Privacy Policy

Last updated: April 1, 2026

1. Introduction

Welcome to Doreach ("we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services at doreach.co and app.doreach.co.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.

2. Information We Collect

We collect information you provide directly to us, including:

  • Account information — name, email address, password, and profile details when you register.
  • Billing information — payment method details processed securely through our payment provider. We do not store full card numbers.
  • LinkedIn account credentials — OAuth tokens used to connect your LinkedIn account via our integration provider (Unipile). We never store your LinkedIn password.
  • Team and workspace data — campaigns, message templates, prospect lists, CRM records, and other content you create within the platform.
  • Communications — messages you send us via support channels or email.

We also collect certain information automatically when you use our services:

  • Usage data — pages visited, features used, actions taken, and time spent on the platform.
  • Device and log data — IP address, browser type, operating system, and referring URLs.
  • Cookies and similar technologies — session cookies for authentication and preference storage. See Section 8 for details.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and workspace
  • Provide, operate, and improve our services
  • Process payments and manage subscriptions
  • Execute LinkedIn outreach campaigns on your behalf
  • Send transactional emails (account confirmations, billing receipts, alerts)
  • Respond to support requests and communications
  • Monitor platform performance, detect abuse, and ensure security
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data to train AI models without your explicit consent.

4. Data Sharing and Disclosure

We may share your information with:

  • Service providers — trusted third-party vendors who help us operate our platform, including Firebase (Google) for authentication and database, Unipile for LinkedIn integration, and Resend for transactional email. These providers are contractually obligated to protect your data.
  • Team members — information you share within a Doreach team workspace is visible to other members of that team according to their role permissions.
  • Legal requirements — we may disclose your information if required to do so by law or in response to valid legal processes (subpoenas, court orders, etc.).
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. If you close your account, we will delete or anonymise your data within 90 days, except where retention is required for legal, compliance, or fraud-prevention purposes.

Campaign execution logs, audit events, and billing records may be retained for up to 7 years to comply with applicable financial and legal requirements.

6. Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS), encrypted storage, role-based access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password and to enable two-factor authentication where available.

If you believe your account has been compromised, please contact us immediately at security@doreach.co.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate or incomplete data.
  • Deletion — request that we delete your personal data ("right to be forgotten").
  • Portability — request your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Restriction — request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, please contact us at privacy@doreach.co. We will respond within 30 days.

8. Cookies

We use the following types of cookies:

  • Strictly necessary — session authentication cookies required for the platform to function.
  • Preference — cookies that remember your settings (e.g. theme, language).
  • Analytics — anonymous usage data to help us understand how the platform is used and improve it.

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in to the platform.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you by email or via a prominent notice on our platform. Your continued use of our services after the effective date of the revised policy constitutes your acceptance of the changes.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: