Privacy Policy
At Reachr, protecting your personal data is our priority. This policy explains how we collect, use, and protect your information.
Last updated : January 21, 2025
1. Data Controller
Reachr
For any questions regarding your personal data:
privacy@reachr.pro
2. Data Collected
When using Reachr, we collect the following categories of data:
2.1 Identification Data
- First and last name
- Email address
- Profile picture (if provided via Google or LinkedIn)
2.2 Professional Data
- Resume and professional documents uploaded
- LinkedIn profile information (with your permission)
- Application history and professional contacts
2.3 Communication Data
- Emails sent and received via the platform
- LinkedIn messages (with your permission)
- Email templates created
2.4 Technical Data
- IP address
- Browser and device type
- Login and usage data
3. Purposes of Processing
Your data is collected and processed for the following purposes:
Service Provision
Account management, sending applications, tracking responses
Personalization
Adapting email templates with your personal information
Synchronization
Connecting with your email and LinkedIn accounts to centralize your communications
Service Improvement
Anonymous usage analysis to improve our platform
4. Legal Basis for Processing
In accordance with the General Data Protection Regulation (GDPR), we process your data on the following legal bases:
- •Contract Performance : processing necessary to provide our services
- •Consent : for connecting to your third-party accounts (Google, LinkedIn, Microsoft)
- •Legitimate Interest : improving our services and platform security
- •Legal Obligation : data retention required by law
5. Data Sharing
Your personal data may be shared with:
- •Technical Service Providers : hosting (Supabase, Vercel), authentication services
- •Connected Third-Party Services : Google, Microsoft, LinkedIn (only with your explicit consent)
We never sell your personal data to third parties. Your information is not used for advertising purposes.
6. Google Data Usage (Google API Services)
Reachr's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
What this means:
- We use your Gmail data only for the features described in this policy
- We never sell your Gmail data
- We do not transfer your Gmail data to third parties, except as necessary to provide the service, for legal reasons, or with your explicit consent
- We do not scan your emails for advertising purposes
- Human access to your data is limited to what is strictly necessary (technical support, legal obligations)
6.1 Gmail Permissions Requested
When you connect your Gmail account to Reachr, we request the following permissions:
Send Emails (gmail.send)
Why : To send your applications directly from your Gmail address, on your behalf.
What we send : Only application emails that you have explicitly requested to send via Reachr.
What we do NOT do : We never send emails without your explicit action.
6.2 Revoke Reachr's Access to Your Google Account
You can revoke Reachr's access to your Google account at any time from your Google Account security settings:
How to do it
- Go to myaccount.google.com/permissions
- Find "Reachr" in the list of applications
- Click "Remove Access"
After revocation: Reachr will no longer be able to access your emails. Data already imported will remain in Reachr until you delete your account. You can reconnect your Google account at any time.
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit (HTTPS/TLS) and at rest
- Encryption of third-party authentication tokens
- Secure authentication via OAuth 2.0
- Data access restricted on a need-to-know basis
- Access monitoring and logging
- Regular backups and recovery procedures
8. Data Retention
Your data is retained according to the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of subscription + 3 years |
| Applications and messages | Duration of subscription + 1 year |
| Authentication tokens | Until revocation or expiration |
| Technical logs | 12 months |
After account deletion, your data is erased within 30 days, unless legal retention requirements apply.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of Access
Obtain a copy of your data
Right to Rectification
Correct inaccurate data
Right to Erasure
Delete your data
Right to Portability
Export your data
Right to Object
Refuse certain processing
Right to Restriction
Limit usage
To exercise these rights, contact us at privacy@reachr.pro or use the "Export my data" feature in settings.
10. Cookies
Reachr uses only cookies strictly necessary for the service to function:
- Authentication cookies : maintaining your session
- Preference cookies : language, display theme
We do not use advertising tracking or profiling cookies.
11. International Transfers
Your data may be processed by service providers located outside the European Union. In such cases, we ensure that appropriate safeguards are in place (standard contractual clauses, European Commission adequacy decisions).
12. Modifications
We may modify this privacy policy at any time. In case of substantial changes, we will inform you by email or via a notification on the platform.
13. Complaints
If you believe that the processing of your data constitutes a violation of the GDPR, you may lodge a complaint with the relevant supervisory authority. For EU residents:
Your local Data Protection Authority
For French residents: CNIL - 3 Place de Fontenoy, TSA 80715
75334 PARIS CEDEX 07, France
www.cnil.fr