Homechevron_rightPrivate: Web Appchevron_rightWeb App Privacy Policy
ReachIQ Legal

Web App Privacy Policy

Review the terms, privacy details, and cookie information that govern how ReachIQ operates and handles data.

On this page
  1. Scope and roles
  2. Sources of personal information
  3. Categories of personal information we collect
  4. How we use information
  5. Legal bases for processing
  6. How we share information
  7. International data transfers
  8. Data security
  9. Data retention
  10. Your rights and choices
  11. California and US state privacy disclosures
  12. Notice to data subjects under GDPR, UK GDPR, and Swiss FADP
  13. AI and automated processing
  14. Customer data and our role as a processor
  15. Email and calendar integrations
  16. Browser extensions
  17. Children’s privacy
  18. Changes to this policy
  19. Contact us and Data Protection Officer
  20. Other legal documents

Updated: May 28, 2026

This Web App Privacy Policy describes how Connectome Inc., a Delaware corporation doing business as ReachIQ (“Connectome,” “ReachIQ,” “we,” “us,” or “our”), collects, uses, shares, and protects information through:

  • The ReachIQ web application at app.reachiq.ai and any successor or related authenticated platforms (the “Web App”);
  • The ReachIQ browser extensions, plug-ins, and integrations (such as connectors for Google Workspace, Microsoft 365, Salesforce, HubSpot, and similar productivity and CRM tools);
  • The ReachIQ B2B contact and company database used to support sales, marketing, and recruiting (the “ReachIQ Database”); and
  • All related features, dashboards, and APIs (collectively with the foregoing, the “Services”).

If you are visiting the public ReachIQ marketing website at reachiq.ai, please refer to our Privacy Policy. If you are an individual whose business contact information appears in the ReachIQ Database, this policy explains your rights and how to exercise them.

By accessing or using the Services, you confirm that you have read this policy. If you do not agree, please do not use the Services.

Scope and roles

Depending on the context, Connectome Inc. acts as a controller or a processor (also known as a “business” or “service provider” under US state privacy laws) of personal information:

  • Controller. We act as a controller when we determine the purposes and means of processing personal information. This includes when we build and maintain the ReachIQ Database, when we operate authentication and account systems for our customers, and when we use customer or end-user information to provide, secure, support, and improve the Services.
  • Processor. We act as a processor when we process personal information that our customers upload, send through, or otherwise make available to the Services, on behalf of and according to the documented instructions of those customers. Our processor obligations are further defined in our Data Processing Addendum, which is incorporated into our customer agreements where applicable.

If you are an individual whose business contact information appears in the ReachIQ Database because of our independent processing activities, we are a controller of that information. If your information appears in the Services because a ReachIQ customer uploaded it, the customer is the controller and ReachIQ is the processor; please direct rights requests to that customer in the first instance.

Sources of personal information

We obtain personal information used in the Services from the following sources:

Directly from users. When you register for a ReachIQ account, manage your subscription, configure integrations, upload contacts or CRM exports, send messages through the Services, claim or update your professional profile, or contact our support team, you provide us with information.

From customers (when we act as a processor). Our customers upload or sync contacts, account lists, prospects, sequences, and CRM and marketing data into the Services.

From integrated email, calendar, and CRM services. When you connect an email, calendar, or CRM account to the Services, we receive information from that account through documented APIs and the permissions you grant.

From browser extensions. When you use a ReachIQ browser extension while browsing supported business sites (such as LinkedIn), we read the minimum data necessary to provide the requested feature, such as a name, position, employer, and publicly listed business contact details displayed on the page you are viewing.

From publicly available sources. We collect business contact and company information from publicly available sources on the web, including company websites, press releases, corporate filings (such as SEC filings), professional bios, conference and event pages, regulatory disclosures, and public profiles on business networking platforms.

From data partners and licensors. We license business contact and company data, firmographic data, technographic data, and intent data from third-party data providers, market research firms, and our strategic partners.

