Legal

Privacy Policy

Effective date: July 7, 2026  ·  Last updated: July 7, 2026

Summary: Reachmigo is a B2B outbound email automation platform. We collect the minimum data needed to run our service, we never sell your data, and we give you full control to delete it. Read on for the details.

1. Who We Are

Reachmigo ("Reachmigo", "we", "us", or "our") operates the platform available at https://reachmigo.com (the "Service"). We provide B2B outbound email automation tools to businesses.

For any privacy-related questions, contact us at privacy@reachmigo.com.

2. Information We Collect

Account information: When you sign up, we collect your name, email address, and organization name via Clerk, our authentication provider.

Usage data: We collect information about how you use the Service — pages visited, features used, campaigns created — via PostHog analytics.

Prospect data you upload: When you import leads (CSV upload or API), you provide us with contact information about third-party individuals (names, email addresses, company names, job titles). You are responsible for ensuring you have a lawful basis to process this data and to send emails to these individuals.

Email interaction data: We track whether emails sent through our platform are opened or clicked, using tracking pixels and redirect links.

Payment information: Billing is handled by Stripe. We do not store your credit card number — Stripe processes and stores payment details under their own privacy policy.

Communications: If you contact us via email or chat, we retain those communications to improve our support.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To send you transactional emails (account setup, invoice receipts, important product updates)
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations
  • To analyze aggregate usage patterns and improve product features
  • To respond to your support requests

We do not use your data to train AI models. We do not sell your data to third parties. We do not send marketing emails without your explicit consent.

4. Your Responsibilities as a Customer

Reachmigo is a tool for sending outbound email campaigns. As our customer, you act as the data controller for the prospect data you upload. This means:

  • You are responsible for ensuring you have a legitimate interest or other lawful basis to email your prospects
  • You must honor unsubscribe requests promptly — Reachmigo provides one-click unsubscribe infrastructure, and you agree to use it
  • You must not use the Service to send unsolicited bulk email (spam), phishing content, or messages to purchased lists that have no business relationship with you
  • You must comply with CAN-SPAM, CASL, GDPR, and any other applicable laws in the jurisdictions you operate in

5. Data Sharing and Third Parties

We share your data only with the following categories of sub-processors who help us operate the Service:

  • Clerk — authentication and user management
  • Supabase / PostgreSQL — database hosting
  • Vercel — application hosting and edge infrastructure
  • Resend — transactional email delivery
  • Stripe — payment processing
  • PostHog — product analytics
  • Inngest — background job scheduling
  • Upstash — rate limiting and caching

We do not share your data with advertising networks, data brokers, or any other third parties not listed above.

6. Data Retention

We retain your account data for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where we are legally required to retain it (e.g., financial records for tax purposes, which we retain for 7 years).

Prospect data (leads you have uploaded) is deleted immediately upon account deletion. You may also delete individual lead records or entire lists at any time from within the Service.

7. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate data we hold about you
  • Right to erasure — request deletion of your personal data
  • Right to data portability — receive your data in a machine-readable format
  • Right to restrict processing — ask us to limit how we use your data
  • Right to object — object to certain types of processing
  • Right to opt out of sale — we do not sell personal data, so this right is inherently satisfied

To exercise any of these rights, email us at privacy@reachmigo.com. We will respond within 30 days.

8. Cookies and Tracking

We use the following types of cookies:

  • Strictly necessary cookies — required for authentication (Clerk session cookies) and security (CSRF tokens)
  • Analytics cookies — PostHog analytics to understand how users navigate the product. These are set only after you sign in
  • Referral cookies — a short-lived cookie (30 days) to attribute sign-ups to referral links

We do not use advertising cookies or third-party tracking pixels on our marketing pages.

9. Security

We take security seriously. Our measures include:

  • All data transmitted over HTTPS with TLS encryption
  • Data encrypted at rest in our database (Supabase AES-256)
  • Authentication handled by Clerk, a SOC 2 Type II certified provider
  • API keys stored as SHA-256 hashes — the raw key is never stored
  • Row-level organization isolation — your data is never accessible to other customers
  • Regular dependency updates and security patches

If you discover a security vulnerability, please disclose it responsibly to security@reachmigo.com.

10. International Data Transfers

Reachmigo is operated from India. Our infrastructure is hosted primarily in the United States and European Union via Vercel and Supabase. By using the Service, you consent to your data being transferred to and processed in these jurisdictions.

For European customers, we rely on Standard Contractual Clauses (SCCs) to lawfully transfer personal data outside the EEA where required.

11. Children's Privacy

The Service is intended for business use only and is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice in the Service at least 14 days before the change takes effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or data requests related to this Privacy Policy:

Reachmigo
Email: privacy@reachmigo.com
Website: https://reachmigo.com