Skip to main content

Reachoria Privacy Policy

Last updated: 14 August 2025

Summary at a Glance
  • We’re Reachoria (B2B data products and custom dataset services). We act as a Controller for our website, marketing and datasets we independently publish, and as a Processor when we build datasets to a client’s specification under contract.
  • We collect business-context data (e.g., name, role, work email), technical/usage data (cookies, analytics), payment metadata via providers, support content, and publicly available B2B data compiled from legitimate sources.
  • Legal bases include contract, legitimate interests, consent (e.g., lead magnets/marketing), and legal obligation.
  • You have strong rights under UK/EU GDPR (access, erase, object, etc.) and, ifyou’re in the U.S., CCPA/CPRA rights (know, delete, correct, opt-out of sale/share, limit sensitive use, non-discrimination).
  • We don’t sell personal information for money. If we ever use cross-context advertising, that may be a “share” under CPRA—you can opt out.
  • International transfers use SCCs and the UK IDTA/Addendum, plus additionalsafeguards.
  • You can exercise your rights by emailing privacy@reachoria.com. We respond within 1 month (GDPR) or 45 days (CPRA).
Contents
Heading 2

Who we are & scope

Trading name: Reachoria\ Website: https://reachoria.com\ Contact: privacy@reachoria.com

This Privacy Policy covers our website, lead magnets (including the “50-Lead Challenge” and the “Impossible ICP” quiz), marketing communications, dataset products (e.g., CSV/Notion/Airtable), custom dataset projects, and customer support channels.

Not legal advice. This policy explains how we handle personal data; it’s not a substitute for professional legal advice.

Definitions

  • Personal data: Any information relating to an identified or identifiable person.
  • Sensitive personal data (special categories): For example health, biometric, racial/ethnic origin, political opinions, religious beliefs, sexual orientation.
  • Processing: Any operation on personal data (collecting, storing, using, disclosing, deleting).
  • Controller: Decides purposes and means of processing personal data.
  • Processor: Processes personal data on behalf of a controller.

What we collect

Identity & contact. Name, work email, job title, department, seniority, company, business phone, LinkedIn URL.\ Professional profile. Company size/industry, tech stack, buying signals and intent indicators you provide or we derive for B2B purposes.\ Technical & usage data. Device, browser type, IP address, general location (city/region), pages viewed, referral source, session logs, cookie IDs. \ Marketing preferences & lead-magnet responses. Quiz answers/specs for the 50-Lead Challenge / Impossible ICP Quiz and your email preferences.`\ Payment & transaction metadata. Order ID, amount, currency, timestamps, last 4 digits/brand from providers (we do not store full card numbers).\ Support/content you send us. Emails, chat messages, files or briefs.\ Publicly available B2B data we compile. From company sites, public filings, professional directories, and social profiles where allowed, plus partner APIs and proprietary crawls/crowdsourced confirmations for enrichment.
We avoid sensitive categories for marketing use and honour opt-outs.

Sources of personal data

  • Directly from you (forms, quizzes, chat, email, phone/social messages).
  • Automated means (cookies, analytics, pixels—see Cookies section).
  • Third parties/processors (payment providers, analytics, email platforms, hosting, CRM/connectors).
  • Public/enterprise sources used to compile B2B datasets (e.g., company websites, public registers, partner APIs).

How we use data & legal bases

We rely on these legal bases: contract, legitimate interests, consent, legal obligation.
Where we use legitimate interests, we balance our interests with your rights and expectations and provide easy opt-outs.

*Retention may vary based on legal limits, disputes, and operational needs. See Retention for detail.\ Lead magnets and product pages referenced above: 50-Lead Challenge and Impossible ICP.

Public B2B data safeguards. We focus on business identities and contact points, keep source logs where feasible, avoid sensitive inferences, and honour suppression/opt-out requests.

Cookies & similar technologies

We use:

  • Strictly necessary cookies (core site functions, security).
  • Analytics cookies (usage patterns, performance).
  • Marketing cookies/pixels (if implemented) for campaign measurement or to show ads for our services.

You can control cookies in your browser. If analytics/ad pixels are used (e.g., GA4/Matomo; ad platforms), we provide opt-out controls in the banner and below.

