Privacy Policy

Last Updated On: July 8, 2026

RHEI Global Privacy Policy

Last Updated On: July 8, 2026

A. ABOUT THIS POLICY

This Privacy Policy explains how RHEI Creations Corp. and its affiliates (“RHEI”, “we”, “us”, or “our”) collect, use, disclose, and protect personal data through our platforms, including the Made platform (www.getmade.ai), Data Pro, Rights Pro, Audience Pro, and other products or services we offer.

This policy is designed to reflect key privacy principles and legal requirements in jurisdictions where RHEI operates, including the United States, United Kingdom, European Economic Area, and Canada. While we implement measures intended to meet applicable obligations, the scope and applicability of specific legal requirements may vary by user location and product use.

1. Scope And Application

This Privacy Policy applies to individuals whose personal data RHEI collects, uses, or otherwise processes in the course of its operations. This includes users, creators, clients, job applicants, event participants, and website visitors—where RHEI holds or processes their personal data. It covers personal data collected through:

  • Our current and future products and services, including Made, Data Pro, Rights Pro, Reach Pro, Audience Pro and any related tools, features, or service offerings we develop
  • Websites and mobile applications operated by RHEI
  • Support channels and customer service interactions
  • Referrals, affiliate or invitation programs
  • Webinar registration and attendance, or event sign-ups and participation (virtual or in person)
  • Submissions to talent or partnership intake forms and creator portals
  • Product feedback and testing programs (including beta or early access pilots)
  • Social media interactions, such as mentions, messages, or comment engagement
  • Recorded demos, onboarding sessions, or support calls
  • Recruitment and application processes for employment or contractor roles

For the purposes of this Privacy Policy:

“Personal data” or “personal information” means any information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, to a particular individual. This includes, but is not limited to, contact details, account credentials, user-generated content, device and usage data, payment and transaction information, online identifiers, and any inferences drawn from such data.

The precise definition of personal data or personal information may vary depending on your jurisdiction. For example, it includes “personal data” as defined under the GDPR and UK GDPR, and “personal information” as defined under the California Consumer Privacy Act (CCPA/CPRA).

Inclusion in this Policy does not imply a contractual relationship with RHEI, but reflects that RHEI may process your personal data based on your interactions with our services or content.

This Policy also applies to personal data collected indirectly from publicly available sources or through automated or technical means, such as:

  • Metadata or content publicly posted on digital platforms (e.g., YouTube)
  • Analytics and usage logs
  • Cookies, IP addresses, and online identifiers
  • Inferred data and engagement metrics

This Policy does not apply to websites, applications, services, or platforms that are not owned or controlled by RHEI, even if we provide links to them or integrate with them. These may include, for example, platforms such as YouTube, Google, Meta, Instagram, LinkedIn, TikTok, third-party payment providers, or ad technology services.

We are not responsible for the privacy practices of such third parties, and we encourage you to review their privacy policies before interacting with their services.

2. Personal Data We Collect

We collect the following categories of personal data (this list may expand as our platform evolves and may include additional information required for identity verification or legal compliance):

  • Identity and Contact Data (e.g., name, email address, phone number, mailing address, social handles)
  • Authentication Data (e.g., account credentials, session ID, OAuth login tokens, and platform usernames from third-party login providers such as Apple or Google), and connected-platform OAuth access tokens, refresh tokens, authorization scopes, account IDs, and related authorization records for integrations such as TikTok and YouTube
  • User-Generated Content (e.g., prompts, uploaded personal photos, audio, video, comments, replies, playlists, and channel-related assets used in or for AI output generation)
  • Usage and Device Data (e.g., features accessed, frequency and duration of use, user behavior during app interaction, and technical logs such as IP address, browser type, and device identifiers)
  • Audience and Community Interaction Data (e.g., tipping activity, likes, replies, follows, direct messages, or other user-to-creator engagement through RHEI-operated features)
  • Public Platform Information (e.g., publicly available YouTube comments, playlists, channel metadata, or other platform information retrieved via APIs or visible through user interactions, and connected-platform profile or creator information made available through authorized APIs, including TikTok account or creator information where the user has granted the applicable permissions)
  • Identity Verification Data (e.g., government-issued ID, date of birth, IP-based location, or other documentation requested to verify your identity, age, or jurisdictional eligibility for features such as monetization, tipping, or legal compliance)
  • Payment and Transaction Data (e.g., billing address, transaction history, preferred payment method, and last four digits of payment card)
  • Performance and Revenue Data (e.g., viewership, monetization performance, payout history, and content metrics drawn from YouTube channels and other integrated services)
  • Inferred or Derived Data (e.g., user engagement patterns, feature usage, behavioral profiles, or content suitability ratings generated from system analytics)
  • Communications and Support Data (e.g., emails, help tickets, chat transcripts, call recordings, or other correspondence, including email open rates, browser type, and approximate IP-based location for performance analysis)
  • Optional Biographical or Demographic Information (e.g., country, preferred language, education history, interests, or age range)
  • Professional Information (e.g., company, title, talent bios, or materials submitted via partnership intake or outreach forms)
  • Audio/Visual Recordings (e.g., recordings of demos, onboarding sessions, webinars, or support calls, where applicable and with notice)
  • Generated Creative Assets (e.g., AI-generated images, video clips, captions, and other creator tools based on your prompts or preferences)

