Privacy Policy | ReachSmart

Black Solutions Group dba ReachSmart.ai ("ReachSmart," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites and use our suite of AI-powered services, including ReachSmart Outbound, Inbound, and Intel (collectively, the "Services").

1. Information We Collect

We collect information in three primary ways: information you provide directly, information we collect automatically, and information we process on your behalf.

A. Information You Provide

Account Data: Name, email address, company name, password, and contact details.
Billing Data: Payment instrument details and billing address (processed securely by our third-party payment processors like Stripe).

B. Information We Process on Your Behalf (Client Data)

CRM & Lead Data: Information about your prospects and customers that you upload or source via the Services.
Communications Data: The contents of emails, chat messages, and templates transmitted through ReachSmart Outbound or Inbound.
Integration Data: Authentication tokens (OAuth) necessary to connect to third-party services like Google Workspace or Microsoft 365.

C. Information Collected Automatically & Sourced Data

Usage & Device Data: IP addresses, browser types, operating systems, pages viewed, and feature usage patterns.
Cookies & Tracking: We use cookies to maintain session states, remember preferences, and analyze platform performance.
Advertising & Analytics (Meta Conversions API): We use tracking technologies, including the Meta (Facebook) Pixel and Meta Conversions API. We may securely share hashed (encrypted) user information (such as name and email) with Meta to measure ad performance, optimize our campaigns, and deliver relevant content. You can manage your ad preferences directly through your Meta/Facebook account settings.
B2B Contact Data (Intel Platform): We aggregate professional contact information from public records, digital signals, and trusted third-party data partners to provide our B2B lead-sourcing services.

2. Data Controller vs. Data Processor

Under privacy laws such as the GDPR and CCPA, a clear distinction is made between "Controllers" (those who decide how and why data is processed) and "Processors" (those who process data on behalf of the Controller).

ReachSmart as a Controller: We act as a Controller regarding your Account Data, Billing Data, and the B2B contact data sourced within the ReachSmart Intel platform.
ReachSmart as a Processor: We act strictly as a Processor regarding the Client Data (e.g., your prospects' email addresses, your inbox contents) you input into our Outbound and Inbound tools. You are the Data Controller for this information and are responsible for ensuring you have the legal right to process and contact these individuals.

3. Google API Services Compliance & Limited Use

ReachSmart allows users to integrate their email accounts via OAuth to facilitate autonomous communication.

ReachSmart's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We only access the email scopes necessary to provide our core automation features. We do not use Google Workspace data for serving advertisements, and human access to this data is strictly prohibited unless required for security purposes, legal compliance, or if explicitly authorized by you to resolve a support issue.

4. Artificial Intelligence, Profiling, and Data Privacy

To power our autonomous agents, data is processed through Large Language Models (LLMs).

No Foundational Training: We do not use your proprietary Client Data to train foundational, publicly available AI models.
Sub-Processors: We may utilize enterprise-grade AI sub-processors (e.g., OpenAI, Anthropic) via zero-retention API endpoints, ensuring your data is not stored by these providers for model training.
Automated Decision-Making: While our AI assists with drafting communications and parsing data, ReachSmart does not engage in automated decision-making that produces legally binding or significant financial effects on individuals. The User retains ultimate control over how AI-generated communications are deployed.

5. How We Share Your Information

We may share information in the following circumstances:

Service Providers: We share data with trusted third-party vendors who provide cloud hosting (e.g., AWS, GCP), payment processing, and analytics, strictly under confidentiality agreements.
Advertising Partners: We securely share specific, hashed conversion events (like registrations and purchases) with advertising platforms such as Meta to measure the effectiveness of our marketing efforts.
Data Licensing (Intel Platform): As part of the ReachSmart Intel service, B2B professional contact data is licensed to our users for business-to-business marketing purposes.
Legal Requirements: We may disclose information if required to do so by law, court order, subpoena, or to protect the safety, rights, or property of ReachSmart or the public.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.

6. Notice to California Residents (CPRA)

Under the California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information. Note that CPRA applies to B2B contact data.

Categories of Personal Information Collected: Identifiers (name, email, IP address), professional/employment-related information (job title, company), internet activity, and commercial information.

Right to Opt-Out of Sale/Sharing: Because our ReachSmart Intel platform provides B2B contact data to third parties, this may constitute a "sale" or "sharing" under California law. California residents have the right to opt out of the sale or sharing of their personal information by submitting a request to growth@reachsmart.ai or by clicking the "Do Not Sell or Share My Personal Information" link on our website.

7. Your Privacy Rights (Global)

Depending on your geographic location (including the EU/UK under GDPR), you may have the following rights:

Access and Portability: The right to request a copy of the personal data we hold about you.
Correction: The right to request that we correct inaccurate or incomplete data.
Deletion (Right to be Forgotten): The right to request the deletion of your personal account data, subject to certain legal exceptions.

To exercise any of these rights, please email us at growth@reachsmart.ai. We will verify your identity before processing the request and respond within the timeframe required by applicable law.

8. Children's Privacy (COPPA)

The Services are designed exclusively for business-to-business (B2B) use. We do not knowingly collect, maintain, or solicit personal information from children under the age of 18. If we become aware that we have collected personal information from a child under age 18, we will promptly delete that information.

9. Data Security & Retention

We implement industry-standard administrative, technical, and physical security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. We utilize encryption in transit (TLS/SSL) and at rest.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide the Services, or to comply with our legal obligations. Upon account termination, Client Data is securely deleted in accordance with our data retention policies.

10. International Data Transfers

ReachSmart is headquartered in the United States. If you are accessing the Services from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States. By using the Services, you consent to this transfer, utilizing Standard Contractual Clauses (SCCs) or other legally approved transfer mechanisms where applicable.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of the Services constitutes acceptance of the revised policy.