BeReach
NewMeet the BeReach AI Agent for LinkedIn outreach.See plans
legal

Privacy Policy

How BeReach collects, uses, and protects personal data

PublishedOctober 24, 2025UpdatedJune 5, 2026

Summarize with AI

Ask Claude

This Privacy Policy explains how [LEGAL ENTITY NAME], a société par actions simplifiée (SAS) organized under the laws of France, registered with the [Paris] Trade and Companies Register under number [RCS NUMBER], with its registered office at C/O Dilytics, Chemin de Louis-Hubert 2, 1213 Petit-Lancy, Switzerland ("BeReach", "we", "us", or "our"), collects, uses, shares, and protects personal data.

It applies to the BeReach website at bereach.ai (the "Site"), the BeReach browser extension, the BeReach REST API, the BeReach AI agent, the free tools, and any related services (together, the "Services").

This Policy forms part of, and should be read together with, our Terms of Service. By using the Services, you acknowledge this Policy. If you do not agree, do not use the Services.

1. The two roles you need to understand

Because BeReach is an outreach and lead generation tool, personal data flows through it in two very different ways, and our role is different in each.

1.1 We are the controller of your data. When you visit the Site, create an Account, subscribe, contact support, or use the Services as a user, we act as the data controller for your personal data, such as your identity, billing details, technical and usage data, and the credentials or session you use to connect a Third-Party Platform. Sections 2 to 9 describe this processing.

1.2 You are the controller of the data you collect about prospects. When you use the Services to search, collect, enrich, store, score, or message third parties (your "Leads" or "Prospects"), you decide whose data you process, why, and how. For that data you are the data controller, and we act only as your data processor, processing it on your documented instructions to provide the Services. Section 10 and our Data Processing Agreement govern this. You are solely responsible for having a valid legal basis to process Prospect data, for providing any required notices to data subjects, for honoring their rights, and for complying with all applicable data protection, e-privacy, and anti-spam laws.

2. Personal data we collect about you (as controller)

2.1 Data you provide.

  • Account and identity data: name, email address, company, job title, password.
  • Billing data: billing name, address, tax or VAT identifiers, and payment metadata. Card details are handled directly by our payment processor and are not stored by us.
  • Communications: messages, support requests, survey responses, and any content you send us.
  • Content and configuration: campaigns, message templates, settings, and other content you create in the Services ("User Content").

2.2 Third-Party Platform connection data. To operate the Services, you may connect a Third-Party Platform account (for example, LinkedIn). Depending on the feature, this may involve a session token, cookie, or similar credential associated with your own account on that platform, which we process to perform the actions you configure. You confirm you are the legitimate holder of that account and are authorized to use it for these purposes. We store this connection data encrypted at rest, treat it as confidential, use it only to operate the Services for you, and let you disable or remove it at any time from your settings — removing it deletes the stored credential.

2.3 Data collected automatically. When you use the Site, extension, or API, we collect technical and usage data such as IP address, device and browser type, operating system, log data, pages and features used, timestamps, and similar diagnostics, including through cookies and similar technologies (see Section 7).

We process your personal data only where we have a legal basis under the GDPR:

  • To provide the Services (account creation, authentication, running the features you configure, support). Legal basis: performance of a contract.
  • To bill and collect payment. Legal basis: performance of a contract and compliance with legal obligations.
  • To operate, secure, and improve the Services (analytics, debugging, fraud and abuse prevention, rate limiting). Legal basis: our legitimate interests in running a reliable and secure product, balanced against your rights.
  • To communicate with you about your account, service changes, and security. Legal basis: performance of a contract and legitimate interests.
  • To send product or marketing messages. Legal basis: your consent where required, or legitimate interests, and you can opt out at any time.
  • To comply with law and respond to lawful requests. Legal basis: legal obligation.

We do not sell your personal data.

4. AI features

Some features use artificial intelligence, including the BeReach AI agent. When you use them, the inputs you provide and relevant context are processed to generate outputs (for example, suggested messages or lead scoring). To do this, inputs may be transmitted to one or more third-party large language model providers acting as our subprocessors (see Section 6). Those inputs and outputs are processed to provide the feature to you.

We do not use your User Content, your inputs, or AI outputs to train our own foundation models. We instruct our AI subprocessors not to use your data to train their models, to the extent offered under their enterprise or business terms. AI outputs may be inaccurate or incomplete, and you are responsible for reviewing them before use.

5. How we share your data

We share personal data only as needed and with appropriate safeguards:

  • Service providers and subprocessors who host, process payments, send email, provide analytics, supply proxy infrastructure, or provide AI capabilities, all bound by confidentiality and data protection obligations (see Section 6).
  • Professional advisers such as lawyers, accountants, and auditors, where necessary.
  • Authorities when required by law, court order, or to protect our rights, users, or the public, or to enforce our Terms.
  • In a corporate transaction such as a merger, acquisition, reorganization, or sale of assets, in which case personal data may be transferred subject to this Policy.

We do not share your personal data with third parties for their own independent marketing.