We may also collect personal data about third parties that you include in content, submissions, or referrals (e.g., names, voices, or images). If you provide such information, you are responsible for ensuring you have obtained any necessary consents or lawful basis to share it with us. In such cases, you are responsible for ensuring you have the legal right to share such information with us.

3. APPLICANT AND RECRUITMENT DATA

If you apply for a job or internship with RHEI, we may collect and process personal data for recruitment and hiring purposes. This includes:

Application and Recruitment Data (e.g., resume/CV, education history, employment history, work authorization status, skills, certifications, references, salary expectations, location preferences, and other information submitted through our Careers portal, by mail, delivery or electronic transmission, or during interviews)

We use this information to:

  • Evaluate your application and assess qualifications
  • Contact you regarding your application
  • Manage interview logistics and perform background checks (where permitted)
  • Maintain a record of your application for future roles (unless you request deletion)
  • Comply with legal and regulatory employment obligations

We may share this data with RHEI personnel involved in the hiring process or with third-party service providers who support recruiting, background checks, and applicant tracking systems. We retain this data only as long as necessary for the hiring process, as required by our internal policies, or as required by law.

HOW WE COLLECT AND USE PERSONAL DATA

4. HOW WE COLLECT PERSONAL DATA

We collect personal data through multiple sources and methods, including:

  • Contractual relationships – Information you provide or that is generated in connection with agreements or legal relationships you enter into with RHEI, including Content Provider Agreements, licensing arrangements, onboarding forms, or collaborations with partners and sponsors to promote or represent you
  • Direct interactions – When you provide data directly to us via forms, registration, electronic communications, telephone, uploads, surveys, support requests, or product usage.
  • Automated technologies – Through cookies, pixels, device logs, and usage analytics.
  • Third-party integrations – Including platforms and tools such as YouTube, Google, OpenAI, TikTok, Meta and other providers that support platform features, account integrations, AI functionality, or personalization.
  • RHEI-operated support sessions – We may record support, onboarding, or diagnostic sessions (with notice) for internal use.
  • Publicly available or licensed sources – Such as social platforms, channel metadata, or industry directories.

We may also enhance our user records with professional or contact information collected or licensed from reputable third-party providers. This may include details such as names, email addresses, company affiliations, roles or titles, or social media profiles. We use this information to support outreach, business development, market analysis, or to better personalize services or recommendations. Where we collect or use personal data for outreach purposes, we will provide notice of processing at the time of first contact or as soon as reasonably practicable, as required by applicable law.

You are solely responsible for ensuring that any information or content you provide or make accessible to RHEI—whether through a RHEI platform, via a contractual relationship, or by authorizing access from a third-party service—complies with applicable laws, does not infringe third-party rights, and includes any necessary permissions or consents (e.g., for biometric or personal data)

5. PLATFORM-LINKED ACCOUNT DATA AND THIRD-PARTY PLATFORM INTEGRATIONS

When you choose to connect a third-party social media, video, creator, music or other platform to Made or another RHEI service, including TikTok, YouTube, Meta products such as Facebook, Instagram, Spotify, or other supported platforms, we may receive, store, and process information from that platform through official APIs, OAuth permissions, platform permissions, or authorized partner tools. We use this information to provide the connected features and services you request; to display the connected account; to support publishing, analytics, content-management, rights-management, reporting, insights, sponsorship matching, content licensing, and related RHEI services; maintain the security and functionality of the integration; and to comply with applicable law, platform terms, and our agreements with you.

