ReachBase.ai

Privacy Policy

Last updated: March 2026

1. Introduction

ReachBase.ai ("we", "us", or "our") operates the ReachBase.ai platform, a B2B SaaS service for automated website discovery and outreach. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.

By using ReachBase.ai, you agree to the practices described in this policy. If you do not agree, please do not use our services.

2. Data We Collect

Account Information

When you register, we collect your name, email address, and password (stored as a hashed value). If you subscribe to a paid plan, we collect billing information through our payment processor, Stripe.

Usage Data

We automatically collect information about how you use the platform, including:

  • Campaign configurations and settings
  • Number of websites discovered, scouted, and contacted
  • Credit usage and billing history
  • Log data (IP address, browser type, access times)

API Keys

If you choose to provide your own API keys (e.g., SMTP credentials), these are encrypted using AES-256 encryption and stored securely. We never access or use your API keys for any purpose other than executing your campaigns.

Campaign Data

Data generated during campaigns (discovered URLs, email addresses, contact form information, outreach messages) is stored in association with your account.

3. How We Use Your Data

We use your data to:

  • Provide, maintain, and improve the ReachBase.ai service
  • Process your campaigns (harvest, scout, qualify, and contact)
  • Process payments and manage your subscription
  • Send transactional emails (account verification, billing receipts, campaign notifications)
  • Monitor and prevent abuse of the platform
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy governing how they handle data:

  • Stripe — Payment processing. Stripe handles all payment card data directly; we never store your card details.
  • OpenAI — AI processing for website analysis, message generation, and form analysis. Website content may be sent to OpenAI's API for processing.
  • Serper — Search API for discovering websites during the harvest phase.
  • 2Captcha — CAPTCHA solving service used during Tier 3 form submissions.

5. Data Storage and Security

Your data is stored on servers located in the European Union. We implement appropriate technical and organizational measures to protect your data, including:

  • AES-256 encryption for sensitive data (API keys, credentials)
  • Encrypted connections (TLS/HTTPS) for all data in transit
  • Password hashing using industry-standard algorithms
  • Access controls and authentication for all internal systems
  • Regular security reviews and updates

6. Cookies

We use essential cookies to maintain your session and authentication state. We do not use tracking cookies or third-party advertising cookies.

  • Session cookies — Required for authentication and security. Expire when you close your browser or after your session timeout.
  • Preference cookies — Store your UI preferences (e.g., theme, billing toggle state).

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Access — Request a copy of all personal data we hold about you.
  • Rectification — Request correction of inaccurate data.
  • Erasure — Request deletion of your personal data and account.
  • Export — Request your data in a portable, machine-readable format.
  • Restriction — Request that we limit processing of your data.
  • Objection — Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at contact@reachbase.ai. We will respond within 30 days.

8. Data Retention

We retain your account data for as long as your account is active. Campaign data is retained for 12 months after the campaign completes, after which it is automatically deleted. If you delete your account, all associated data is permanently removed within 30 days.

9. Children's Privacy

ReachBase.ai is a business-to-business service and is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the platform. Your continued use of ReachBase.ai after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

contact@reachbase.ai