When we share data

  • Processors: Hosting/cloud, analytics, payment, email delivery, customer support, CRM/connectors, data validators/enrichers (see Annex).
  • Business transfers: In connection with a merger, acquisition, or asset sale.
  • Legal compliance & enforcement: To comply with law or enforce our terms.
  • No money-for-data selling: We do not sell personal information for money.
    If we use cross-context behavioural advertising (e.g., ad pixels), this may be a “share” under CPRA.
    We will honour Global Privacy Control (GPC) signals as an opt-out for that browser where technically feasible.

International transfers

If we transfer personal data outside the UK/EEA, we use appropriate safeguards, including the EU Standard Contractual Clauses (SCCs) and the UK IDTA/Addendum, plus technical and organisational measures (encryption in transit, access controls, minimisation). Vendor-specific mechanisms are listed in the Annex.

Security

We use proportionate organisational and technical measures, including access controls and least-privilege, encryption in transit, environment segregation, audit/logging, employee confidentiality commitments and vendor due diligence. We test and improve our controls over time.

Retention

We keep personal data only as long as needed for the purposes set out above, then delete or irreversibly aggregate it.

  • Website analytics: 14 months (or shorter if configured).
  • Marketing contacts: Until you opt out or after 24 months of inactivity, whichever is sooner.
  • Client project data (Processor work): Project lifetime + 6–12 months for handover/verification, then deletion or return per contract.
  • Accounting/transactions: As required by law (6–10 years).
  • B2B datasets we publish: Maintained on refresh cycles; we remove/suppress your record on request and during periodic accuracy reviews.

Criteria include legal requirements, dispute/contractual needs, and operational necessity.

Your Rights

UK/EU (UK GDPR / EU GDPR)

  • Access your data; rectify inaccuracies; erase (in some cases); restrict processing; port your data; object to processing based on legitimate interests (including direct marketing); withdraw consent at any time (does not affect prior processing)

U.S. (CCPA / CPRA – California)

  • Know/access the categories and specific pieces of personal information we collected
  • Delete personal information (with exceptions)
  • Correct inaccurate information
  • Opt out of sale/share of personal information
  • Limit use/disclosure of sensitive personal information (if collected)
  • Non-discrimination for exercising rights

Short notes for CO / VA / CT / UT: You may have rights to access, delete, correct, opt out of targeted advertising, sale, and profiling. Use our rights process below and specify your state.

How to submit a request (step-by-step)

  1. Email: Send to privacy@reachoria.com with the subject “Data Rights Request”, and state which rights you want to exercise.
  2. Verify identity: We’ll verify via your email address and may request limited additional information (e.g., recent interaction detail).
  3. Timeline: We aim to respond within 1 month (GDPR) or 45 days (CPRA), with extensions where permitted.
  4. Authorised agents (CPRA): Agents must provide signed permission; we may verify you directly.
  5. GPC: If supported in your browser, we treat Global Privacy Control signals as an opt-out of sale/share for that browser session.

Children’s Data

Our services target professionals and are not directed to children. We do not knowingly collect data from children under 13 (U.S.) or under 16/13 (EU/UK, depending on country). If you believe a child has provided data, contact us and we will delete it.

Controller vs Processor detail

  • Controller: We are the Controller for our website, marketing, and any datasets we independently publish/sell.
  • Processor: When we deliver custom datasets to a client’s specification under a services agreement, we act as a Processor and process personal data only on the client’s documented instructions, with confidentiality, security, sub-processor flow-down, breach notice, and deletion/return at end of term, and audit rights as set out in our Data Processing Addendum (DPA) (available on request).
  • Customer Responsibilities. Customers remain Controllers for their use of data and must define retention maintain suppression lists, honour downstream rights request.

How to contact us / complaints

Email: privacy@reachoria.com\ Supervisory authorities:

  • UK: Information Commissioner’s Office (ICO) – see ico.org.uk
  • EU: You can complain to your local supervisory authority. We would appreciate the chance to resolve your concerns first—please contact us.

Changes to this policy

We’ll post any changes on this page and adjust the “Last updated” date. For material changes, we’ll provide a prominent notice (e.g., banner or email, where appropriate).