6. Subprocessors

We use carefully selected subprocessors to deliver the Services. Current categories include hosting and cloud infrastructure, payment processing (for example, Stripe), email and communication, analytics, proxy and network infrastructure, and AI or large language model providers. A current list of subprocessors is available on our sub-processors page, and we will update it before adding or replacing a subprocessor that processes Prospect data, in line with our Data Processing Agreement.

7. Cookies and similar technologies

We use cookies and similar technologies on the Site to operate it, remember your preferences, secure your session, and measure usage. Our analytics are privacy-focused, and we do not run third-party advertising or remarketing cookies. Non-essential (analytics) cookies are off by default and load only with your consent: you accept or reject them via our cookie banner, and can change your choice anytime via "Cookie settings" in the footer or through your browser. For details — including the specific tools — see our Cookie Policy.

8. International transfers

We are based in the European Union, and we provide the Services globally, so your personal data may be transferred to, stored in, or processed in countries outside the European Economic Area. Where we transfer personal data outside the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with supplementary measures where needed. You may request a copy of the relevant safeguards using the contact details below.

9. Retention

We keep your personal data only as long as necessary for the purposes described in this Policy:

  • Account data: for the duration of your Account and for [X] months after closure.
  • Billing and tax records: for the period required by applicable law (typically [10] years in France for accounting records).
  • Technical and log data: for up to [X] months.
  • Marketing data: until you opt out or after [X] months of inactivity.

When personal data is no longer required, we delete or anonymize it. Prospect data retention is governed by your instructions and the Data Processing Agreement (see Section 10).

10. Prospect data (where we act as your processor)

When you use the Services to process data about Prospects, the following applies:

  • You are the controller and we are your processor. We process Prospect data only on your documented instructions and only to provide the Services, as set out in our Data Processing Agreement.
  • Your responsibilities. You determine the purposes and means of the processing. You alone are responsible for establishing a valid legal basis (for most B2B prospecting in the EU this is typically legitimate interests, subject to a balancing test), for providing the information notice required by Articles 13 and 14 GDPR to data subjects, for honoring data subject rights, for respecting opt-outs and applicable anti-spam and e-privacy rules, and for not processing special category data through the Services.
  • Data minimization. You should collect and process only Prospect data that is relevant and necessary for your outreach.
  • Data subject requests. If a Prospect contacts us directly about data you process through the Services, we will, where lawful, refer them to you as the controller or assist you in responding, as set out in the Data Processing Agreement.
  • Security and confidentiality. We apply the technical and organizational measures described in the Data Processing Agreement to Prospect data.
  • Return or deletion. On termination, we will delete or return Prospect data in accordance with the Data Processing Agreement, subject to any legal retention requirement.

11. Your rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • erase your data in certain circumstances;
  • restrict or object to processing, including processing based on legitimate interests and direct marketing;
  • data portability;
  • withdraw consent at any time where we rely on consent, without affecting prior processing;
  • not be subject to a decision based solely on automated processing producing legal or similarly significant effects.

To exercise these rights, contact us at [PRIVACY EMAIL]. We may need to verify your identity. We will respond within the timeframe required by law (one month under the GDPR, extendable where permitted).

If you are in the EEA, you may lodge a complaint with your local supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL), cnil.fr. If you are in the UK, you may complain to the Information Commissioner's Office (ICO). If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC).

If your personal data is processed by a BeReach customer as part of their outreach (that is, you are a Prospect), that customer is the controller of that data. Please direct your request to them. We will support them as their processor as described in Section 10.

12. US state privacy rights

Residents of certain US states (including California, Colorado, Connecticut, Texas, Virginia, and others) may have rights to confirm, access, correct, delete, and obtain a copy of their personal information, and to opt out of targeted advertising, sale, or certain profiling. We do not sell personal information or use it for cross-context behavioral advertising as defined by these laws. To exercise your rights, contact us at [PRIVACY EMAIL].

13. Security

We implement technical and organizational measures designed to protect personal data against accidental or unlawful loss, access, alteration, or disclosure, including encryption in transit, encryption of sensitive data at rest, access controls, and monitoring. No system is perfectly secure, and you are responsible for keeping your Account credentials and any Third-Party Platform credentials confidential. Notify us promptly if you suspect any unauthorized access.

14. Children

The Services are intended for business and professional use and are not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it.

15. Changes to this Policy

We may update this Policy to reflect changes in the Services or in law. We will post the updated Policy on this page and update the "Last updated" date, and where changes are material we will provide reasonable notice. Your continued use of the Services after the changes take effect constitutes acceptance.

16. Contact and data protection representative

For any privacy question or to exercise your rights, contact:

[LEGAL ENTITY NAME]
C/O Dilytics
Chemin de Louis-Hubert 2
1213 Petit-Lancy
Switzerland
Email: [PRIVACY EMAIL]

Data Protection Officer (if appointed): [DPO NAME / EMAIL]
EU/UK representative (if applicable under Article 27 GDPR): [REPRESENTATIVE DETAILS]