We use OAuth or similar authorization mechanisms provided by the applicable platform to connect you with Made and RHEI services. You may disconnect a platform account at any time through your Made account settings, where available, or by contacting us at privacy@rhei.com. You may also revoke RHEI’s access directly through the applicable third-party platform’s account, privacy, security, or app-permissions settings where available.

TikTok

If you connect your TikTok account to our services, we may receive and process TikTok account information and authorization data, depending on the permissions you grant and the TikTok APIs we use, including:

  • TikTok account identifiers such as Open ID and Union ID;
  • profile information such as display name and avatar;
  • username, profile link, follower count, following count, likes count, video count, or similar profile or statistics information, only where you have authorized the applicable TikTok scopes and the information is made available to us by TikTok;
  • OAuth access tokens, refresh tokens, authorization scopes, and related authorization records that allow us to provide the TikTok integration;
  • creator information and publishing settings returned by TikTok, including available privacy options, account posting eligibility, interaction settings, and related publishing constraints; and
  • status information, error messages, and logs relating to content you choose to publish to TikTok through our services.

We use TikTok data to:

  • display your connected TikTok account inside Made so you can confirm which TikTok account you are using;
  • allow you to publish videos or other supported content to TikTok through TikTok’s official Content Posting API when you expressly choose to do so, such as by clicking “Publish to TikTok” or a similar confirmation;
  • retrieve current creator and publishing information before publication to display only the privacy, interaction, and publishing options that TikTok makes available for your account at that time;
  • confirm publishing status and troubleshoot publishing failures; and
  • maintain the security and integrity of the TikTok integration.

We do not use TikTok access tokens or non-public TikTok account data for advertising, profiling, or analytics outside of Made. We do not publish, schedule, or auto-publish TikTok content without an explicit user action. We do not retain a copy of content solely because it was transmitted to TikTok for publication after the publication process is complete, except where the same content is otherwise stored in your Made workspace, project history, chat history, logs, backups, or account records as described in this Privacy Policy or as required for legal, security, or operational purposes.

TikTok access tokens and related TikTok account identifiers are retained only while your TikTok integration remains connected or as otherwise necessary to provide the TikTok integration. When you disconnect TikTok from our services, revoke access through TikTok, or delete your account with us, we will delete or de-identify TikTok tokens and related TikTok account identifiers from our active systems within 30 days, unless a shorter period is required by applicable law or platform policy, or unless retention is necessary for security, fraud prevention, dispute resolution, or legal compliance.

You can disconnect TikTok at any time from your Made account settings, where available, by contacting privacy@rhei.com, or by revoking our access from your TikTok account settings. Your use of TikTok through our services is also governed by TikTok’s own terms and privacy policy, including:

  • TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy
  • TikTok Terms of Service: https://www.tiktok.com/legal/terms-of-service

YouTube API Services

Made and other RHEI services use YouTube API Services. For purposes of this section, “YouTube API Services” means the YouTube API services made available by YouTube, including the YouTube Data API, YouTube Analytics API, YouTube Reporting API, and related YouTube API services. “YouTube API Data” means data, content, including audiovisual content, and information provided to Made or another RHEI API client through YouTube API Services. “YouTube Authorized Data” means YouTube API Data that you expressly authorize Made or another RHEI service to access or use through your Google or YouTube user credentials.

If you connect your YouTube account or authorize access to YouTube data, we may access, collect, store, and process YouTube API Data and other account-related information made available through YouTube API Services, depending on the permissions you grant and the YouTube features you use, including:

  • YouTube channel identifiers, channel name, channel metadata, thumbnails, and account information;
  • video metadata, playlists, comments, captions, content status, and other channel or content information made available through YouTube API Services;
  • performance, analytics, reporting, monetization, revenue, viewership, and audience-related metrics, where authorized and available; and
  • information needed to publish, upload, manage, optimize, analyze, or report on YouTube content where you have authorized those features.

We may also process YouTube authorization tokens, OAuth access tokens, refresh tokens, authorization scopes, and related authorization records to provide user-authorized YouTube integration features.

We use YouTube API Data to:

  • connect, authenticate, and display your YouTube account or channel inside Made or another RHEI service;
  • provide YouTube-related features you request, such as channel management, analytics, reporting, optimization, rights-management, publishing, upload, content-management, and performance-insight tools;
  • identify the YouTube channel or content owner associated with a user-authorized action;
  • carry out actions that you expressly authorize, such as uploading, publishing, updating, or managing YouTube content or metadata;
  • generate platform-specific recommendations, workflow assistance, and performance insights where permitted by the YouTube API Services Terms of Service and Developer Policies, and where consistent with the permissions you have granted;
  • troubleshoot, secure, and maintain the YouTube integration; and
  • comply with applicable law, YouTube API Services Terms of Service, YouTube API Services Developer Policies, and our agreements with you.

