Privacy Policy | Reach Security

Reach Security, Inc. ("Reach Security," "we," "us," or "our") is committed to protecting the privacy and security of information we collect from visitors to our website and customers of our cybersecurity platform. This Privacy Policy describes how we collect, use, store, disclose, and protect personal information in connection with your use of our website at reaochsecurity.org (the "Site") and our security platform services (collectively, the "Services").

By accessing or using our Site or Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices described here, please do not use our Site or Services. If you have questions about this policy or our privacy practices, please contact us using the information provided at the end of this document.

1. Who We Are

Reach Security, Inc. is a cybersecurity company headquartered in Washington, DC, United States. We provide AI-powered threat detection and response software to enterprise organizations. Our platform collects and analyzes security telemetry from customer environments to detect and respond to cybersecurity threats.

For purposes of applicable data protection law, Reach Security, Inc. is the data controller for personal information collected through our Site and marketing activities. For information processed through our platform on behalf of enterprise customers, Reach Security acts as a data processor, and the relevant enterprise customer is the data controller responsible for its employees' and end users' data.

Our registered address is: Reach Security, Inc., 1150 Connecticut Avenue NW, Suite 900, Washington, DC 20036, United States.

2. Information We Collect

We collect several types of information in connection with our Site and Services:

2.1 Information You Provide Directly

We collect information you provide directly when you:

Contact us: When you submit our contact form, request a demo, or communicate with us by email, we collect your name, email address, company name, job title, phone number, and the content of your message.
Register for an account: When you create a platform account, we collect your name, email address, company name, job title, and a password or authentication credentials.
Subscribe to communications: When you subscribe to our newsletter, blog updates, or security research publications, we collect your email address and name.
Attend events: When you register for webinars, conferences, or other events we host or participate in, we collect your name, email address, company, and job title.
Provide feedback: When you respond to surveys, provide product feedback, or participate in user research, we collect the information you provide in those interactions.

2.2 Information Collected Automatically

When you visit our Site, we automatically collect certain information through cookies and similar tracking technologies:

Log data: IP address, browser type and version, operating system, referring URLs, pages viewed, time and date of visits, and time spent on pages.
Device information: Hardware model, operating system version, unique device identifiers, and mobile network information.
Cookie data: Information stored in cookies and similar technologies as described in our Cookie Policy. This includes session cookies that maintain your login state and analytics cookies that help us understand how visitors use our Site.
Location data: General geographic location derived from your IP address (country, region, city). We do not collect precise GPS location data through our Site.

2.3 Information from Third Parties

We may receive information about you from third parties including:

Business partners: Companies we partner with for joint marketing activities may provide us with contact information for potential customers.
Data enrichment services: We may supplement contact information with professional and company data from business data providers to better understand our potential customers' needs.
Analytics providers: Our analytics service providers collect and provide us with aggregated information about how visitors use our Site.
Security research sources: For our threat intelligence functions, we may receive information from security research communities, vulnerability databases, and government cybersecurity agencies.

2.4 Platform and Customer Data

When enterprise customers deploy our security platform, the platform processes security telemetry from their environments. This telemetry may include log data, network traffic metadata, user activity records, and other security-relevant data from the customer's IT infrastructure. We process this data strictly as a data processor on behalf of our enterprise customers, pursuant to our data processing agreements with those customers. Our use of such data is limited to providing and improving the Services as directed by the customer.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating Our Services

Processing and responding to your inquiries, demo requests, and support requests
Creating and managing your account
Providing the security platform services you have subscribed to
Authenticating your identity when you access our Services
Processing payments for subscriptions and services
Communicating with you about your account, subscription, and support matters

3.2 Improving and Developing Our Services

Analyzing usage patterns to improve the functionality and user experience of our Site and Services
Conducting research and development to improve our threat detection algorithms and platform capabilities
Testing new features and platform improvements
Understanding customer needs to develop new products and services

3.3 Marketing and Communications

Sending you newsletters, security research publications, and product updates if you have subscribed to these communications
Informing you about events, webinars, and conferences relevant to your interests
Sending you information about new products, features, and services that may be relevant to your needs
Conducting targeted marketing campaigns through third-party advertising platforms based on your professional profile and demonstrated interests

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at privacy@reaochsecurity.org.

