ReactionSaaS

Effective date: June 18, 2026

Last updated: June 18, 2026

Privacy Policy

This policy describes our privacy practices. It is not legal advice. Have qualified counsel review before relying on it for compliance decisions.

1. Introduction

ReactionSaaS, Inc. ("ReactionSaaS," "we," "us," or "our") provides software that helps businesses measure and improve interactive video engagement through ReactionSDK (overlays and interaction analytics on marketing video) and ReactifySDK (reaction threads, user-generated reaction video, and related embeds).

We are a Delaware corporation with principal business operations in California. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:

  • visit reactionsaas.com or related sites (the "Site");
  • create an account or use our dashboard, APIs, or paid services (a "Customer");
  • interact with video or embeds powered by our SDKs on a Customer's website, store, or funnel (an "End User"); or
  • record or upload a reaction video through ReactifySDK (a "Participant").

By using the Site or our services, you agree to this Privacy Policy. This policy should be read together with our Terms of Service. It does not apply to third-party websites or platforms that Customers integrate with (for example Shopify or WordPress checkout flows); those parties have their own privacy practices.

2. Our roles: controller and processor

For Customer account, billing, and Site data, ReactionSaaS generally determines how personal information is used.

For End User interaction data and Participant content collected via SDKs on a Customer's properties, we often act as a service provider / processor on the Customer's instructions. Customers are responsible for their own privacy notices and for obtaining required consents from End Users and Participants.

Enterprise Customers may receive additional terms in a Data Processing Addendum (DPA).

3. Information we collect

3.1 Customers

We may collect:

  • Account and contact: name, email, company, role, credentials (stored hashed).
  • Billing: payment tokens and billing details processed by Stripe (and, where applicable, Shopify billing).
  • Usage and support: dashboard activity, API usage, support messages, IP address, browser and device type.
  • Integrations: store domain, OAuth tokens, and installation metadata when you connect platforms such as Shopify or WordPress.

3.2 End Users (ReactionSDK and embed viewers)

When End Users interact with Customer embeds, where consent is required we collect it before recording reaction data. We may collect:

  • Interaction events: taps, polls, ratings, sliders, CTA clicks, playback milestones, and timestamps.
  • Technical and pseudonymous identifiers: session IDs, hashed device identifiers, browser/OS, screen size class, referrer (which may be truncated or hashed), country or region where available, and campaign, thread, or template identifiers.

Through ReactionSDK interaction telemetry we do not record or store the End User's camera, microphone, or the underlying marketing video.

3.3 Participants (ReactifySDK)

When someone records or uploads a reaction video, we may collect:

  • User Content: video and audio uploaded to our storage (for example AWS S3), including merged outputs where applicable.
  • Metadata: thread ID, parent reaction ID, duration, and related technical identifiers.

User Content may include personal information such as voice, likeness, or background. Participants should only submit content they have rights to share.

3.4 Automatically collected

We collect log data, cookies, and similar technologies on the Site (see Section 8). We may use hashed IP addresses and related signals for security, rate limiting, and fraud prevention.

4. How we use information

We use personal information to:

  1. Provide and operate the Site, dashboard, SDKs, merges, and embeds.
  2. Deliver analytics to Customers (engagement, drop-off, creative performance, thread metrics).
  3. Authenticate accounts, secure services, and enforce our terms.
  4. Process billing and manage subscriptions.
  5. Send service, security, and product communications (marketing where permitted; you may opt out).
  6. Improve products using aggregated or de-identified data.
  7. Comply with law and protect rights, safety, and security.

We do not sell personal information for third-party cross-context behavioral advertising. We do not use End User interaction data to build unrelated advertising profiles for unrelated third parties.

We share analytics and pseudonymous engagement data with the Customer whose embed or thread collected it.

