Privacy Policy

At InvestorReach, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide to Us

When you use our Service, you directly provide us with the following information:

Account Information:

• Name
• Email address
• Password (encrypted)
• Profile picture (if using Google OAuth)
• Company name

Campaign Information:

• Startup name and description
• Industry and funding stage
• Pitch and business details
• Website URL
• Founder information
• Team details
• Traction metrics

Payment Information:

• Payment transaction details (processed by Razorpay)
• Billing information
• Purchase history

Note: We do not store credit card details. All payment processing is handled securely by Razorpay.

1.2 Information Collected Automatically

When you access our Service, we automatically collect:

Usage Data:

• Pages visited and features used
• Time and date of access
• Campaign creation and management activities
• Email open and click tracking data

Device Information:

• IP address
• Browser type and version
• Device type (desktop, mobile, tablet)
• Operating system
• Screen resolution

Cookies and Tracking:

• Session cookies for authentication
• Preference cookies for user settings
• Analytics cookies (Google Analytics)

1.3 Information from Third-Party Services

When you authenticate using Google OAuth, we receive:

• Your name
• Email address
• Profile picture
• Google account ID

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

• Create and manage your account
• Process your payments and credit purchases
• Generate AI-personalized email content
• Send emails to investors on your behalf
• Track email deliverability, opens, and replies
• Display campaign analytics and insights

2.2 Communication

• Send transactional emails (payment confirmations, campaign updates)
• Provide customer support
• Send service announcements and updates
• Respond to your inquiries

2.3 Marketing (with your consent)

• Send newsletters and promotional offers
• Inform you about new features
• Share relevant industry insights

You can opt out of marketing emails at any time using the unsubscribe link.

2.4 Service Improvement

• Analyze usage patterns to improve features
• Conduct A/B testing for optimization
• Train and improve AI models (using anonymized data only)
• Fix bugs and technical issues

2.5 Security and Fraud Prevention

• Detect and prevent fraudulent activities
• Monitor for security threats
• Enforce our Terms of Service
• Protect against spam and abuse

2.6 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Maintain business records

3. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

• Supabase: Database and authentication services
• Zoho Mail: Email delivery infrastructure
• OpenAI: AI content generation (no personal data shared)
• Razorpay: Payment processing
• Google Analytics: Usage analytics (anonymized)
• Make.com: Workflow automation

These providers are contractually obligated to protect your data and use it only for providing services to us.

3.2 Investor Email Recipients

When you create a campaign, we share your:

• Startup information
• Pitch content
• Founder name and contact details
• Website URL

This information is sent in personalized emails to investors you're targeting.

3.3 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations
• Respond to valid legal requests
• Protect our rights and property
• Investigate fraud or security issues
• Protect user safety

3.4 Business Transfers

If InvestorReach is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

3.5 Anonymized Data

We may share aggregated, anonymized data that cannot identify you, such as:

• Industry trends and benchmarks
• Email performance statistics
• Platform usage metrics

4. Investor Data Protection

We take special care to protect the privacy of investors in our database:

4.1 What We Protect

• Investor email addresses are never displayed to users
• Users cannot export or download investor contact lists
• Investor data is encrypted and access-controlled
• We track and log all access to investor data

4.2 What Users Can See

Users can only view:

• Investor ID (e.g., INV-001)
• Firm name
• Geographic region
• Email delivery status (sent, opened, replied)

4.3 Opt-Out Mechanism

Investors can opt out of our database by:

• Replying "UNSUBSCRIBE" to any email
• Clicking the unsubscribe link in emails
• Contacting us at privacy@investorreach.ai

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Measures

• Encryption: All data transmitted using 256-bit SSL/TLS encryption
• Database Security: Data at rest encrypted in Supabase
• Access Controls: Role-based access with principle of least privilege
• Authentication: Passwords hashed using bcrypt
• API Security: Rate limiting and API key rotation

5.2 Organizational Measures

• Regular security audits and penetration testing
• Employee background checks and training
• Data access logging and monitoring
• Incident response plan
• Regular data backups (encrypted)

5.3 Limitations

While we use industry-standard security practices, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

6.1 Account Data

• Active accounts: Retained indefinitely while account is active
• Inactive accounts: Deleted after 24 months of inactivity (after email notification)
• Deleted accounts: Personal data deleted within 30 days

6.2 Campaign Data

• Active campaigns: Retained while account is active
• Completed campaigns: Retained for 2 years for analytics

6.3 Financial Records

• Payment and transaction records: Retained for 7 years (tax compliance)

6.4 Legal Hold

We may retain data longer if required by law or for legal proceedings.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

• Right to Access: Request a copy of your personal data
• Data Portability: Receive your data in a machine-readable format

7.2 Correction and Deletion

• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your data ("right to be forgotten")

7.3 Restriction and Objection

• Right to Restrict: Limit how we process your data
• Right to Object: Object to processing for marketing purposes

7.4 Withdrawal of Consent

• Withdraw consent for data processing at any time
• Opt out of marketing communications

7.5 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@investorreach.ai
• Dashboard: Settings → Privacy Settings

We will respond within 30 days of your request.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

8.2 Managing Cookies

You can control cookies through:

• Browser settings (disable/delete cookies)
• Our cookie consent banner
• Third-party opt-out tools

Note: Disabling essential cookies may affect Service functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than India, including:

• United States (Supabase, OpenAI servers)
• European Union (some service providers)

We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements with vendors
• Compliance with GDPR and applicable laws

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal data, contact us at privacy@investorreach.ai and we will delete it.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we don't sell data)
• Right to deletion
• Right to non-discrimination for exercising rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

• Legal basis for processing: Consent, Contract, Legitimate Interest
• Right to lodge a complaint with supervisory authority
• Right to withdraw consent
• Right to data portability
• Rights related to automated decision-making

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

For material changes, we will notify you by:

• Email notification (to registered users)
• Dashboard notification
• Prominent notice on our website

Your continued use after changes indicates acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

---

This Privacy Policy is designed to help you understand how we collect, use, and protect your information. By using InvestorReach, you acknowledge that you have read and understood this Privacy Policy.