From contributions and research. Our in-house research team conducts data verification, including phone interviews, email confirmations, and survey-based research with companies and individuals who agree to participate.

Automatically through use of the Services. We collect technical and usage information automatically, including device identifiers, IP addresses, browser type, operating system, log data, timestamps, feature usage, and event data.

Categories of personal information we collect

Subject to applicable law and the role we play in a given context, we collect the following categories of personal information:

Business identifiers. Name, business email address, business phone number, business postal address, job title, department, seniority, company name, company size, industry, company headquarters address, employment history, education history, professional bio, public business-related social media URLs, and links to public articles or interviews involving the individual.

Account information. Login credentials, account preferences, billing contact, role assignments, audit logs, and support correspondence.

Communications metadata and content. Where you grant the Services access to your business email or calendar, we may collect metadata (such as sender, recipient, subject, send time, and IP routing information) and, with your authorization, the content of messages and attachments. Customers control which mailboxes are connected and whether content is collected. We do not access personal Gmail accounts to read message content for any purpose other than providing the requested feature.

Customer-uploaded data. Files, contact lists, CRM exports, sequences, templates, and other data that customers upload to the Services.

Usage data. Login history, feature usage, click and navigation events, search queries within the Services, error logs, API call logs, and performance data.

Device and network data. IP address, device identifiers, browser type and version, operating system, device language, time zone, and general geolocation inferred from IP address.

Inferred and derived data. Inferences and derived attributes such as ICP fit scores, lead scores, likelihood-to-respond scores, sentiment indicators, and similar predictions used to improve the relevance of outbound activity.

Payment information. Where applicable, billing contact, billing address, payment method type, and last four digits of payment cards. Full payment card numbers are processed and stored by our PCI-compliant payment processors and are not stored on our systems.

We do not knowingly collect or process special categories of personal data under GDPR (such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation) or sensitive personal information under US state privacy laws for inferring sensitive characteristics. We do not collect personal information of children under 16 through the Services.

How we use information

We use personal information for the following purposes:

  • Provide and operate the Services, including authenticating users, enabling features, syncing integrations, sending communications you direct us to send, processing payments, and supporting users.
  • Build and maintain the ReachIQ Database by collecting, verifying, normalizing, and updating business contact and company information from the sources described above.
  • Improve and develop the Services, including measuring usage, fixing bugs, optimizing performance, developing new features, training and improving machine-learning models (using de-identified or aggregated data where reasonably practicable), and conducting research and analytics.
  • Personalize the Services, including generating ICP fit and intent signals, ranking results, suggesting next steps, and personalizing outbound content.
  • Communicate with users, including sending transactional notifications, security alerts, updates, support responses, and (subject to your preferences and applicable law) product news and offers.
  • Comply with our legal obligations and protect rights, including responding to lawful requests, enforcing our agreements, investigating fraud or misuse, and protecting the safety of users and the public.
  • Conduct corporate activities, including financial reporting, audits, due diligence, and corporate transactions such as mergers, acquisitions, financings, or asset sales.

When we act as a processor on behalf of a customer, we use personal information only as instructed by that customer and as permitted by applicable law and our agreement with that customer.

When the GDPR, UK GDPR, or Swiss FADP applies to our processing, we rely on the following legal bases:

  • Performance of a contract. To provide the Services to our customers and the individuals authorized by them.
  • Legitimate interests. To build, maintain, and license the ReachIQ Database; to operate, secure, and improve the Services; to communicate with prospective customers about business-related products; to prevent fraud and misuse; and to support our corporate activities. We have conducted balancing assessments where required and have implemented safeguards (including transparency, opt-out, and data minimization) to ensure that our interests do not override the rights and freedoms of data subjects.
  • Consent. Where we ask for your consent (for example, for non-essential cookies, certain marketing channels, or processing operations where consent is the appropriate or required basis), you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Legal obligation. To comply with applicable law, regulation, and lawful requests.
  • Vital interests and public interest bases may apply in limited circumstances.

