Compliance Status
SOC 2 Type IIIn Progress — Expected Q3 2026
HIPAA Eligibility (Sovereign plan)Eligible — BAA available on request
GDPR (EU data residency)Sovereign users can link EU-based Google Workspace
Encryption at restAES-256-GCM — keys never touch Reelo servers
Encryption in transitTLS 1.3 enforced
How Reelo Handles Your Data
Free & Pro usersVideos stored on Cloudflare R2 (global CDN)
Sovereign & Team usersVideos stored directly in your Google Drive — Reelo only stores the file ID
Encryption keysGenerated in your browser — never transmitted to Reelo servers
SOP annotationsAES-256-GCM encrypted client-side before storage
Audit logsEvery view, share, and access event is logged and queryable
Data deletionAccount deletion removes all videos, views, comments, and metadata immediately