5. How we share information

We may share personal information with:

  • Customers — End User and Participant data from their campaigns and threads.
  • Service providers — hosting (for example Vercel), databases (MongoDB), object storage (AWS S3), email delivery, payments (Stripe), analytics, monitoring, and CRM or lifecycle tools we configure.
  • Platform partners — when you connect integrations such as Shopify.
  • Professional advisors — legal, accounting, and insurance providers.
  • Business transfers — merger, acquisition, or asset sale.
  • Legal and safety — to comply with law, respond to lawful requests, or protect rights and security.

We require service providers to use data only to perform services for us under contract. A subprocessor list is available on request at help@reactionsaas.com.

6. Retention

  • Reaction and interaction events: default 90 days, then deleted or anonymized by automated jobs unless a longer period is agreed in writing (for example Enterprise).
  • Aggregated or anonymized metrics: may be retained longer where they no longer constitute personal information.
  • Customer account and billing: for the life of the account plus periods required for legal, tax, or audit purposes.
  • Reactify User Content: per Customer settings, thread lifecycle, and storage policy; may be deleted when threads are removed or accounts are closed.

7. Security

We use administrative, technical, and organizational measures including TLS in transit, encrypted cloud infrastructure, and access controls. See our Security page. No method of transmission or storage is completely secure; you are responsible for safeguarding your account credentials.

8. Cookies and analytics

We use cookies and similar technologies on the Site for authentication, preferences, and analytics (for example Vercel Analytics). You can control cookies through browser settings. SDK embeds on Customer sites may use local storage or cookies for session and consent state; Customers configure consent UX where required.

We do not respond to "Do Not Track" signals in a uniform way across all browsers.

9. Your privacy rights

9.1 California residents (CCPA / CPRA)

California residents may have the right to know, access, correct, delete, opt out of sale or sharing, and limit use of sensitive personal information. ReactionSaaS does not sell personal information as defined by CPRA for unrelated advertising. We share End User data with Customers as part of the service; Customers are responsible for their own CPRA notices to End Users.

We will not discriminate against you for exercising privacy rights. Authorized agents may submit verified requests on your behalf.

9.2 Other U.S. states and international users

Residents of other states with privacy laws and individuals in the EEA, UK, or Switzerland may have additional rights (access, rectification, erasure, restriction, portability, objection, and complaint to a supervisory authority). Personal information may be processed in the United States and other countries where we or our providers operate. We use appropriate safeguards for cross-border transfers where required.

9.3 End Users and Participants

If your data was collected on a Customer's site, contact that publisher first. We will assist Customers with verified requests where we act as processor.

9.4 How to submit a request

Email help@reactionsaas.com with subject line "Privacy Request." We aim to respond within 45 days, extendable where permitted by law. We may verify your identity before fulfilling a request.

10. Children

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16 without appropriate authorization. Contact help@reactionsaas.com if you believe we collected a child's data.

11. Changes

We may update this Privacy Policy. We will post the revised version on the Site and update the "Last updated" date. Material changes may be notified by email or prominent notice where required by law.

12. Governing law and dispute jurisdiction

ReactionSaaS, Inc. is incorporated in Delaware and operates principally from California. To the fullest extent permitted by applicable law, this Privacy Policy and any dispute, claim, or controversy arising out of or relating to it or our privacy practices shall be governed by the laws of the State of California, without regard to conflict-of-law principles that would require the application of another jurisdiction's laws.

Except where prohibited by applicable law, you agree that the state and federal courts located in California shall have exclusive jurisdiction over any dispute, claim, or controversy arising out of or relating to this Privacy Policy or our handling of personal information, and you consent to the personal jurisdiction and venue of those courts.

Nothing in this section limits any rights you may have under applicable consumer privacy laws, including the right to bring claims in another forum where such laws expressly permit.

13. Contact us

ReactionSaaS, Inc.
Delaware corporation — principal operations in California, United States

Email: help@reactionsaas.com

For a mailing address or registered agent details, contact help@reactionsaas.com.

← Home · Terms of Service · Security