Where we display RHEI-generated recommendations, workflow suggestions, or other non-YouTube metrics alongside YouTube API Data, those items are generated by RHEI and are not YouTube API Data.

We do not sell YouTube API Data. We do not use YouTube API Data for secondary purposes that are not disclosed in this Privacy Policy or authorized by you. We share YouTube API Data only with RHEI personnel, affiliates, service providers, and approved agents who need it to provide the YouTube-related features or services you request, or as otherwise authorized by you, required by law, or permitted by the YouTube API Services Terms of Service and Developer Policies.

In addition to RHEI’s normal privacy-rights request process, you can revoke RHEI’s access to your YouTube Data through your Google account security or third-party connections settings, including at: https://security.google.com/settings/security/permissions. You may also disconnect YouTube through Made account settings, where available, or contact us at privacy@rhei.com to request deletion of stored YouTube API Data associated with your account.

When you disconnect YouTube, revoke access through Google, delete your Made account, or request deletion of stored YouTube API Data, we will delete stored YouTube Authorized Data associated with that authorization as soon as possible and process your request within 7 calendar days unless retention is required or permitted for legal, security, fraud-prevention, dispute-resolution or compliance purposes.

If you revoke access through your Google account security or third-party connections settings, we will stop accessing the affected YouTube data and delete YouTube API Data associated with the revoked authorization as soon as possible and within the period required by the YouTube API Services policies. We periodically verify whether YouTube authorization tokens remain valid and delete YouTube API Data associated with authorizations that can no longer be refreshed.

Deleting data stored by RHEI does not delete data stored by YouTube. To delete content or data from YouTube itself, you must use YouTube’s own tools or another authorized client that supports deletion from YouTube.

For stored YouTube API Data that is not otherwise deleted, we refresh, update, or delete the data at least every 30 calendar days, unless the applicable YouTube API Services policies permit a longer storage period and we continue to verify at least every 30 calendar days that the authorization remains valid and the underlying YouTube data has not been deleted or changed. YouTube authorization tokens are retained only for as long as necessary to provide user-authorized YouTube integration features, consistent with your authorization and applicable law.

Your use of YouTube through Made or another RHEI service is also governed by YouTube’s and Google’s applicable terms and policies, including:

  • YouTube Terms of Service: https://www.youtube.com/t/terms
  • Google Privacy Policy: http://www.google.com/policies/privacy
  • YouTube API Services Terms of Service: https://developers.google.com/youtube/terms/api-services-terms-of-service
  • YouTube API Services Developer Policies: https://developers.google.com/youtube/terms/developer-policies

Meta products, including Facebook and Instagram

If you connect a Meta product, such as a Facebook Page, Instagram business or creator account, or other Facebook or Instagram account, to Made or another RHEI service, we may receive and process information made available by Meta through its APIs and platform permissions, depending on the features you use and permissions you grant. This may include account, Page, profile, business, or creator identifiers; usernames, display names, profile or Page information; media and content metadata; comments, engagement, audience, insights, performance, or reporting data; publishing status; authorization tokens; permission scopes; and related authorization records.

We use this data to provide the connected features or services you request; verify account identity and eligibility; display the connected account; access and display performance data; retrieve platform information; support publishing, reporting, content licensing, rights-management, or account/channel-management workflows where available; generate insights and platform-specific recommendations where permitted; match creators with branded opportunities and sponsorships where authorized; troubleshoot and maintain the integration; and fulfill our agreements with you.

You may disconnect Meta products through Made account settings, where available, by contacting us at privacy@rhei.com, or by revoking access through the applicable Facebook, Instagram, or Meta account, business, privacy, security, or app-permissions settings. You may request deletion of Meta platform data associated with your Made account by contacting privacy@rhei.com. Your use of Meta products is also governed by Meta’s applicable terms and privacy policies.

Other Supported Platforms

Except as otherwise described above for TikTok and YouTube, if you connect another supported third-party platform to Made or another RHEI service, we may receive and process platform-linked account data, authorization tokens, account identifiers, profile, page, channel or account information, content metadata, performance metrics, audience insights, comments, engagement data, and other information made available through the applicable platform, depending on the features you use, the permissions you grant, the applicable APIs, and any written agreement between you and RHEI.

