MachReach
Pricing Login Get Started ES
🚧 Beta — MachReach is in testing mode. Subscriptions are not available yet. All features are free during this period.

Privacy Policy

Last updated: April 9, 2026

1. Information We Collect

Account Information: When you register, we collect your name, email address, and password (stored with bcrypt encryption).

Email Account Credentials: When you connect an email account, we store your email address and app password. App passwords are encrypted at rest using AES-256 (Fernet) encryption and are never stored in plaintext.

Email Content: We access your email via IMAP solely to sync your inbox for the Mail Hub feature and to detect replies to your outreach campaigns. We do not read, analyze, or sell your email content for advertising purposes.

Usage Data: We collect information about how you use MachReach, including campaigns created, emails sent, and feature usage, to improve our service.

2. How We Use Your Information

  • To provide and maintain the MachReach service
  • To send outreach emails on your behalf through your connected email accounts
  • To sync and classify your inbox in Mail Hub
  • To track email opens, replies, and campaign performance
  • To process payments and manage your subscription
  • To send you service-related notifications (password resets, security alerts)

3. Data Security

We take security seriously:

  • Passwords are hashed with bcrypt (cost factor 12)
  • Email credentials are encrypted with AES-256 at rest
  • All connections use HTTPS/TLS
  • CSRF protection on all forms and API endpoints
  • Rate limiting on authentication endpoints
  • Security headers (HSTS, X-Frame-Options, etc.)

4. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

  • OpenAI: Email subjects and snippets may be sent to OpenAI's API for AI-powered classification and reply generation. No full email bodies are sent unless you use AI compose features.
  • PayPal: Payment information is processed by PayPal. We do not store credit card numbers.
  • Legal requirements: We may disclose information if required by law or to protect our rights.

5. Data Retention

Your data is retained as long as your account is active. When you delete your account, all associated data (campaigns, contacts, email accounts, synced emails) is permanently deleted within 30 days.

6. Your Rights

You can:

  • Access and export your data at any time
  • Update or correct your personal information in Settings
  • Delete your account and all associated data
  • Disconnect email accounts at any time (credentials are immediately deleted)

7. Cookies

We use session cookies for authentication only. We do not use tracking cookies or third-party analytics. Cookies are set with HttpOnly and SameSite=Lax flags for security.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice.

9. Contact

If you have questions about this Privacy Policy, contact us at support@machreach.com.