Privacy Policy

1. Who we are (Data Controller)

This website and the services described on it are operated by ReachSoft OÜ (trading as “Outreachly”), an Estonian company (Reg. No. 17027954). Registered office: Järvevana tee 9, Tallinn, 11314, Estonia.

This Policy explains how we handle personal data in line with UK GDPR, EU GDPR, and the UK Data Protection Act 2018.

2. Scope

This Policy covers personal data we process when you:

• visit or interact with our websites, pages, or forms;
• request information, book a demo, or chat with us;
• buy, access or use our services (including trials); and/or
• receive marketing communications from us.

When we provide Outreachly services to a business customer, we generally act as that customer’s processor for personal data they upload to the platform. Processing in that context is governed by our Data Processing Agreement (DPA) and Supply of Service Terms, not this Policy.

3. What Data We Collect

a) Data you provide directly

• Identifiers and contact details (name, job title, company, email, phone, postal address)
• Account details (username; credentials—stored in hashed form)
• Preferences (communication and marketing choices)
• Content of enquiries, support tickets, demo requests, surveys, interviews)

b) Data we obtain from others

• Business/contact data from reputable providers and public sources (e.g. Companies House‑style registers, business databases, social platforms in line with their terms)
• Anti‑fraud and risk signals from payment or security providers)

c) Data collected automatically (website & services)

• Technical: IP address, device IDs, browser, OS, time zone, approximate location
• Usage: pages viewed, features used, clickstream, session duration, referral source
• Cookies/SDK identifiers and similar (see Section 7)

d) Special category data

We do not intentionally collect special category data (e.g. health, race, religion). Please do not submit it. If there is a lawful need, we will request explicit consent or rely on another valid basis and apply additional safeguards.

4. Purposes & Legal Bases

We process personal data only where a lawful basis applies:

Marketing & soft opt‑in (PECR): we may send electronic marketing to existing customers (or individuals in the course of a sale) about similar products/services, provided we offer a clear opt‑out at the point of data collection and in every message. Otherwise, we rely on consent.

You can opt out of marketing at any time via the unsubscribe link or by emailing [email protected].

5. Sharing of personal data

We do not sell your personal data. We may share it with:

• Service providers acting as our processors (e.g. hosting, CRM, email, analytics, payment, support tools) under written contracts and security obligations;
• Professional advisers (legal, accounting, auditing) under confidentiality;
• Authorities/regulators where required by law or to protect rights, property, and safety;
• Business partners or resellers are only used where necessary to deliver requested services to you.

If we are involved in a merger, acquisition, or reorganisation, personal data may be transferred to the relevant party, subject to safeguards and notice.

6. International Transfers

Your data may be processed outside the UK/EEA (e.g. by cloud providers). Where we transfer personal data internationally, we implement appropriate safeguards, such as:

• UK International Data Transfer Agreement (IDTA);
• EU Standard Contractual Clauses (SCCs); and/or
• Adequacy decisions issued by the UK/EU.
  Details are available on request via [email protected].

7. Cookies & Tracking Technologies

7.1 What we use

We (and approved third parties) use cookies, pixels and similar tech to:

• run the site (security, load balancing, session management);
• understand usage (analytics, performance);
• remember preferences (e.g. language);
• personalise content/ads and measure campaign effectiveness.

7.2 Categories

• Strictly necessary (do not require consent): page navigation, secure login, fraud prevention.
• Performance/analytics (consent‑based): e.g. Google Analytics/Tag Manager.
• Functionality (consent‑based where not strictly necessary).
• Advertising/targeting (consent‑based): e.g. LinkedIn Insight Tag, Meta Pixel, Google Ads.

7.3 Third‑party cookies

Some cookies are set by third parties. We do not control their technologies. Please review their privacy notices for details on how they process your data.

7.4 Managing cookies

On your first visit (and periodically), we display a cookie banner. You can accept, reject, or customise non‑essential cookies. You can change your choices any time via Cookie Settings (link in footer) or your browser controls. Blocking some cookies may affect site functionality.

7.5 Cookie duration

Session cookies expire when you close your browser. Persistent cookies remain for a defined period (typically 6–24 months) unless deleted sooner.

8. Retention

We retain personal data only as long as necessary for the purposes above and to meet legal obligations:

• Customer/account data: duration of relationship + up to 6 years (limitation periods)
• Marketing data: until you withdraw consent or object (and for limited suppression thereafter)
• Technical logs/analytics: typically up to 24 months
• Job applicants: up to 12 months
• Employees/contractors: up to 2 years post‑engagement (or longer if law requires)

We may retain limited data where necessary to establish, exercise or defend legal claims.

9. Security

We implement appropriate technical and organisational measures (encryption in transit, access controls, segregation, least‑privilege, monitoring, backups, staff training). No system is completely secure; you use the internet at your own risk. If we reasonably believe a breach has occurred, we will act in line with our incident response procedures and applicable notification duties.

10. Your rights

Subject to legal limits, you have the right to:

• Access your data and receive a copy;
• Rectify inaccurate or incomplete data;
• Erase data (“right to be forgotten”);
• Restrict processing;
• Object to processing, including direct marketing;
• Port data to another controller;
• Withdraw consent where processing relies on consent (this doesn’t affect lawful processing before withdrawal).

To exercise rights, email [email protected]. We may need to verify your identity. We aim to respond within one month.

11. Automated Decision‑Making & Profiling

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. We may use profiling (e.g. scoring engagement for marketing segmentation) to tailor communications. You can object to profiling used for direct marketing at any time.

12. Children

Our services are not directed to children under 18. We do not knowingly collect children’s data. If you believe we hold such data, contact [email protected] and we will delete it.

13. Links to Other Sites

Our website may link to third‑party sites and services. We are not responsible for their content or privacy practices. Please review their policies.

14. Complaints

Please contact us first at [email protected] and we’ll try to resolve your concern.
You also have the right to complain to a supervisory authority:

• EU (Estonia): Estonian Data Protection Inspectorate – https://www.aki.ee/en

15. Changes to this Policy

We may update this Policy from time to time. The latest version will always be available at https://outreachly.ai/privacy-policy/. For material changes, we will provide prominent notice (e.g. email or banner) and, where required, re‑seek consent.

16. Contact

Questions, requests, or complaints: [email protected].
Postal: ReachSoft OÜ (Outreachly), Järvevana tee 9, Tallinn, 11314, Estonia.