We use this data to provide the connected features or services you request; verify account identity and eligibility; display the connected account; access and display performance data; retrieve platform information; support publishing, reporting, content licensing, rights-management, or channel-management workflows where available; generate insights and platform-specific recommendations; match creators with branded opportunities and sponsorships; maintain the security and functionality of the integration; and fulfill our agreements with you.

We process and share platform-linked data only as described in this Privacy Policy, as authorized by you, as permitted by the relevant platform’s terms and permissions, as necessary to provide the applicable RHEI services, or as required by law. You may disconnect supported platforms through Made account settings, where available, by contacting us at privacy@rhei.com, or by revoking access through the applicable third-party platform’s account, privacy, security, or app-permissions settings.

Where a platform-specific section in this Privacy Policy provides additional or more restrictive terms, that platform-specific section will apply to our processing of data from that platform.

6. USE OF PERSONAL DATA

We use personal data for the following purposes:

  • To deliver and operate our services, including diagnostic support, onboarding, and personalized system responses
  • To send marketing communications, newsletters, or event invitations where consent has been provided or permitted by law
  • To generate deidentified insights or analytics derived from your content, activity, or use of a platform
  • To personalize your experience and surface relevant opportunities (e.g., sponsorships, integrations, partner campaigns)
  • To improve and evaluate our AI models
  • For analytics and performance tracking
  • To manage payments and contracts
  • To fulfill our rights or obligations under content licensing agreements, including distributing authorized content to third-party partners or platforms
  • To send communications, alerts, product updates, or marketing materials, where consented or permitted by law
  • To detect and prevent fraud or security threats
  • To verify your identity, geographic eligibility, or legal status where required for certain features (e.g., monetization, financial disbursements, age-sensitive tools)
  • To comply with legal obligations, including financial reporting, content licensing, or intellectual property enforcement
  • To measure the effectiveness of advertising or promotional campaigns displayed on or through RHEI-licensed or operated content using standard tracking tools (e.g., pixels, web beacons, or ad performance frameworks)

7. LEGAL BASIS FOR PROCESSING PERSONAL DATA

Some jurisdictions require organizations to identify a legal basis for processing personal data. Depending on the nature of the data, the relationship between RHEI and the individual, and the applicable legal framework (e.g., GDPR, CPRA, PIPEDA), more than one legal basis may apply. We rely on the following bases to process personal data:

These include:

  • Consent – Where required by law, we will seek clear and informed consent before processing personal data. This may apply, for example, when placing cookies, sending marketing communications, or collecting optional demographic information. In some jurisdictions, consent may be implied based on your use of our services, your relationship with RHEI, or where the purpose is obvious and the individual has voluntarily provided the data. In other cases, we may rely on consents obtained by a third party (such as a licensor, partner, or platform) who is legally authorized to share that data with us. Where required, we rely on your consent to send marketing emails or newsletters. You may withdraw this consent at any time by clicking the unsubscribe link or contacting us.
  • Contractual necessity – We process personal data when it’s needed to fulfill a contract with you, or to take steps at your request before entering into a contract (e.g., to provide services, manage your account, or issue payments). In some cases, we may also process personal data under contracts we have with another party (e.g., a creator or content licensor), where doing so is necessary to fulfill our obligations or exercise rights under that agreement.
  • Legal obligations – We may process personal data to comply with laws, regulations, or other legal requirements. This includes obligations related to fraud prevention, tax reporting, financial disclosures, identity verification (e.g., Know Your Customer or KYC checks), child safety and protection, intellectual property enforcement, or transparency disclosures required under AI or privacy laws, as well as contractual reporting requirements tied to our licensing or partnership agreements.
  • Legitimate interests – In some cases, we process personal data because it supports a legitimate interest of RHEI or our partners, provided your privacy rights are not overridden. This may include operating and improving our services; protecting against fraud, abuse, or legal risk; analyzing platform use and user engagement; matching creators with relevant brands or sponsorship opportunities; developing new features; enriching records from public or third-party sources for outreach or personalization purposes; or collecting publicly available data from reputable or open sources, in accordance with applicable law and platform terms.