Our principal legitimate-interest basis for the ReachIQ Database is the established interest in organizing and making available business contact and company information for business-to-business sales, marketing, and recruiting. We balance this interest by limiting the data we hold to business-context information, by maintaining transparency, by providing accessible opt-out mechanisms, by honoring data subject rights, and by complying with applicable transparency notices under GDPR Article 14.

How we share information

We share personal information with the following categories of recipients:

Customers and their authorized users. Business contact and company information in the ReachIQ Database is made available to ReachIQ customers and their authorized users under contractual licenses that restrict use to business-to-business sales, marketing, and recruiting and that prohibit use for purposes covered by the US Fair Credit Reporting Act or equivalent laws.

Service providers. We share information with vendors that perform services on our behalf, including cloud infrastructure, data storage, database verification, email and SMS delivery, customer support, security, fraud detection, analytics, payment processing, and professional services. These vendors are bound by contracts that limit their use of personal information.

Strategic partners. We may share limited information with strategic partners, including integration partners, in connection with co-branded features, marketing programs, or referral relationships, where permitted by law.

Affiliates. We share information with our parent, subsidiaries, and other entities under common ownership or control with Connectome Inc., for the purposes described in this policy.

Public profiles and forums. Where individuals choose to claim or update their public ReachIQ profile, or post in public community forums, information they submit may be visible to others.

Mergers and acquisitions. In connection with a merger, acquisition, financing, reorganization, asset sale, or bankruptcy, personal information may be transferred to the acquiring or surviving entity. We will provide notice where required by law.

Legal disclosures. We may disclose personal information when we believe in good faith that disclosure is necessary to (i) comply with applicable law or respond to lawful requests; (ii) protect the rights, property, or safety of ReachIQ, our customers, our employees, or the public; (iii) investigate or prevent fraud or security incidents; or (iv) enforce our agreements.

With your consent or at your direction. We share information for any other purpose disclosed to you at the time we collect the information or with your consent.

We do not sell personal information for monetary consideration. Some of our disclosures may meet the broad statutory definition of “sale” or “sharing” under US state privacy laws; see California and US state privacy disclosures and our Do Not Sell or Share My Personal Information page.

International data transfers

ReachIQ is headquartered in the United States, and we operate globally. We may store and process personal information in the United States, India, the European Union, the United Kingdom, and other countries where we or our service providers operate.

For transfers of personal information from the EEA, UK, or Switzerland to countries that have not been recognized as providing an adequate level of data protection, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (Module 1, 2, 3, or 4 as applicable), the UK International Data Transfer Addendum, and the Swiss equivalent, supplemented by additional technical, organizational, and contractual measures where required following a transfer impact assessment. A copy of the safeguards relied on for a specific transfer is available on request at privacy@reachiq.ai.

Data security

We maintain a written information security program with administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. Our safeguards include:

  • Encryption of data in transit (TLS) and encryption of sensitive data at rest;
  • Role-based access controls and least-privilege provisioning;
  • Multi-factor authentication for administrative access;
  • Network and application logging, monitoring, and alerting;
  • Vulnerability scanning, penetration testing, and code review;
  • Secure software development lifecycle practices;
  • Vendor risk management and contractual security commitments;
  • Security training and confidentiality obligations for personnel;
  • Documented incident response and breach notification procedures.

Despite our efforts, no method of transmission or storage is completely secure. We cannot guarantee absolute security. We will notify affected individuals and regulators of security incidents as required by applicable law.

Data retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, to enforce our agreements, and to support our legitimate business interests. Retention periods vary by the nature of the data, the purpose of processing, and applicable law.

When we no longer need personal information for the original purposes, we will delete or de-identify it. Backups, archive logs, and similar systems may retain data for limited additional periods until they are rotated out.

If you opt out of the ReachIQ Database, we will suppress your record so that it does not reappear through routine collection or verification activities, subject to limited exceptions (for example, where the same information is contributed again through a customer integration, in which case we will reapply the suppression).

