What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR (Regulation 2016/679) for EU/EEA users, UK GDPR for UK users, and CCPA/CPRA for California residents. BeReal's operating entity (Vibe SAS, headquartered in Paris) falls under primary CNIL oversight, with Article 27 GDPR representation obligations for non-EU data subjects. The policy's advertising data flows may require evaluation under the ePrivacy Directive and its forthcoming Regulation, particularly regarding cookie consent and behavioural t…

How does BeReal's BeReal Privacy Policy affect users?

The policy establishes that location data, device identifiers, and dual-camera photos captured at randomized intervals are collected as part of app operation and may be disclosed to advertising partners and third-party service providers. Users in the EU, UK, and California may submit requests to access, delete, or restrict processing of their personal data by contacting the privacy team, and EU and UK residents may lodge complaints with their respective data protection authorities.

How often is BeReal's BeReal Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when BeReal updates this document?

Yes. Watcher subscribers ($9.99/month) can add BeReal to their watchlist and receive same-day email alerts whenever this document or any other BeReal document changes.

CA-D-000250

BeReal Privacy Policy

BeReal

Last change detected May 11, 2026 Privacy policy

SHA-256: eb27f991e0798553f4b… 3 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at BeReal ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

4 High severity

4 Medium severity

0 Low severity

Summary

This document establishes BeReal's practices for collection, use, and sharing of personal information generated through the app's operation. The policy authorizes collection of location data, device identifiers, dual-camera imagery captured on randomized intervals, and usage analytics, with provisions permitting disclosure to advertising partners and third-party service providers. The document specifies data subject rights for EU, UK, and California residents, including access, deletion, and restriction requests exercisable through the privacy team.

Technical / Legal Breakdown

This document is BeReal's privacy policy, governing the collection, use, and disclosure of personal data by Vibe (the company operating BeReal) from users of its social media application, with its legal basis rooted in consent, contractual necessity, and legitimate interests as applicable under GDPR and comparable frameworks. The policy states that BeReal collects a broad range of personal data including device identifiers, location data, camera and microphone access, usage patterns, and user-generated content (dual-camera photos), and the terms authorize sharing this data with third-party service providers, advertising partners, and in connection with corporate transactions such as mergers or acquisitions. Notably, BeReal's core product mechanism requires simultaneous front and back camera capture, meaning the policy governs a structurally unique dual-image capture flow that inherently produces biometric-adjacent facial imagery at unpredictable intervals, a feature that is operationally distinct from most social platforms and may create heightened exposure under state biometric privacy laws such as the Illinois Biometric Information Privacy Act. The policy engages GDPR for EU/EEA users, the UK GDPR post-Brexit, CCPA/CPRA for California residents, and potentially COPPA given the platform's youth-skewing demographic, with BeReal's French operational base (Vibe SAS, Paris) placing primary regulatory oversight under the CNIL and Article 27 GDPR representational requirements. Material compliance considerations include the adequacy of consent mechanisms for minors, the lawfulness of location data processing, and whether advertising data flows satisfy GDPR's legitimate interests or consent requirements under applicable ePrivacy rules.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

3 versions captured · Last updated: May 2026

May 11, 2026

low

What changed BeReal updated its Privacy Policy on May 11, 2026 by removing redundant navigation elements and modifying footer language. The updated policy now includes explicit disclosure that analytics cookies are used to measure audience, analyze product usage, and improve the website, and states that continued use of the site constitutes agreement to this cookie use with a reference to the Cookie Policy. This adds a consent statement connected to cookie usage that was not present in the previous version.

Why this matters The updated Privacy Policy now includes a statement that BeReal uses analytics cookies to measure audience, analyze product usage, and improve the website. The revised language states that by staying on the website, you agree to this cookie use and can find additional details in the Cookie Policy. This makes the cookie practice more explicit than the previous version, though it does not introduce new tracking practices, only clearer disclosure of existing ones.

View full change record →

High — 4 provisions

Dual-Camera Simultaneous Image Capture

Every time you post a BeReal, the app takes a photo from both your front camera (your face) and your rear camera (your surroundings) at the same moment, and both images along with time and location data are saved by the company.

Added May 8, 2026 Rare
Location Data Collection Compare →

BeReal collects your precise location when you use the app and may share that location information with third-party partners for service and advertising purposes.

Added May 10, 2026 Standard Seen across 251 platforms
Third-Party Advertising Partner Data Sharing Compare →

BeReal can share your personal data with advertising companies so they can show you targeted ads, and those advertising companies then handle your data under their own separate privacy rules.

Added May 10, 2026 Standard Seen across 246 platforms
Minors and Age Restrictions Compare →

BeReal says it is not for children under 13 and that users aged 13 to 17 need a parent or guardian's consent, but the platform does not describe a technical age verification mechanism.

Added May 10, 2026 Standard Seen across 262 platforms

Medium — 4 provisions

User Rights for EU, UK, and California Residents

If you live in the EU, UK, or California, you have specific legal rights over your personal data, including the ability to ask BeReal to show you, correct, delete, or transfer your data, or to stop certain uses of it.

Added May 10, 2026 Rare
Corporate Transaction Disclosure

If BeReal is sold, merges with another company, or goes through a major corporate change, your personal data including your photos and location history can be transferred to the new owner.

Added May 10, 2026 Rare
Data Retention Compare →

BeReal keeps your data for as long as needed to run the service and meet legal requirements, and will delete or anonymise it when you close your account, unless a law requires them to keep it longer.

Added May 8, 2026 Standard Seen across 223 platforms
Cookies and Tracking Technologies Compare →

BeReal and its advertising partners use cookies and tracking pixels on its services to monitor your behaviour and use that information to show you targeted ads.

Added May 10, 2026 Standard Seen across 251 platforms