AI AND AUTOMATION

8. AI PRACTICES AND AUTOMATED PROCESSING

Our Made platform and other services use AI to assist creators with a wide range of content development and optimization tasks. These may include:

  • Generating visual assets, written text, and audio from user-submitted prompts
  • Personalizing interactions with AI agents based on usage context and preferences
  • Translating, summarizing, or reformatting content
  • Suggesting audience engagement strategies or publishing workflows

Prompts and generated outputs may be stored and reviewed to refine your user experience and improve system performance. In some cases, RHEI may use internal fine-tuning techniques such as LoRA (Low-Rank Adaptation) to optimize specific features—such as generating thumbnails or refining AI outputs—without modifying the underlying model. These models are trained exclusively on RHEI-controlled systems. We use third-party tools to support these AI-powered features, including orchestration platforms, search integrations, translation engines, and large language models. These may include OpenAI, Google Gemini, LangChain, and other providers.

Our AI features may involve automated processing or decision-making (e.g., recommending a thumbnail, drafting commentary, conducting polls and surveys or identifying content tags), but ultimate control over publishing or content use remains with the user.

If you interact with our agentic tools, those interactions are logged for consistency, safety, and product improvement.

You may not currently opt out of reuse of your prompts or outputs.

AI Law and Transparency

We are committed to meeting applicable legal obligations related to transparency, fairness, and responsible AI use. We use AI strictly to support user-facing functionality (e.g., content generation, metadata suggestions, platform recommendations), and not to make automated decisions that have legal or similarly significant effects on individuals. Where required by law we will provide additional disclosures or notices regarding AI system capabilities, limitations, and data usage.

Disclaimer on AI Output Accuracy

AI-generated content may occasionally contain errors, inaccuracies, or “hallucinations” (outputs that appear plausible but are factually incorrect or fabricated). These outputs are generated by probabilistic systems and are not reviewed in real time. While we strive to improve quality and reliability, you should not rely solely on AI-generated outputs for decisions that may have legal, financial, reputational, or personal consequences. We encourage users to review and evaluate AI-generated outputs carefully and to apply human judgment before relying on such outputs for consequential decisions.

SHARING, TRANSFERS, AND RETENTION

9. DISCLOSURE AND SHARING

We may share personal data in the following circumstances:

  • With your consent – Where legally required, we will seek your opt-in consent before sharing any sensitive personal data (e.g., medical, biometric, financial, or self-identified demographic data).
  • With service providers – We share data with vendors who support our business operations (e.g., hosting, analytics, customer support, payment processing, translations). These providers are bound to use data only as needed to deliver their services.
  • With joint operators, brand partners, or advertisers – For co-managed programs, monetization support, sponsorship matching, or advertising or branded entertainment campaigns.
  • With partners verifying your affiliation – For example, to confirm your participation in a network, advertising or brand campaign, or third-party service powered by RHEI.
  • For brand safety or compliance purposes – We may share channel or video data and related trust and safety signals with advertisers, brands or platforms to assess eligibility for campaigns or partnerships.
  • To facilitate user-authorized transactions or programs – Including data-sharing initiated by your direct participation in RHEI features, integrations, or external opportunities.
  • To resolve disputes or act on your behalf – Including when a representative or agent is authorized to communicate with us on your behalf.
  • To comply with legal obligations – Including lawful requests from courts, regulators, or enforcement authorities.
  • For fraud prevention and security protection – To prevent abuse, unauthorized use, or threats to our systems, services, or community.
  • In the context of a business transaction – If RHEI is involved in a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred in accordance with the terms of the business transaction or applicable law.

We also share aggregated, non-identifiable data (which cannot reasonably be linked back to an individual) for analytics, marketing, and performance improvement purposes.

Additionally, RHEI may sublicense licensed audiovisual content to third-party AI developers under a Data Pro Agreement or similar arrangement. While this licensing is limited to content authorized by the licensor, it may include elements that qualify as personal data under applicable law (e.g., facial images, voice recordings, or biometric or descriptive metadata). These arrangements are subject to contractual safeguards, including transparency requirements, usage limitations, and compliance with data protection laws. RHEI requires licensors to obtain all necessary rights and consents before submitting content for these purposes.

Note: If your personal data is included in content submitted to RHEI by another party (e.g., a licensor or brand partner), you may not be able to limit certain forms of sharing or reuse that are contractually permitted or legally authorized.

10. INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred to or stored in jurisdictions outside your province, state, or country of residence, including the United States and Canada. These transfers may be necessary for us to operate our services, engage vendors, or fulfill contractual obligations.

Where required by law we implement appropriate safeguards before making such transfers. These may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTA)
  • Transfers to countries deemed to provide adequate protection by regulatory authorities.

11. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to operate and improve our websites, apps, and services. These may include:

  • Essential cookies – Required for basic site functionality such as login sessions, navigation, or storing user preferences.
  • Performance and analytics cookies – Used to understand how visitors use our services, which helps us improve performance, troubleshoot issues, and develop new features.
  • Functional cookies – Help remember choices you make, such as language settings or region.
  • Advertising and measurement technologies – May be used to understand the effectiveness of campaigns, including the use of tags, pixels, or cookies. These may also be used by RHEI or our partners to understand how you interact with content and advertisements across platforms.

We may use cookies, web beacons, JavaScript, and similar technologies to analyze trends, administer our services, monitor engagement, and gather broad demographic information. You can manage your cookie preferences through your browser settings. You may also opt out of certain types of tracking used for interest-based advertising by visiting opt-out tools provided by industry groups, such as:

  • Network Advertising Initiative
  • Digital Advertising Alliance
  • Your Online Choices (EU users)

Please note that these opt-outs are device- and browser-specific. Disabling or clearing cookies may impact the functionality of certain features or your user experience.

12. DATA RETENTION

We retain personal data as long as reasonably necessary to fulfill the purposes described in this policy, including for business operations, legal compliance, dispute resolution, or security and fraud prevention. Our retention periods may vary depending on the nature of the data, our relationship with you, and the legal or regulatory context.

If you are an active customer or user, we generally retain your data for the duration of your engagement with RHEI. We do not delete personal data while your account or contractual relationship remains active, unless required by law or unless explicitly agreed otherwise. Once the relationship ends, we retain personal data in accordance with internal retention policies and legal obligations, and may delete or anonymize it after those periods expire.

Where RHEI acts on behalf of a partner (such as a brand or licensor), we may retain and manage data in accordance with the retention requirements or instructions of that partner. In such cases, requests regarding data deletion should be directed to the relevant data owner where appropriate.

The platform-specific retention, deletion, refresh, and revocation periods described in Section 5 apply to connected-platform data even where those periods are shorter or more specific than the general retention periods in this Section 12.

13. DATA SECURITY

We use a combination of physical, technical, and organizational safeguards to help protect personal data from unauthorized access, use, or disclosure. These safeguards may include encryption in transit, access controls, logging, multi-factor authentication, and secure server environments. Personal data is stored on infrastructure that is monitored and access-controlled to protect against misuse.

We also maintain internal policies and employee training programs designed to ensure personal data is handled responsibly and in accordance with applicable law. While no system can guarantee complete security, we take commercially reasonable steps to protect the data we hold.

Users are responsible for maintaining the confidentiality of their login credentials and should use secure authentication methods.

YOUR RIGHTS AND SPECIAL POPULATIONS

14. YOUR RIGHTS AND HOW TO EXERCISE THEM

Depending on your location and applicable laws, you may have certain rights over your personal data. These may include the right to:

  • Access the personal data we hold about you
  • Correct or update inaccurate or incomplete information
  • Delete or request erasure of your personal data
  • Object to or restrict certain types of processing (e.g., for marketing)
  • Withdraw consent for processing where consent is the legal basis
  • Request data portability, allowing you to receive your data in a usable format
  • Opt out of sales or sharing of your data, as defined by applicable laws
  • Designate an authorized agent to exercise your rights on your behalf
  • Lodge a complaint with a supervisory authority in your jurisdiction

To exercise these rights, please contact us at privacy@rhei.com or at the contact details below. We may need to verify your identity before processing certain requests, and reserve the right to deny a request where we are unable to authenticate the request or where legally permitted to do so. If an authorized agent makes a request on your behalf, we may require additional information to verify their authority.

For connected-platform data, you may also disconnect the relevant integration through Made account settings, where available, revoke access through the applicable third-party platform’s own account or security settings, or contact us at privacy@rhei.com for assistance with deletion of stored connected-platform data.

You may unsubscribe from marketing emails or newsletters by clicking the “unsubscribe” link at the bottom of our emails or by contacting us at privacy@rhei.com. You will continue to receive essential service-related emails related to your account or transactions.

We aim to respond to rights requests within the time period required by applicable law. In some cases, we may decline to fulfill a request if it would interfere with legal obligations, impact the rights of others, or where we are otherwise permitted by law to deny the request.

Please note that in some cases, access may be restricted as permitted or required by applicable law, including where responding would reveal legal privilege, compromise the rights of others, or violate confidentiality obligations. If applicable, we will inform you of the reasons for denying or limiting access, subject to any legal or regulatory requirements.

