Reels BlockerReels Blocker
Legal

Privacy Policy

Last updated: May 13, 2026

Plain-English Summary

Reels Blocker is a tool that helps you watch fewer reels. We built it to give you back time — not to surveil you. In one paragraph:

  • All of your reel counts and watch history live locally in your browser. They never leave your device by default.
  • The only personal data we store on our servers is the data needed to run an account and apply a paid plan: your email, an authentication identifier, and Stripe payment metadata (never your card).
  • If — and only if — you press "Run AI Reality Check", the Extension sends the titles and counts of your recent reels from your device directly to OpenAI to generate a report.
  • We don't sell your data, we don't use it for advertising, and we don't use third-party advertising trackers.

1. Who We Are

In this Privacy Policy, "Reels Blocker", "we", "us", and "our" refer to the operator of the Reels & Shorts Limit Blocker Chrome extension (the "Extension") and the website at reelsblocker.app (the "Site"). This policy covers both. For contact details, see section 12.

2. What the Extension Collects (Locally)

The Extension stores the following data locally on your device using chrome.storage.local. This data is not sent to our servers:

  • Daily reel counts per platform (YouTube, Instagram, Facebook) for the current 24-hour window.
  • Watch log (last 7 days): for each reel you watch, we record the platform, a video identifier extracted from the URL, a best-effort title (read from the page's og:title meta tag or document.title), and a timestamp. We do not store the video itself, comments, captions, transcripts, DOM contents, or anything you typed.
  • Your settings: daily limits per platform, Mindful Mode toggle, notification toggle, optional first name (so motivational notifications can address you), and category filter settings.
  • Block state: which platforms are currently blocked because you crossed the limit, and when the next reset occurs.
  • AI report cache: the most recent AI Reality Check result (if you ran one), so you can re-open it without re-running.
  • Extension token: a random opaque token issued by our Site when you redeem an activation code. It tells the Extension that you have an active Pro plan.

Uninstalling the Extension or clearing your browser's extension storage removes all of this local data.

3. What the Site Collects (On Our Servers)

We collect the minimum data needed to operate accounts and purchases:

  • Account: your email address and an authentication identifier (managed by Supabase Auth). We do not store passwords in plain text — Supabase stores a salted hash.
  • Purchases (subscriptions table): the plan you bought (starter_2mo or pro_6mo), the Stripe checkout session ID, the Stripe customer ID, the amount in cents, the start date, and the expiry date.
  • Activation codes: short, single-use codes we generate so the Extension can claim your plan after purchase. These expire and are marked as consumed once redeemed.
  • Extension tokens: opaque tokens we issue to your installed Extension after activation, plus a last seen timestamp.
  • Pending purchases: if you complete checkout before creating a Site account, we temporarily store the Stripe session ID, the email entered at checkout, and the plan, so you can claim the purchase later. This record is deleted or marked claimed once linked to your account.
  • Server logs: our hosting provider (Vercel) records standard request logs — IP address, user agent, requested URL, status code, timestamp — for security, abuse prevention, and debugging.

We never see or store your full card number. Card data is collected and handled directly by Stripe.

4. What We Do Not Collect

  • We don't read, store, or transmit your social-media DMs or messages.
  • We don't collect the content of individual videos, comments, captions, transcripts, or posts.
  • We don't track your browsing on any website other than YouTube, Instagram, and Facebook — and on those, we only read reel/short URL patterns and the page's public og:title meta tag.
  • We don't use third-party advertising or marketing trackers on the Site or in the Extension.
  • We don't sell or rent your personal data to anyone. Ever.

5. Chrome Extension Permissions, Explained

The Extension requests only the permissions listed below, each for a specific reason that maps directly to a feature:

  • storage — to save your daily counts, 7-day watch log, settings, and Extension token locally on your device.
  • tabs — to detect when you open a supported platform so the Extension can show the counter widget, run the Mindful Mode gate, or redirect you to the block screen when you cross your limit.
  • alarms — to reset 24-hour counters and to schedule optional motivational notifications.
  • notifications — to show motivational and limit-reached notifications (you can disable this in settings).
  • host permissions on youtube.com, instagram.com, facebook.com — to count reels/shorts and apply your limit on those sites only.
  • host permission on api.openai.com — used only when you run the AI Reality Check (see section 6).
  • host permission on reelsblocker.app — to redeem activation codes and check your Pro plan status with our Site.