Your rights and choices

Depending on where you live and the laws that apply to you, you may have the following rights:

  • Access and obtain a copy of the personal information we hold about you, along with information about how we process it.
  • Correct inaccurate or incomplete personal information.
  • Delete personal information, subject to legal exceptions.
  • Port personal information to another controller in a structured, commonly used, machine-readable format.
  • Restrict or object to processing, including processing based on legitimate interests and direct marketing.
  • Withdraw consent where we rely on consent, without affecting the lawfulness of prior processing.
  • Opt out of “sale” or “sharing” of personal information and of targeted advertising and certain profiling.
  • Lodge a complaint with a supervisory authority.
  • Appeal the denial of a privacy rights request (where applicable).

To exercise these rights, contact us at privacy@reachiq.ai or support@reachiq.ai, or use the request forms linked from this policy and our Do Not Sell or Share My Personal Information page. You may also write to us at the address below.

We will respond within the time periods required by applicable law, typically 30 to 45 days. We may need to verify your identity before fulfilling certain requests; the information we request will be proportionate to the sensitivity of the data. We will not discriminate against you for exercising your rights.

If your information is in the Services because a ReachIQ customer uploaded it, please direct your request to that customer in the first instance. We will support the customer in fulfilling the request.

California and US state privacy disclosures

This section provides additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), and similar privacy laws in Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other US states. Your specific rights depend on the law of your state.

Categories of personal information collected (last 12 months). Identifiers (such as name, business email, business phone, IP address); commercial information; internet or network activity information; geolocation data (general); professional or employment-related information; education information; inferences drawn from the above; and limited records of communications between you and ReachIQ. We do not collect personal information that falls within California’s “sensitive personal information” category for the purpose of inferring characteristics about consumers.

Categories of sources. As described in Sources of personal information.

Business or commercial purposes. As described in How we use information.

Categories of recipients. As described in How we share information.

Sale and sharing. We do not sell personal information for monetary consideration. The licensing of business contact information from the ReachIQ Database to our customers, and certain disclosures through advertising and analytics cookies on our marketing website, may meet the broad statutory definition of “sale” or “sharing” under California and similar state laws. You may opt out at any time using the methods described in our Do Not Sell or Share My Personal Information page, or by enabling Global Privacy Control in your browser.

Data broker registration. Where required by applicable law, Connectome Inc. registers as a data broker with state regulators, including in California (with the California Privacy Protection Agency), Texas, Oregon, and Vermont. Current registration information is available through the applicable regulator’s website; you may also contact us at privacy@reachiq.ai to confirm our current registration status.

Categories disclosed for a business purpose. Identifiers, commercial information, internet or network activity information, professional or employment-related information, education information, geolocation data (general), and inferences, disclosed to the categories of recipients described in How we share information.

Categories sold or shared (broad definition). Identifiers, professional or employment-related information, and inferences, in connection with the licensing of business contact information from the ReachIQ Database. Limited identifiers and internet activity information may be “shared” with advertising and analytics partners on our marketing website. We do not knowingly sell or share the personal information of consumers under age 16.

Retention. As described in Data retention.

Verification. As described in Your rights and choices.

Authorized agents. You may use an authorized agent to submit a request, with written authorization and proof of identity.

Non-discrimination. We will not deny services, charge a different price, or provide a different level of quality of services because you exercised your rights.

Appeals (Colorado, Connecticut, Virginia, and other states with appeal rights). If we decline a request, you may appeal by replying to our response. We will respond to the appeal within the timeframe required by applicable law and, if we decline the appeal, will inform you how to contact the relevant attorney general.

For Nevada residents, you may opt out of the sale of “covered information” under Nevada law by emailing privacy@reachiq.ai.

Notice to data subjects under GDPR, UK GDPR, and Swiss FADP

If you are located in the EEA, the UK, or Switzerland, this section serves as the notice required under Articles 13 and 14 of the GDPR, the equivalent UK GDPR provisions, and the Swiss FADP.