15. CHILDREN’S DATA

We do not knowingly collect or process personal data from children who do not have the legal capacity to consent under applicable law (e.g., under age 13 in the U.S., or under the age of digital consent or majority in other jurisdictions). If we become aware that personal data has been collected from a child without verified parental or legal guardian consent, we will take steps to delete that data or obtain proper authorization.

Where minors are permitted to use our services or enter into agreements with RHEI, such use is only allowed with the consent and signature of a parent or legal guardian or pursuant to a court order, and only the minimum data necessary is collected.

Parents or legal guardians may request that we disclose, correct, delete, or restrict processing of their child’s personal data by contacting privacy@rhei.com.

16. JURISDICTION-SPECIFIC RIGHTS AND DISCLOSURES

Some jurisdictions grant additional privacy rights or require specific disclosures. These apply in addition to the rights and practices described in this Policy.

California (CCPA/CPRA):

You have certain rights regarding the personal information we collect or maintain about you. Please note these rights are not absolute, and there may be cases where we deny your request if permitted by law. These rights include:

  • Right of access – to request what personal information we have collected and maintained about you in the past 12 months.
  • Right of deletion – to request that we delete personal information, subject to certain exceptions.
  • Right of correction – to request correction of inaccurate personal information.
  • Right to information – to request information about the categories of personal data we disclose to third parties for their direct marketing purposes.
  • Right to limit the use of sensitive personal information – to request that we limit use of sensitive personal information (e.g., payment info) to necessary purposes. We do not collect or process sensitive personal information to infer characteristics.
  • Right to appeal – to challenge any decision denying your privacy rights.
  • Right to non-discrimination – to be free from discriminatory treatment for exercising your privacy rights.
  • Right to opt-out of the “sale” or “sharing” of personal information. Under the CCPA, “sale” or “sharing” may include disclosing personal information to third parties in exchange for monetary or other valuable consideration, including for cross-context behavioral advertising. RHEI does not sell or share your personal information in this way.
  • Right to opt out of targeted advertising and “Do Not Track” requests – While RHEI does not currently process browser-based Do Not Track or Global Privacy Control signals, you may opt out of cross-context behavioral advertising or tracking-based disclosures by emailing us at privacy@rhei.com.

You may exercise your rights by contacting us or authorizing an agent to make requests on your behalf. We may verify your identity before processing your request. If an authorized agent makes a request, we may ask for proof of their authority and confirm your identity directly.

We do not knowingly “sell” or “share” Personal Data of children under 16 years of age.

European Economic Area (EEA) / UK:

  • If you are located in the EEA or UK, you may exercise the full set of data subject rights under GDPR or UK GDPR.
  • You may also lodge a complaint with your local data protection authority. Contact details for major authorities include:
    • UK Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/
    • EEA Supervisory Authorities: https://edpb.europa.eu/about-edpb/board/members_en

Canada (PIPEDA / Law 25):

  • You may request access to or correction of your personal data, or withdraw consent, subject to legal or contractual limitations.
  • If you are located in Québec, Law 25, which imposes additional privacy and governance requirements, including consent, data minimization, and transparency obligations.
  • You may also contact the Office of the Privacy Commissioner of Canada with complaints: https://www.priv.gc.ca/en/about-the-opc/contact-the-opc/

If you reside in a jurisdiction with additional legal rights not addressed above, you may contact us at privacy@rhei.com.

17. UPDATES TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy from time to time. We will post any changes to this Privacy Policy on this web page, and if the changes are significant, we will post a more prominent notice on this page or we will directly send you a notification. You agree that your continued use of our products or services after notice of such change shall constitute your acceptance of the Privacy Policy. You agree to review this Privacy Policy regularly in order to inform yourself of the terms and conditions of this Privacy Policy and any modifications to the Privacy Policy. Where required by applicable law or third-party platform policy, we may ask you to review and accept updated disclosures before you continue using a connected-platform integration.

18. CONTACT INFORMATION

If you have any questions, comments or concerns about this Privacy Policy, or if you would like to exercise your rights over control and usage of your data, please contact us at privacy@rhei.com, or using the contact details below:

Our Privacy Officer/Data Protection Officer is responsible for ensuring our compliance with this Privacy Policy and all relevant privacy laws.

Privacy Office

600 - 777 Hornby St.

Vancouver BC V6Z 1S4

Canada

1-604-787-3508

privacy@rhei.com