Settings → Data & Training (where available); or
• emailing us with your account/workspace details.

We may continue to process content and related data as necessary to provide the Service you requested, for security, fraud prevention, and abuse detection, or where required by law.

6. How We Share Personal Data

We share personal data only as needed for the purposes described in this Policy:

6.1 Service Providers (Processors)

We use carefully selected third-party service providers to help us run the Service, such as:

• cloud hosting and storage providers;
• payment processors;
• analytics and error-tracking services;
• communication and support platforms;
• AI model providers (where we route Inputs/Outputs through third-party models).

6.2 Business Customers & Workspace Admins

If you use the Service under an organization's Workspace, your Workspace owner/admin may see your profile, activity, and content within that Workspace. We may share account and billing information with your organization as needed to administer the subscription.

6.3 Legal & Compliance

We may disclose data:

• if required by law, court order, or government request;
• to establish, exercise, or defend legal claims; or
• to respond to legitimate requests in relation to safety or rights protection (e.g. DMCA-style copyright claims, NCII/CSAM reporting).

6.4 Corporate Transactions

If we are involved in a merger, acquisition, financing, or sale of all or part of our business, personal data may be transferred as part of that transaction, subject to appropriate protections.

6.5 With Your Consent

We may share data with third parties when you explicitly consent, e.g. integrating the Service with a third-party workflow tool or publishing content to a public gallery.

We do not sell your personal data in the sense of exchanging it for money.

7. International Data Transfers

We are located in the United Kingdom and may process personal data in the UK and other countries.

Where we transfer personal data from the UK or EEA to countries that do not have an adequacy decision, we implement appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission or UK equivalents; and/or
• other legally recognised transfer mechanisms.

You may request more information about these safeguards by contacting us.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including:

• as long as your Account is active or your organization uses the Service;
• for a reasonable period after termination to maintain records, resolve disputes, and enforce our agreements;
• as required by applicable law (e.g. tax and accounting rules).

Different categories of data may have different retention periods. Where data is no longer needed, we will delete or irreversibly anonymise it.

9. Security

We implement technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

While specific controls may evolve, they typically include:

• encryption in transit and at rest where appropriate;
• access controls and role-based permissions;
• logging and monitoring;
• secure development and testing practices;
• regular review of vendors and subprocessors.

No system is 100% secure, but we work to continuously improve our security posture.

10. Technical Data & Local Storage

We use strictly necessary local storage and session data for:

• Authentication and session management
• Remembering your preferences (e.g. UI settings)
• Security features

This data is essential for the Service to function and does not require consent under UK/EU rules. Most browsers allow you to manage local storage through their settings.

11. Your Rights

Your rights depend on where you live. This section summarises key rights under UK/EU data protection law and US/California law.

11.1 UK/EEA Data Subject Rights

If you are in the UK or EEA, you have the right to:

• Access: obtain confirmation whether we process your personal data and receive a copy.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of personal data where no longer necessary or where you withdraw consent (subject to legal exceptions).
• Restriction: request restriction of processing in certain situations.
• Portability: receive data you provided in a structured, commonly used format and have it transmitted to another controller where technically feasible.
• Objection: object to processing based on our legitimate interests, including direct marketing; we will honour this unless we have compelling legitimate grounds.
• Withdraw consent: withdraw consent at any time where processing is based on consent (e.g. certain cookies, marketing, some training uses).

You also have the right to lodge a complaint with your local data protection authority. In the UK, that is the Information Commissioner's Office (ICO).

11.2 California & Certain US States

If you are a resident of California or another US state with comprehensive privacy laws, you may have rights to:

• access and portability of certain information;
• deletion of personal information, subject to exceptions;
• correction of inaccurate personal information;
• information about categories of personal information collected, sources, purposes, and disclosures;
• not to receive discriminatory treatment for exercising your rights.

We do not sell your personal information and do not share it for cross-context behavioural advertising as those terms are defined under California law.

11.3 Exercising Your Rights

To exercise any of these rights (where applicable), please contact us at support@reelzila.studio and specify the right you wish to exercise and provide sufficient information to verify your identity.

Where we act as a processor for a business customer (e.g. your employer), we may direct you to contact that organization.

12. Children's Privacy

The Service is not intended for children under 13 (or under 16 where required by local law). We do not knowingly collect personal data from children in this age group. If we become aware that we have collected such data, we will take reasonable steps to delete it. If you believe a child has provided us with personal data, please contact us.

13. Third-Party Links & Services

The Site and Service may contain links to third-party websites, content, or services (e.g. cloud storage, social networks, other AI tools). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing personal data.

14. Changes to This Policy

We may update this Policy from time to time. We will indicate the "Effective date" at the top and, where changes are material, we will provide additional notice (e.g. via email or in-app notifications). If you continue to use the Site or Service after the revised Policy takes effect, you will be deemed to have accepted it.

15. Contact Details

If you have questions or concerns about this Policy or our data practices, or wish to exercise your rights, please contact us: