Back to Home

Privacy Policy

Last updated: December 3, 2025

Introduction

Welcome to Reachable ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cold email platform.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. For billing purposes, we also collect payment information through our secure payment processor.

Email Account Connections

When you connect your email accounts (Gmail, etc.) to Reachable, we collect OAuth tokens that allow us to send emails on your behalf, manage warmup activities, and track deliverability metrics. We do not store your email passwords.

Campaign and Lead Data

We store the campaigns you create, lead lists you import, email templates, and engagement analytics (opens, clicks, replies) to provide our service.

Usage Data

We automatically collect information about how you interact with our platform, including IP addresses, browser type, device information, pages visited, and actions taken within the application.

How We Use Your Information

  • To provide and maintain our cold email platform services
  • To send emails through your connected accounts as per your campaign configurations
  • To automatically warm up your email accounts and improve deliverability
  • To track and display analytics on email performance
  • To process your payments and manage billing
  • To communicate with you about updates, security alerts, and support
  • To improve our platform and develop new features
  • To detect and prevent fraud, abuse, and security issues

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We use third-party services for payment processing (Stripe), email infrastructure, hosting, and analytics. These providers only access information necessary to perform their functions.
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • With Your Consent: We may share information with third parties when you explicitly authorize us to do so.

Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using SSL/TLS
  • Passwords are hashed using bcrypt
  • OAuth tokens are encrypted at rest
  • Regular security audits and vulnerability assessments
  • Role-based access controls for our team members

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

Campaign analytics and aggregate usage data may be retained longer for product improvement purposes, but will be anonymized and not linked to your personal information.

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and data
  • Portability: Request export of your data in a machine-readable format
  • Objection: Object to certain processing of your data
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@reachable.app.

Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze platform usage. You can control cookie settings through your browser preferences.

Third-Party Services

Our platform integrates with third-party services including:

  • Google/Gmail: For email sending and OAuth authentication
  • Stripe: For payment processing
  • Supabase: For database and authentication infrastructure

These services have their own privacy policies that govern how they handle your data.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice in the application. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.