Last updated: April 1, 2026
Account data: When you sign in, we collect your email address for authentication and billing. We use a passwordless magic-code system — no passwords are stored.
Usage data: We track scan counts per account to enforce plan limits. We do not track which specific websites you scan.
Payment data: Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status but never see or store your credit card details.
We use your information to: (a) provide and maintain the Service; (b) enforce plan limits; (c) process payments; (d) send critical service communications (verification codes, billing alerts); (e) respond to support requests. We do not sell your data or use it for advertising.
Your data is stored on Cloudflare's global network (D1 database). Contact data extracted during scans is associated with your session and stored in our database for retrieval. All data is transmitted over HTTPS. Authentication uses secure session cookies with HttpOnly and SameSite protections.
ReachScout extracts publicly available contact information from websites you choose to scan. This data is stored in our database linked to your scan jobs. We do not scrape websites on our own initiative — all scans are user-initiated. You are responsible for ensuring your use of extracted data complies with applicable laws.
We use: (a) Cloudflare for hosting, CDN, database, and compute; (b) Stripe for payment processing; (c) Resend for transactional email delivery (verification codes). We do not use analytics trackers, advertising networks, or social media pixels beyond Cloudflare Web Analytics (privacy-first, no cookies).
We use a single HttpOnly session cookie (cs_session) for authentication. We do not use tracking cookies. Cloudflare may set functional cookies for security and performance.
You have the right to: (a) access your personal data; (b) correct inaccurate data; (c) request deletion of your account and data; (d) export your scan results. To exercise these rights, contact us.
For EU residents (GDPR): Our legal basis for processing is contractual necessity (providing the Service) and legitimate interest (security, fraud prevention). For California residents (CCPA): We do not sell personal information. You may request disclosure of the personal information we hold about you.
The Service is not directed at children under 13. We do not knowingly collect personal information from children.
We may update this Privacy Policy at any time. Material changes will be communicated via email. Continued use after changes constitutes acceptance.
Questions about this policy? Contact us or email [email protected].
Navecta LLC • Tucson, AZ