Privacy Policy — Reachly

🔒 Privacy

Last updated: April 25, 2026 · Effective: April 25, 2026

🛡️

Your privacy matters to us. Reachly is built for small business owners and we take the protection of your data and your customers' data seriously. We do not sell your data to anyone — ever.

Table of Contents

Who We Are
Data We Collect
How We Use Your Data
Data Sharing & Third Parties
Your Customers' Data
Data Storage & Security
Data Retention
Your Rights
Cookies
Children's Privacy
Changes to This Policy
Contact Us

1. Who We Are

Reachly is an SMS marketing platform for small businesses, available in Canada and the United States. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform at reachlyapp.com.

For the purposes of applicable privacy laws including Canada's PIPEDA (Personal Information Protection and Electronic Documents Act) and applicable US state privacy laws, Reachly acts as the data controller for information you provide when creating an account, and as a data processor for the contact data you upload to our platform.

2. Data We Collect

We collect the following categories of information:

Account Information

Data	Why We Collect It
Full name	To personalise your account
Business name	To customise your experience
Industry type	To show relevant templates
Email address	For login and account communications
Password (hashed)	For account security — never stored in plain text

Usage Data

Data	Why We Collect It
Campaign names & descriptions	To store your campaigns
Message content	To send SMS and save templates
Send logs (who received messages)	To show delivery reports
Contact lists you upload	To send campaigns on your behalf

Technical Data

We may collect basic technical information such as browser type and IP address for security and fraud prevention purposes. We do not use this data for advertising or tracking.

3. How We Use Your Data

We use the data we collect exclusively to provide and improve the Reachly service:

Providing the Service — sending SMS campaigns, storing contacts and templates, displaying send reports
Account management — login, password reset, email verification
AI message generation — your prompt is sent to Anthropic's API to generate SMS content
SMS delivery — contact phone numbers are sent to Twilio to deliver your messages
Service communications — important updates about your account or the Service
Security — detecting and preventing fraud and abuse

🚫 We do not sell your data. We do not use your data for advertising. We do not share your data with anyone except the service providers listed in Section 4, and only to the extent necessary to provide the Service.

To provide the Service, we work with the following trusted third-party providers. Each provider has their own privacy policy and data processing terms:

🗄️ Supabase — Database & Authentication

Stores your account data, contacts, campaigns, templates, and send logs. Hosted on secure cloud infrastructure.

supabase.com/privacy →

📱 Twilio — SMS Delivery

Receives recipient phone numbers and message content to deliver SMS campaigns on your behalf. Twilio is a regulated telecommunications provider.

twilio.com/legal/privacy →

🤖 Anthropic — AI Message Generation

Receives your AI prompts to generate SMS message suggestions. Your prompts and generated messages are processed according to Anthropic's privacy policy.

anthropic.com/privacy →

💳 Stripe — Payment Processing

Handles subscription payments. We do not store your payment card information — all payment data is managed directly by Stripe.

stripe.com/privacy →

🚀 Render — Cloud Hosting

Hosts the Reachly application servers in the United States.

render.com/privacy →

We may also disclose your information if required by law, court order, or government authority.

5. Your Customers' Data

When you upload contact lists to Reachly, you are providing us with personal data belonging to your customers (names and phone numbers). As the data controller for this information, you are responsible for ensuring you have obtained proper consent from your customers to receive SMS communications and to have their data processed by our Service.

We process this data solely on your behalf and only for the purpose of delivering the SMS campaigns you create. We do not:

Use your customers' data for any purpose other than delivering your campaigns
Share your customers' data with any third party except Twilio (for SMS delivery)
Sell or rent your customers' contact information
Contact your customers directly

6. Data Storage & Security

Your data is stored securely in Supabase's cloud infrastructure with the following protections:

All data is encrypted at rest and in transit (TLS/SSL)
Passwords are hashed using industry-standard algorithms — never stored in plain text
Row-level security ensures each user can only access their own data
Access to production data is strictly limited

While we implement strong security measures, no system is completely secure. We cannot guarantee the absolute security of your data and encourage you to use a strong, unique password for your account.

7. Data Retention

We retain your data for as long as your account is active. Specifically:

Account data — retained until you delete your account
Contacts & campaigns — retained until you delete them or your account
Send logs — retained for 12 months, then automatically deleted
Payment records — retained as required by law (typically 7 years)

When you delete your account, we delete all associated personal data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

For Canadian Users (PIPEDA)

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate data
Withdrawal of consent — withdraw consent for data processing (may affect Service availability)
Complaint — file a complaint with the Office of the Privacy Commissioner of Canada

For US Users

Access — request to know what personal data we have collected
Deletion — request deletion of your personal data
Non-discrimination — we will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us at hello@reachlyapp.com. We will respond within 30 days.

9. Cookies

Reachly uses minimal cookies and local storage strictly necessary for the Service to function:

Authentication token — stored in browser local storage to keep you logged in
Session preferences — temporary data to improve your experience

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not track you across other websites.

10. Children's Privacy

Reachly is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will notify you by email or by posting a prominent notice on the Service.

We encourage you to review this policy periodically. Your continued use of Reachly after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Reachly — Privacy Enquiries
Email: hello@reachlyapp.com
Website: reachlyapp.com

We aim to respond to all privacy enquiries within 5 business days.

Home · Terms of Service · Sign In