ReachLit
ReachLit
Legal

Privacy Policy

Last updated: April 25, 2026.

1. Introduction

ReachLit, Inc. ("ReachLit," "we," "us," or "our") operates the ReachLit platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

We may collect the following types of information:

  • Account Information: Name, email address, and profile details when you create an account via Google OAuth.
  • Campaign Data: Product descriptions, target audiences, keywords, budgets, and other campaign parameters you provide.
  • Gmail Data: When you connect your Gmail account, ReachLit (a) sends personalized outreach emails to YouTube creators on your behalf from your own Gmail address, and (b) syncs replies to those outreach threads so you can read and respond to them inside our Inbox view. We never read mail unrelated to your outreach activity, and we do not bulk-export, archive, or index your mailbox. See Section 9 for the complete Google API Services disclosure.
  • Usage Data: Browser type, IP address, pages visited, and interaction patterns to improve our services.
  • Cookies: We use essential cookies for authentication and session management.

3. How We Use Your Information

  • To provide, maintain, and improve the ReachLit platform.
  • To process and manage your influencer campaigns.
  • To send outreach emails through your connected Gmail account.
  • To communicate with you about your account and service updates.
  • To detect, prevent, and address technical issues or abuse.

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Third-party services that help us operate our platform (e.g., Supabase for database hosting, Vercel for deployment).
  • Legal Requirements: When required by law, regulation, or legal process.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest. However, no method of electronic transmission or storage is 100% secure.

6. Data Retention

We retain your account and campaign data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion of your personal data.
  • Object to or restrict processing of your data.
  • Data portability.

8. Third-Party Services

Our platform integrates with third-party services including Google (OAuth and Gmail API), YouTube (public data), DeepSeek (AI inference), Supabase (database hosting), Polar (billing), and Vercel (deployment). Your use of these services is governed by their respective privacy policies.

9. Google API Services Disclosure (Limited Use)

ReachLit's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Gmail account, ReachLit requests the following OAuth scopes:

  • gmail.send— to send personalized outreach emails to YouTube creators on your behalf, from your own Gmail address. Used only when you click "Send" inside ReachLit.
  • gmail.readonly— to sync replies to outreach you have sent so they appear in ReachLit's Inbox view, allowing you to respond to creators without leaving the dashboard. Reads are scoped to threads our application has touched.
  • userinfo.email and userinfo.profile— to identify your connected account and populate the From: header (e.g., "Your Name <[email protected]>") on outgoing emails.

We commit that:

  • We do not use Gmail data to develop, improve, or train generalized AI/ML models.
  • We do not sell, share, or transfer Gmail data to third parties for advertising, analytics, or any purpose other than providing the user-facing features described above. Limited transfer to infrastructure providers (e.g., Supabase for encrypted token storage) acting under contractual data-processing obligations is permitted.
  • We do not allow human employees to read Gmail data, except (a) with your explicit consent for a specific support request, (b) where necessary for security investigations into abuse or terms-of-service violations, or (c) where required by law.
  • Gmail OAuth tokens are stored encrypted at rest in our database, scoped to your authenticated account, and are accessible only via row-level security keyed to your user ID.

You can revoke ReachLit's access to your Gmail account at any time from our in-app Settings page or via myaccount.google.com/permissions. On revocation, all stored Gmail tokens for your account are deleted immediately.

10. Children's Privacy

ReachLit is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].

← Back to Home