3.4 Security and Compliance

Detecting, investigating, and preventing security incidents, fraud, and other malicious activity
Verifying the integrity of our systems and services
Complying with our legal obligations, including responding to lawful requests from government authorities
Enforcing our terms of service and other legal agreements
Protecting the rights, property, and safety of Reach Security, our customers, and others

4. Legal Basis for Processing (EEA, UK, and Similar Jurisdictions)

For individuals in the European Economic Area, the United Kingdom, and other jurisdictions with similar requirements, we process personal information on the following legal bases:

Contract performance: Processing necessary to fulfill our contractual obligations to you, including providing the Services you have purchased or requested.
Legitimate interests: Processing for our legitimate business interests, such as improving our Services, preventing fraud, and conducting marketing activities, where these interests are not overridden by your privacy rights.
Legal obligation: Processing necessary to comply with applicable laws and regulations.
Consent: Processing based on your explicit consent, such as subscribing to marketing communications. You may withdraw consent at any time.

5. Sharing Your Information

We do not sell your personal information. We share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who assist us in operating our Site and Services. These providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain appropriate security measures. Categories of service providers include: cloud infrastructure providers, customer relationship management software, email and marketing automation platforms, payment processors, analytics providers, identity verification services, and customer support software.

5.2 Business Transfers

If Reach Security is involved in a merger, acquisition, sale of assets, or other corporate transaction, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in good-faith belief that such disclosure is necessary to comply with legal process, respond to lawful requests from public authorities, protect our rights or property, prevent fraud or illegal activity, or protect the safety of our customers or the public.

5.4 With Your Consent

We may share your information with third parties when you have provided your explicit consent to do so.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention period depends on the nature of the information and the purpose for which it was collected:

Account information: Retained for the duration of your account and for a period of up to seven years after account closure for legal and business purposes.
Contact and marketing data: Retained until you withdraw consent or request deletion, subject to a maximum period of five years from the last interaction.
Transaction records: Retained for seven years to comply with tax and accounting requirements.
Website analytics data: Retained in identifiable form for up to 26 months; aggregated analytics data may be retained indefinitely.
Security logs: Retained for up to two years for security investigation and compliance purposes.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. Upon verified request, we will provide this information in a structured, commonly used, and machine-readable format where technically feasible.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information we hold about you. You may update much of your account information directly through your account settings.

7.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions. We may retain information we are required to keep by law, that is necessary to complete transactions you have requested, or that is needed for legitimate business purposes as described in this policy.

7.4 Restriction and Objection

In certain circumstances, you have the right to restrict our processing of your personal information or to object to certain processing activities, including direct marketing.

7.5 Withdrawal of Consent

Where we process your information based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.

7.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@reaochsecurity.org with your name, contact information, and a description of your request. We will respond within 30 days of receiving a verified request. We may need to verify your identity before processing certain requests.

7.7 California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights. To make a CCPA request, contact us at privacy@reaochsecurity.org.

8. International Data Transfers

Reach Security is headquartered in the United States. If you are located outside the United States, please be aware that information we collect may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that are different from those in your country.

For transfers of personal data from the European Economic Area or the United Kingdom to the United States, we rely on the EU-US Data Privacy Framework, Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms. A copy of the relevant transfer safeguards may be obtained by contacting us at privacy@reaochsecurity.org.

9. Security

We implement technical and organizational security measures designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit and at rest, access controls limiting personal data access to authorized personnel, regular security assessments and penetration testing of our systems, security training for our personnel, and incident response procedures.

As a cybersecurity company, security is at the core of our operations. However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, and you transmit personal information to us at your own risk. If you believe your interaction with us is no longer secure, please contact us immediately at security@reaochsecurity.org.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our Site. Cookies are small text files stored on your device that help us provide and improve our Services. For detailed information about the specific cookies we use, their purposes, and how to control them, please see our Cookie Policy at Cookie Policy.

11. Children's Privacy

Our Site and Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at privacy@reaochsecurity.org.

12. Third-Party Links

Our Site may contain links to third-party websites, products, and services. Our Privacy Policy does not apply to third-party websites, and we are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this policy and, where appropriate, notify you via email or a prominent notice on our Site. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Reach Security, Inc.
Privacy Team
1150 Connecticut Avenue NW, Suite 900
Washington, DC 20036
United States

Email: privacy@reaochsecurity.org

For European residents, you also have the right to lodge a complaint with your local data protection authority. A list of EEA data protection authorities and their contact information is available at edpb.europa.eu.