Privacy Policy
At Reachr, protecting your personal data is our priority. This policy explains how we collect, use, and protect your information.
Last updated : March 17, 2026
1. Data Controller
Reachr
For any questions regarding your personal data:
privacy@reachr.pro
2. Data Collected
When using Reachr, we collect the following categories of data:
2.1 Identification Data
- First and last name
- Email address
- Profile picture (if provided via Google or LinkedIn)
2.2 Professional Data
- Resume and professional documents uploaded
- LinkedIn profile information (with your permission)
- Application history and professional contacts
2.3 Communication Data
- Emails sent and received via the platform
- LinkedIn messages (with your permission)
- Email templates created
2.4 Technical Data
- IP address
- Browser and device type
- Login and usage data
3. Purposes of Processing
Your data is collected and processed for the following purposes:
Service Provision
Account management, sending applications, tracking responses
Personalization
Adapting email templates with your personal information
Synchronization
Connecting with your email and LinkedIn accounts to centralize your communications
Service Improvement
Anonymous usage analysis to improve our platform
4. Legal Basis for Processing
In accordance with the General Data Protection Regulation (GDPR), we process your data on the following legal bases:
- •Contract Performance : processing necessary to provide our services
- •Consent : for connecting to your third-party accounts (Google, LinkedIn, Microsoft)
- •Legitimate Interest : improving our services and platform security
- •Legal Obligation : data retention required by law
5. Data Sharing
Your personal data may be shared with:
- •Technical Service Providers : hosting (Supabase, Vercel), authentication services
- •Connected Third-Party Services : Google, Microsoft, LinkedIn (only with your explicit consent)
We never sell your personal data to third parties. Your information is not used for advertising purposes.
5bis. Third-Party Contact Data and User Responsibility
When using Reachr, users may import or enter personal data of third parties (professional contacts, recruiters, organization representatives). The following provisions apply to such data:
Role of Reachr
Reachr acts as a technical sub-processor (within the meaning of Article 28 of the GDPR) for third-party contact data imported by users. Reachr processes this data solely on the user's instructions and for the purpose of providing the service (sending emails, contact management).
Role of the User
Users act as data controllers for third-party contact data they import or enter on the Platform. As such, users are solely responsible for:
- The lawfulness of contact data collection (legitimate source, valid legal basis)
- Informing data subjects in accordance with Articles 13 and 14 of the GDPR
- Respecting the right to object and the right to erasure of contacted individuals
- Ensuring their communications comply with applicable regulations (GDPR, ePrivacy Directive, anti-spam laws)
Processing by Reachr
Reachr commits to:
- Processing third-party contact data only in accordance with user instructions and for service purposes
- Not using this data for its own purposes (marketing, resale, profiling)
- Deleting third-party contact data upon user request or account deletion
- Implementing appropriate technical and organizational security measures to protect this data
Reachr does not verify the legal basis invoked by users for processing third-party contact data. Users are solely responsible for ensuring their use of the Platform complies with the GDPR and any applicable regulations.
6. Google Data Usage (Google API Services)
Reachr's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
What this means:
- We use your Gmail data only for the features described in this policy
- We never sell your Gmail data
- We do not transfer your Gmail data to third parties, except as necessary to provide the service, for legal reasons, or with your explicit consent
- We do not scan your emails for advertising purposes
- Human access to your data is limited to what is strictly necessary (technical support, legal obligations)
6.1 Gmail Permissions Requested
When you connect your Gmail account to Reachr, we request the following permissions:
Send Emails (gmail.send)
Why : To send your applications directly from your Gmail address, on your behalf.
What we send : Only application emails that you have explicitly requested to send via Reachr.
What we do NOT do : We never send emails without your explicit action.
6.2 Revoke Reachr's Access to Your Google Account
You can revoke Reachr's access to your Google account at any time from your Google Account security settings:
How to do it
- Go to myaccount.google.com/permissions
- Find "Reachr" in the list of applications
- Click "Remove Access"
After revocation: Reachr will no longer be able to access your emails. Data already imported will remain in Reachr until you delete your account. You can reconnect your Google account at any time.
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit (HTTPS/TLS) and at rest
- Encryption of third-party authentication tokens
- Secure authentication via OAuth 2.0
- Data access restricted on a need-to-know basis
- Access monitoring and logging
- Regular backups and recovery procedures
8. Data Retention
Your data is retained according to the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of subscription + 3 years |
| Applications and messages | Duration of subscription + 1 year |
| Authentication tokens | Until revocation or expiration |
| Technical logs | 12 months |
After account deletion, your data is erased within 30 days, unless legal retention requirements apply.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of Access
Obtain a copy of your data
Right to Rectification
Correct inaccurate data
Right to Erasure
Delete your data
Right to Portability
Export your data
Right to Object
Refuse certain processing
Right to Restriction
Limit usage
To exercise these rights, contact us at privacy@reachr.pro or use the "Export my data" feature in settings.
10. Cookies
Reachr uses only cookies strictly necessary for the service to function:
- Authentication cookies : maintaining your session
- Preference cookies : language, display theme
We do not use advertising tracking or profiling cookies.
11. Sub-Processors
In accordance with Article 28 of the GDPR, we inform users that Reachr uses the following sub-processors to provide its services:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU (Frankfurt, Germany) |
| Vercel | Application hosting | EU (Frankfurt, Germany) |
| Resend | Transactional and application email delivery | United States (standard contractual clauses) |
| Anthropic | Artificial intelligence (content generation) | United States (standard contractual clauses) |
| Unipile | LinkedIn integration (messaging and profiles) | EU (France) |
| Stripe | Payment processing | EU / United States (adequacy certified) |
This list may be updated. Users will be informed when a new sub-processor is added. Any objection may be directed to privacy@reachr.pro.
12. International Transfers
Your data may be processed by service providers located outside the European Union (see the sub-processors list above). In such cases, we ensure that appropriate safeguards are in place (standard contractual clauses, European Commission adequacy decisions).
13. Third-Party Rights (Non-Users)
If you are not a Reachr user but your personal data has been processed via our Platform by a user (for example, you received an application email), you have the following rights:
- •Right of access: know whether your data is being processed and obtain a copy
- •Right to object: request that the processing of your data be stopped
- •Right to erasure: request the deletion of your data
- •Right to rectification: request the correction of inaccurate data
To exercise these rights, contact us at privacy@reachr.pro. We commit to acknowledging your request within 48 hours and responding within 30 days. We will notify the relevant user and take the necessary measures to ensure your rights are respected.
As Reachr acts as a technical sub-processor, we will forward your request to the user responsible for the processing and ensure it is handled in compliance with the GDPR.
14. Modifications
We may modify this privacy policy at any time. In case of substantial changes, we will inform you by email or via a notification on the platform.
15. Complaints
If you believe that the processing of your data constitutes a violation of the GDPR, you may lodge a complaint with the relevant supervisory authority. For EU residents:
Your local Data Protection Authority
For French residents: CNIL - 3 Place de Fontenoy, TSA 80715
75334 PARIS CEDEX 07, France
www.cnil.fr