Privacy Policy
Last updated: June 14, 2026
ReachHQ is operated by 13838269 Canada Inc. (“ReachHQ”, “we”, “us”, “our”). This policy explains what personal information we collect through reachhq.io and the ReachHQ application (together, the “Service”), how we use it, who we share it with, and the choices and rights you have.
1. Who we are & how to contact us
The data controller for your account information is 13838269 Canada Inc., [registered office address]. For privacy questions, requests, or to reach our privacy contact, email privacy@reachhq.io.
2. The information we collect
Information you give us
- Account & profile — name, work email, password (hashed), company, role, timezone, and workspace settings.
- Billing — plan, subscription status and billing contact. Card details are collected and processed directly by our payment processor (Stripe); we do not store full card numbers.
- Content & prospect data — the leads, contact lists, email content, sequences, mailbox connections and replies you create, upload, reveal or send through the Service.
- Support & communications — messages you send us and their contents.
Information we collect automatically
- Usage & device data — IP address, browser and device type, pages viewed, actions taken, and timestamps, collected via logs and analytics.
- Cookies & similar technologies — used for authentication, preferences, security (e.g. Cloudflare Turnstile bot protection) and analytics. See section 9.
3. How we use information
- Provide, operate, secure and improve the Service;
- Authenticate you and protect against fraud, abuse and spam;
- Process payments and manage your subscription;
- Send service, security and transactional messages;
- Provide support and respond to your requests;
- With your consent where required, send product news and marketing (you can opt out at any time);
- Comply with legal obligations and enforce our terms.
4. Legal bases (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to deliver the Service); legitimate interests (to secure, improve and market the Service in a balanced way); consent (for certain cookies and marketing); and legal obligation (to meet our legal duties).
5. Your data vs. your prospects’ data
For your account information, ReachHQ is the controller. For the prospect and recipient data you upload, reveal, enrich or email through the Service, you are the controller and ReachHQ acts as your processor, handling that data on your instructions under our Terms and Data Processing Addendum. You are responsible for having a lawful basis to contact the people you reach through ReachHQ. A DPA is available on request at privacy@reachhq.io.
6. How we share information
We share personal information only as described here. We do not sell it.
- Service providers (subprocessors) who help us run the Service, under contract and only as needed — for example: Stripe (payments), Cloudflare (security/CDN), OVHcloud (hosting), MongoDB Atlas (database), Google & Microsoft (mailbox/OAuth where you connect them), and error/performance monitoring providers. The current list is available on request.
- Legal & safety — when required by law or to protect rights, safety and the integrity of the Service.
- Business transfers — in connection with a merger, acquisition or sale of assets, subject to this policy.
7. International transfers
We are based in Canada and use providers that may process data in Canada, the United States and elsewhere. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses for transfers out of the EEA/UK.
8. Retention
We keep personal information for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, accounting or reporting obligations. You can request deletion as described below; some data may be retained where we have a legal basis to do so.
9. Cookies & analytics
We use strictly necessary cookies for login and security, and (where you consent) analytics such as Google Analytics 4 and PostHog to understand usage. Cloudflare Turnstile may run to distinguish humans from bots on our forms. You can control cookies through your browser; blocking some may affect functionality.
10. Your rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, to object to certain processing, and to withdraw consent. California residents may request access or deletion and may opt out of “sale” or “sharing” — we do not sell or share personal information as those terms are defined under the CCPA/CPRA. To exercise any right, email privacy@reachhq.io. We will not discriminate against you for exercising your rights.
11. Security
We use technical and organizational measures — encryption in transit, encryption of sensitive credentials at rest, access controls and monitoring — to protect personal information. No method of transmission or storage is perfectly secure, but we work to protect your data and to notify you and regulators of incidents where required.
12. Children
The Service is for business use and is not directed to children. We do not knowingly collect personal information from anyone under 16.
13. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the “Last updated” date; material changes will be communicated where appropriate.
14. Contact
13838269 Canada Inc. (ReachHQ) · [registered office address] · privacy@reachhq.io