REACH HR

PRIVACY POLICY

📅 Effective Date: Nov 15, 2025
🔄 Last Updated: Nov 28, 2025

1. Introduction

Welcome to Reach HR ("we," "our," or "us"). We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the "Service").

2. Information We Collect

A. Information You Provide to Us:

  • Account Information: When you register an account, we collect your name and email address. If you register using Google OAuth, we also receive your profile picture URL from Google.
  • Authentication Credentials: If you register using email and password, we collect your password in a securely hashed format. We never store plaintext passwords.
  • Campaign Content: We collect the email subject line, body text, and resume file (in PDF format) that you provide for your outreach campaigns.
  • Payment Information: We do not directly collect or store your financial information like credit card numbers. All payments are processed by our secure third-party payment processor, Razorpay. We only receive a confirmation of the transaction.

B. Information We Process on Your Behalf:

  • Recipient Contact Information: To provide our service, we maintain a database of professional contact information for Human Resources (HR) personnel. This data is compiled from publicly available sources. You do not provide this information; our platform uses it to send emails on your behalf.

C. Information We Collect Automatically:

  • Usage Data: We collect information about your interactions with the Service, such as login timestamps, features used, and campaign history. This helps us improve our Service.
  • Technical and Log Data: We may automatically log your IP address for security purposes, such as rate limiting to prevent abuse and for fraud detection.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our Service, including authenticating you and launching your email campaigns.
  • To securely process your transactions.
  • To improve, personalize, and expand our Service.
  • To communicate with you, respond to your inquiries, and provide customer support.
  • To ensure the security of our platform, prevent fraudulent activity, and enforce our terms.
  • To process and honor unsubscribe requests from email recipients.

4. Data Sharing and Third Parties

We do not sell your personal data. We only share information with essential third-party service providers that help us operate our platform. These include:

  • Google Cloud Platform (GCP): For hosting our application, database (Firestore), and storing your resume files (Cloud Storage).
  • SendGrid: To send campaign emails on your behalf. When an email is sent, your email address is set as the 'reply-to' address so that you receive responses directly.
  • Razorpay: To securely process your payments.

These third parties are contractually obligated to protect your data and are prohibited from using it for any other purpose.

5. Data Security

We implement robust technical and administrative security measures to protect your data. Our security practices include:

  • Encryption at Rest: Sensitive data, such as your authentication tokens and the HR contact email database, is encrypted using AES-256 before being stored in our database.
  • Encryption in Transit: All data transmitted between your browser and our servers, and between our servers and our third-party partners, is encrypted using Transport Layer Security (TLS).
  • Secret Management: All application secrets (like API keys) are themselves encrypted and stored in our secure database. They are decrypted in memory at runtime using a master encryption key, which is the only secret managed in our hosting environment.
  • Secure Authentication: We use industry-standard protocols like Google OAuth 2.0 and strong password hashing (bcrypt) for account security. We never store or have access to your Google password or your plaintext account password.

6. Your Rights and Choices

For Reach HR Users:

  • You have the right to access, update, or request the deletion of your personal account information at any time by contacting our Grievance Officer.
  • You can manage your campaign history and data through your dashboard.

For Email Recipients:

  • If you have received an email from our platform, you have the right to opt out of future communications.
  • Every email sent via our Service contains a prominent "Unsubscribe" link in the footer. Clicking this link will allow you to permanently remove your contact information from our `master_contacts` database.

7. Data Retention

We retain your account information as long as your account remains active. If you request account deletion, we will delete your personal information in accordance with applicable laws. Campaign content, including uploaded resumes, may be automatically deleted from our active systems after a period of inactivity to manage storage resources. We retain anonymized transaction data as required for financial and legal reporting.

8. Grievance Officer

In accordance with the Information Technology Act 2000 and the rules made thereunder, the name and contact details of the Grievance Officer are provided below. For any questions about this Privacy Policy, or to exercise your rights, please contact:

Grievance Officer: Jinil Patel
Email: reachhr.app@gmail.com

We will address your concerns and requests in a timely manner and in accordance with applicable law.

9. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date at the top.