1. Overview
β
The short version: We collect only what we need to run the service. We never sell your
data. You can delete your account and all data at any time.
ReachFlux, Inc. ("ReachFlux", "we", "our", or "us") operates the ReachFlux platform (the "Service"). This
Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our
Service.
By using our Service, you agree to the collection and use of information in accordance with this policy. If
you do not agree with the terms of this privacy policy, please do not access the Service.
2. Data We Collect
2.1 Information You Provide
When you create an account, use our Service, or contact us, we may collect:
- Account information: Name, email address, company name, job title, and password.
- Billing information: Credit card details and billing address (processed securely via
Stripe β we never store raw card numbers).
- Campaign data: Email content, contact lists, templates, and outreach sequences you
create.
- Communications: Messages you send to our support team or through our platform.
2.2 Information Collected Automatically
- Usage data: Pages visited, features used, time spent, clicks, and navigation patterns.
- Device information: IP address, browser type, operating system, and device identifiers.
- Cookies and tracking: Session cookies, preference cookies, and analytics identifiers
(see Section 5).
- Email engagement: Open rates, click rates, and reply data for campaigns you send.
2.3 Information from Third Parties
- OAuth data from Google or LinkedIn when you sign in via those providers.
- CRM data from Salesforce, HubSpot, or Pipedrive when you connect those integrations.
- Publicly available professional data used to power the Lead Finder feature.
| Data Type |
Purpose |
Retention |
| Account data |
Service delivery & authentication |
Until account deletion |
| Campaign data |
Outreach & reporting |
Until account deletion |
| Usage analytics |
Product improvement |
24 months |
| Support messages |
Customer service |
36 months |
| Billing records |
Legal compliance |
7 years |
3. How We Use Your Data
We use the data we collect to:
- Provide, operate, and maintain the ReachFlux platform.
- Process transactions and send billing receipts.
- Personalize your experience and improve our product.
- Send product updates, security alerts, and support messages.
- Detect, prevent, and respond to fraud or abuse.
- Comply with legal obligations and enforce our Terms of Service.
- Analyze usage trends to improve platform performance.
π§ Marketing emails: We will only send you promotional content if you have opted in. You
can unsubscribe at any time using the link at the bottom of any marketing email.
4. Data Sharing
π« We never sell your data to third parties, advertisers, or data brokers. Full stop.
We may share your data only in these limited circumstances:
- Service providers: Trusted vendors who help us operate the platform (e.g., Stripe for
payments, AWS for hosting, Intercom for support). All vendors are contractually bound to protect your
data.
- Integrations you authorize: When you connect Salesforce, HubSpot, or other tools, we
share data necessary to power those integrations β only with your explicit authorization.
- Legal requirements: If required by law, court order, or governmental authority, we may
disclose data. We will notify you unless prohibited from doing so.
- Business transfers: In the event of a merger, acquisition, or asset sale, your data may
be transferred. We will notify you 30 days in advance and provide opt-out options.
- With your consent: For any other purpose with your explicit permission.
5. Cookies & Tracking
We use cookies and similar tracking technologies to:
- Essential cookies: Required for the platform to function (authentication, sessions).
Cannot be disabled.
- Analytics cookies: Help us understand how you use the product (via a privacy-first
analytics tool). Can be opted out of in your account settings.
- Preference cookies: Remember your settings and preferences. Can be cleared via your
browser.
You can manage cookie preferences in your browser settings or via the Cookie Settings link in the footer.
Disabling essential cookies will prevent the platform from functioning correctly.
6. Data Storage & Security
ReachFlux is SOC 2 Type II certified. Our security practices include:
- All data encrypted at rest (AES-256) and in transit (TLS 1.3).
- Data hosted on AWS infrastructure in US-East and EU-West regions.
- Regular third-party penetration testing and vulnerability assessments.
- Role-based access controls β only engineers who need access to data have it.
- Incident response plan with defined notification SLAs.
While we implement industry-standard safeguards, no system is 100% secure. If you discover a security
vulnerability, please contact us at security@reachflux.com.
7. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of all data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and all associated data. We will process
within 30 days.
- Portability: Export your data in a machine-readable format (JSON or CSV).
- Objection: Object to data processing based on legitimate interests.
- Restriction: Request we limit how we process your data in certain circumstances.
To exercise any of these rights, email us at privacy@reachflux.com or use the Data & Privacy section in your
account settings.
8. GDPR & International Transfers
If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your data under the
following legal bases:
- Contract performance: To deliver the services you subscribed to.
- Legitimate interests: To improve our product, prevent fraud, and conduct analytics.
- Legal obligation: Where required by applicable law.
- Consent: For marketing communications and optional analytics.
When transferring data outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the
European Commission. Data Processing Agreements (DPAs) are available on request.
Our EU representative can be reached at gdpr@reachflux.com.
9. Children's Privacy
Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data
from children. If you become aware that a child has provided us with personal information, please contact us
and we will take steps to delete such information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Sending an email to the address associated with your account at least 14 days before changes take
effect.
- Displaying a prominent notice in the ReachFlux dashboard.
- Updating the "Last updated" date at the top of this page.
Your continued use of the Service after the effective date of any changes constitutes acceptance of the
updated policy.