  • Controller. Connectome Inc. (DBA ReachIQ), 2810 North Church Street, Wilmington, DE 19802, USA. EU representative: details available on request at privacy@reachiq.ai.
  • Data Protection Officer. privacy@reachiq.ai.
  • Categories and sources. See above.
  • Purposes and legal bases. See above.
  • Recipients. See above.
  • International transfers and safeguards. See above.
  • Retention. See above.
  • Your rights. See above. You also have the right to lodge a complaint with your local supervisory authority (a list is available on the European Data Protection Board’s website and the UK Information Commissioner’s Office website).
  • Existence of automated decision-making. See AI and automated processing. We do not make decisions about you that produce legal or similarly significant effects solely on the basis of automated processing.

AI and automated processing

The Services include features that use artificial intelligence and machine learning, including content generation, ICP scoring, lead scoring, intent signaling, deliverability optimization, and personalization. We use de-identified or aggregated data where reasonably practicable, and we apply technical and organizational safeguards designed to protect personal information.

We do not use the Services or AI features to make decisions about you that produce legal or similarly significant effects solely on the basis of automated processing. Customers using AI features in the Services are responsible for ensuring their own compliance with applicable laws on automated decision-making and AI (including the EU Artificial Intelligence Act and any applicable US state AI laws).

We do not use personal information to train third-party large language models in a way that would expose your data to other customers, except where (i) we use suitably anonymized or aggregated data for model training, or (ii) you have specifically opted in or directed us in writing to do so.

Customer data and our role as a processor

When ReachIQ acts as a processor on behalf of a customer, we process customer data only as instructed by the customer and as permitted by applicable law and our written agreement with that customer. The customer is the controller (or business) and is responsible for the lawfulness of its processing, including obtaining any required consents from data subjects, providing notices, and responding to data subject rights requests in the first instance.

Our processor obligations are further defined in our Data Processing Addendum (“DPA”), which incorporates the Standard Contractual Clauses, the UK Addendum, the Swiss equivalent, and applicable US state requirements. A copy of our DPA is available on request at privacy@reachiq.ai.

Email and calendar integrations

If you connect a Google Workspace, Microsoft 365, or other email or calendar account to the Services, we may receive information from that account through documented APIs and the permissions you grant. The scope of information collected depends on the integration you enable and the features you use, and may include metadata, message content, attachments, and calendar events. You may revoke our access at any time through your email or calendar provider’s settings.

ReachIQ’s use and transfer to any other application of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to serve advertisements, allow humans to read Google user data except in the limited circumstances permitted by the Limited Use requirements, or transfer Google user data to third parties except as necessary to provide or improve user-facing features.

Browser extensions

The ReachIQ browser extensions are designed to surface business information about pages you visit (such as business networking and company pages) and to support productivity inside email clients. The extensions read only the minimum data necessary to provide the feature you have requested (for example, name, position, employer, and publicly listed business contact details visible on the page). You can disable or uninstall the extension at any time through your browser’s extension settings.

Children’s privacy

The Services are designed for business and professional use. We do not knowingly collect or process personal information of children under 16. If we learn that we have collected personal information of a child under 16 without appropriate authorization, we will delete it. Contact us at privacy@reachiq.ai if you believe this has occurred.

Changes to this policy

We may update this Web App Privacy Policy from time to time to reflect changes in our practices, technology, applicable laws, or other factors. When we make material changes, we will revise the “Updated” date at the top of this page and provide additional notice where required (such as by email or in-app notice). Your continued use of the Services after the effective date of any update constitutes acceptance of the revised policy.

Contact us and Data Protection Officer

If you have questions, concerns, or requests regarding this Web App Privacy Policy or our handling of your personal information, please contact:

Connectome Inc. (DBA ReachIQ)
Attn: Data Protection Officer / Privacy Team
2810 North Church Street
Wilmington, DE 19802, USA
Email: privacy@reachiq.ai | support@reachiq.ai

For EEA, UK, and Swiss data subjects, you may contact our Data Protection Officer at privacy@reachiq.ai. You also have the right to lodge a complaint with your local supervisory authority.