The Extension is also marked as externally connectable with the Site so the Site can hand the Extension your activation code after you sign in. No other domains can talk to the Extension.

6. The AI Reality Check Feature

The AI Reality Check is the one feature that sends information off your device. It runs only when you press the button. Each run does the following:

  • The Extension reads your 7-day watch log from local storage and extracts the list of titles only (no URLs, no metadata beyond the title) and the total count.
  • The Extension sends those titles and counts directly to OpenAI's API (api.openai.com/v1/chat/completions) along with a prompt that asks for a blunt "reality check" report.
  • OpenAI returns a JSON report. The report is stored locally so you can re-open it. The raw prompt and response are not stored on our servers.

OpenAI's handling of this request is governed by the OpenAI privacy policy and API data-usage terms. You should not run the AI Reality Check if the titles in your watch log contain information you are not comfortable sharing with OpenAI.

7. How We Use Data

We use the data described above only for these purposes:

  • To run the Service: authenticate you, enforce limits, activate Pro features, and keep your Extension and Site account in sync.
  • To process payments: share what Stripe needs to charge you (and only that), record purchase metadata, and apply refunds.
  • To generate AI Reality Check reports — only when you initiate one.
  • To prevent abuse, fraud, and Service disruption (e.g., rate-limiting, blocking obvious bot traffic).
  • To respond to support emails you send us.
  • To comply with law when we are legally required to (e.g., responding to a valid legal request).

We do not use your data for personalized advertising or profiling.

8. Service Providers (Sub-Processors)

We rely on the following providers to operate the Service. Each handles your data under their own privacy terms, and we share only what is necessary for them to perform their function.

  • Stripe — payment processing and storage of card data. Stripe receives your name, email, billing address (if provided), card details, and amount.
  • Supabase — authentication and database hosting. Supabase stores your email, hashed password, and our database tables.
  • OpenAI — generates the AI Reality Check report. Receives only what is described in section 6, and only when you initiate a run.
  • Vercel — hosts the Site and produces standard server request logs.

9. Data Retention

  • Account data — kept while your account is active. You can request deletion at any time (see section 10).
  • Purchase records — retained for as long as required by tax, accounting, and consumer-protection laws (commonly up to 7 years), even after account deletion.
  • Activation codes — automatically expire; we prune unused codes after expiry.
  • Pending purchases — deleted or marked claimed once linked to an account, or auto-pruned if never claimed.
  • Server logs — typically 30 days, longer only if needed to investigate a specific abuse incident.
  • Local Extension data — lives on your device and is removed when you uninstall the Extension or clear the browser's extension storage.

10. Your Rights

Depending on where you live (for example, in the EU/EEA, UK, California, or other jurisdictions with similar laws), you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data (we may retain a minimum for legal/tax compliance);
  • export your data in a portable format;
  • object to or restrict certain processing, and withdraw consent where processing relies on it;
  • lodge a complaint with your local data-protection authority.

To exercise any of these rights, send us a message via our Contact us page from the email tied to your account. We may need to verify your identity before acting on the request.

11. Children

The Service is not directed at children under 13 (or the higher minimum age that applies in your country). We do not knowingly collect personal data from children below that age. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Security

We use commonly accepted industry measures to protect your data: TLS for data in transit, hashed credentials, scoped access controls, and row-level security on our database tables. However, no online service is 100% secure. If we ever discover a personal data breach that affects you, we will notify you as required by applicable law.

13. International Transfers

Our service providers may store and process data in countries other than your country of residence (for example, the United States). Where required by law, we rely on appropriate safeguards (such as standard contractual clauses) for those transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email or via the Site. We encourage you to review this page periodically.

15. Contact

For privacy questions, data requests, or any concern about how we handle your data, reach out via our Contact us page.

See also our Terms of Service.