ReachOut

Privacy Policy

Last updated: April 16, 2025

ReachOut ("we", "our", or "us") operates the ReachOut Chrome extension and the companion web app at reachout.so. This policy explains what information we collect, how we use it, and what we don't do with it.

1. What we collect

Account information

When you create an account, we collect your email address and a hashed password. We use this only to authenticate you and deliver the service.

Your professional profile

During onboarding, you provide:

  • Your current role and a brief background summary
  • Your target position (e.g. "Head of Growth at a Series B fintech")

This information is stored in your account and used solely to generate outreach strategy suggestions when you use the extension. You can update or delete it at any time from your dashboard.

2. What we do NOT collect

The extension reads the visible content of the LinkedIn profile page you are currently viewing in order to generate a strategy. This data is never stored. It is sent to our server, used to generate a response, and immediately discarded. We do not build profiles on LinkedIn members, do not log scraped content, and do not retain it beyond the duration of a single request.

We do not collect:

  • Your LinkedIn credentials or session cookies
  • Your LinkedIn contacts, messages, or connection list
  • Your browsing history
  • Any data from pages other than the LinkedIn profile you are actively viewing

3. How we use your data

Your professional profile (role, background, target position) is combined with the visible content of a LinkedIn profile you choose to analyse. This combined input is sent to Anthropic's Claude API to generate outreach strategy suggestions and, when you request it, a draft message.

We do not use your data for advertising, do not sell it to third parties, and do not use it to train any models.

4. Third-party services

  • Anthropic (Claude API) — processes the combined input to generate suggestions. Subject to Anthropic's Privacy Policy.
  • Brave Search API — used to fetch publicly available company and industry news to enrich strategy context. We query by company name only, never by person name.
  • Supabase (PostgreSQL) — hosts the database that stores your account and profile information.

5. Data retention and deletion

Your account and profile data are retained for as long as your account is active. You can delete your account at any time from Settings. Upon deletion, all stored profile data is permanently removed.

6. Security

All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text. API keys and system prompts are stored server-side and never exposed to the extension.

7. Children

ReachOut is not directed at anyone under 16. We do not knowingly collect data from minors.

8. Changes to this policy

If we make material changes to this policy, we will update the date at the top and notify you by email if the changes affect how we handle your stored data.

9. Contact

Questions about this policy: hello@reachout.so