Reachlee Privacy Policy

**Last updated:** May 10, 2026

Reachlee (“we”, “our”, “us”) provides an Instagram automation tool for creators and businesses. This Privacy Policy explains what we collect, how we use it, who we share it with, and how you can control your data.

By using Reachlee, you agree to this Privacy Policy.

1. What we collect

When you sign up for Reachlee with Google, we receive:
- Your name, email address, and profile picture
- Your Google user ID
When you connect your Instagram account via Instagram Business Login, we receive:
- Your Instagram user ID, username, display name, and profile picture
- An access token authorizing us to act on your behalf within the permissions you grant
- Permission to read comments on your posts and reels
- Permission to send and receive direct messages on your behalf
- Permission to read your media (posts, reels, stories) for automation targeting
- Counts of followers, posts, and engagement metrics
While your automations are active, we receive and store:
- Comments posted on your content (text, commenter username and ID, timestamp)
- Direct messages sent to your account
- Story reactions, mentions, and replies
- Email addresses you collect through Reachlee’s lead-capture flows (only when an end user voluntarily provides them in a DM)
We do not collect:
- Your Instagram or Google passwords (we use OAuth — passwords never touch our servers)
- Phone numbers, addresses, or other personal data not relevant to operating Reachlee
- Browsing data outside of Reachlee

2. How we use the data

We use the data we collect solely to operate Reachlee on your behalf:
- To run the automations you configure (auto-replies to comments, DMs, story interactions)
- To dispatch outbound messages and replies through Instagram’s API
- To show you analytics, conversation history, and contact lists in the Reachlee dashboard
- To enforce plan limits and detect abuse
- To improve the Reachlee product
We do **not** sell your data. We do **not** share it with advertisers. We do **not** use it to train AI models without your explicit opt-in.

3. Who we share with

We share data only with the third-party services strictly necessary to operate Reachlee:
- **Meta (Instagram Graph API)** — to deliver the automation features you configure. Subject to Meta’s Platform Terms.
- **Google** — for sign-in via Google OAuth.
- **Amazon Web Services (AWS)** — to host our infrastructure (servers, databases, object storage). Data is stored in the AWS region we operate in.
- **Brevo** — to send transactional emails (account confirmations, password resets, system notifications).
- **Dodo Payments** — to process subscription billing if you upgrade to Pro. We never see or store your full card number.
We do not share data with any other third parties without your explicit consent or a legal requirement (e.g., subpoena).

4. How long we keep your data

- **Reachlee account data** (user profile, settings): while your account is active, plus 30 days after account deletion
- **Connected Instagram account data** (handle, profile picture, access token): until you disconnect, plus 30 days
- **Automation configurations and run history**: while your account is active
- **Webhook event logs**: 30 days, then automatically purged
- **Conversations and messages**: while your account is active
- **Aggregated, anonymized analytics**: indefinitely
If you delete your Reachlee account, we delete all your personal data within 30 days, except where retention is legally required.

5. Your rights

You have the right to:
- **Access** — request a copy of the data we hold about you
- **Correct** — update inaccurate data through the Reachlee dashboard or by contacting us
- **Delete** — disconnect your Instagram account or delete your entire Reachlee account at any time. Data deletion requests are processed within 7 days.
- **Portability** — request an export of your data in a machine-readable format
- **Withdraw consent** — revoke Instagram or Google access at any time via the relevant platform’s settings
To exercise any of these rights, email **support@reachlee.co** with the subject “Data Request”.
If you are in the European Economic Area (EEA), United Kingdom, or California, you have additional rights under GDPR and CCPA respectively. We honor all such requests.

6. Data deletion

You can delete your data at any time by:
- Going to **Settings → Disconnect Instagram** in the Reachlee dashboard
- Going to **Settings → Delete Account** in the Reachlee dashboard
- Emailing **support@reachlee.co** with “Delete my data” in the subject
You can also revoke Reachlee’s access to your Instagram account from Instagram itself: **Settings → Apps and websites → Active → Reachlee → Remove**. Doing so will trigger automatic deletion of your data within 30 days.

7. Security

We implement industry-standard security practices:
- All data in transit is encrypted with TLS
- Access tokens are stored encrypted at rest
- Access to production systems is restricted and logged
- We do not store passwords; authentication uses OAuth
- Regular security reviews and updates
No system is perfectly secure. If you believe your account has been compromised, contact **support@reachlee.co** immediately.

8. Children’s privacy

Reachlee is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with data, contact **support@reachlee.co** and we will delete it.

9. International data transfers

Reachlee operates from servers in **[YOUR AWS REGION]**. If you are accessing Reachlee from outside that region, your data will be transferred and processed there. By using Reachlee, you consent to this transfer.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we’ll update the “Last updated” date at the top and, for material changes, notify you via email or an in-app notice.

11. Contact

Questions, concerns, or requests:

**Reachlee**
Email: **tusharkapil63@gmail.com**
Website: **https://reachlee.co**
For data protection inquiries: **tusharkapil63@gmail.com**