Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes BeReal's practices for collection, use, and sharing of personal information generated through the app's operation. The policy authorizes collection of location data, device identifiers, dual-camera imagery captured on randomized intervals, and usage analytics, with provisions permitting disclosure to advertising partners and third-party service providers. The document specifies data subject rights for EU, UK, and California residents, including access, deletion, and restriction requests exercisable through the privacy team.
This document is BeReal's privacy policy, governing the collection, use, and disclosure of personal data by Vibe (the company operating BeReal) from users of its social media application, with its legal basis rooted in consent, contractual necessity, and legitimate interests as applicable under GDPR and comparable frameworks. The policy states that BeReal collects a broad range of personal data including device identifiers, location data, camera and microphone access, usage patterns, and user-generated content (dual-camera photos), and the terms authorize sharing this data with third-party service providers, advertising partners, and in connection with corporate transactions such as mergers or acquisitions. Notably, BeReal's core product mechanism requires simultaneous front and back camera capture, meaning the policy governs a structurally unique dual-image capture flow that inherently produces biometric-adjacent facial imagery at unpredictable intervals, a feature that is operationally distinct from most social platforms and may create heightened exposure under state biometric privacy laws such as the Illinois Biometric Information Privacy Act. The policy engages GDPR for EU/EEA users, the UK GDPR post-Brexit, CCPA/CPRA for California residents, and potentially COPPA given the platform's youth-skewing demographic, with BeReal's French operational base (Vibe SAS, Paris) placing primary regulatory oversight under the CNIL and Article 27 GDPR representational requirements. Material compliance considerations include the adequacy of consent mechanisms for minors, the lawfulness of location data processing, and whether advertising data flows satisfy GDPR's legitimate interests or consent requirements under applicable ePrivacy rules.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial3 important changes detected
5 versions captured · Last updated: June 2026
BeReal updated its Privacy Policy on May 11, 2026 by removing redundant navigation elements and modifying footer language. The updated policy now includes explicit disclosure that analytics cookies are used …
View change record →Monitoring
BeReal has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Contact List Collection and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.