Policy

Introduction

At Reach, we are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy outlines how we collect, use, store, and protect your data when you use our AI-powered financial service, Reach. Our mission is to help you spend better, save faster, and achieve your financial goals in the smoothest way possible.

1. Data Collection

We collect personal and financial information to provide and improve our services. Our data collection practices are designed to be transparent and secure, ensuring you understand how your information is handled.
1.1 Information Collected Through Third-Party Open Banking Platforms

To connect with your bank account and provide our services, we partner with trusted third-party open banking platforms: Plaid and Salt Edge.

Plaid: Plaid is a leading financial technology company that enables applications to connect with users' bank accounts. Plaid connects with over 12,000 banks worldwide and is fully compliant with industry standards. They employ advanced security measures, including encryption and secure data storage, to protect your financial information.
Salt Edge: Salt Edge is a financial API platform focused on enabling open banking and secure data sharing. They connect to over 5,000 banks globally and comply with international data protection regulations. Salt Edge uses robust security protocols to ensure your data is transmitted and stored securely.

User Approval and Consent:

Explicit User Consent Required: Before we access any of your account information, we will obtain your explicit consent. This consent process is handled securely through the interfaces provided by Plaid and Salt Edge.
Consent Process:
- Authorization through Third-Party Platforms: When you choose to link your bank account, you will be directed to a secure connection managed by Plaid or Salt Edge.
- Review of Information Access: You will be presented with details about the specific information that will be accessed, such as account details, regular payments, and transaction history.
- Granting Consent: You must actively agree to grant access by following the prompts, which may include entering your banking credentials in a secure manner.
Information Accessed with Your Consent:
- Account Details: Account numbers, balances, account types, and institution names.
- Regular Payments: Standing orders, direct debits, scheduled payments.
- Full Banking Transaction History: Dates, amounts, transaction types, merchant names, and descriptions.

GDPR Consent for Data Sharing:

By completing the consent process, you give your explicit consent under GDPR and other applicable laws to Plaid, Salt Edge, and other necessary third-party services to share the above information and future updates with Reach. This enables us to provide you with the requested services, such as personalized financial advice and automated transactions.

Read-Only Access and Disclaimer:

We access your bank account data in read-only mode. This means we can view your account information and transaction history but cannot perform any actions or transactions on your account without your explicit authorization.

Disclaimer Regarding Third-Party Open Banking Platforms:

While we take all necessary steps to ensure the secure handling of your data, we are not responsible for any issues arising from data processing by these third-party open banking platforms. Plaid and Salt Edge operate independently, and any concerns or issues related to their processing of your data should be directed to them. We encourage you to review their privacy policies for more information:

Plaid Privacy Policy: Plaid's Privacy Policy
Salt Edge Privacy Policy: Salt Edge's Privacy Policy

1.2 Information Collected Through WhatsApp

Our Minimum Viable Product (MVP) is hosted on WhatsApp, a messaging platform provided by Meta Platforms, Inc. Communication between you and Reach occurs via WhatsApp messages.

Privacy Matters Related to WhatsApp:

Responsibility of Meta: All privacy matters concerning messages shared on WhatsApp are under the responsibility of Meta. WhatsApp provides end-to-end encryption, ensuring that only you and the person you're communicating with can read what's sent, and nobody in between, not even WhatsApp.
Data Collected by WhatsApp: While messages are encrypted, WhatsApp may collect metadata such as your phone number, contact list, usage data, and device information. This data is governed by WhatsApp's own Privacy Policy.
Review WhatsApp's Privacy Policy: For detailed information on how WhatsApp handles your data, please review their privacy policy: WhatsApp Privacy Policy

Our Use of WhatsApp Data:

Communication Purpose: We use WhatsApp solely to communicate with you regarding our services.
Data Security: We do not share your WhatsApp communications with any third parties, except as necessary to provide our services or comply with legal obligations.

2. Purpose and Legal Basis for Data Collection

We collect your data to:

Provide Services: Offer personalized financial advice, recommendations, and automate wire transfers to optimize your financial situation.
Improve Services: Enhance and train our AI model to deliver the best user experience.
Compliance: Comply with legal obligations and regulatory requirements.
Legitimate Interests: For security, fraud prevention, and to protect our rights and interests.

User Consent and Legal Basis:

Explicit Consent: Our legal basis for processing your personal data primarily relies on the explicit consent you provide during the account linking process.
Contractual Necessity: Processing your data is necessary for the performance of the services you request from us.
Compliance with Legal Obligations: We may process your data to comply with applicable laws, regulations, and legal processes.

Compliance with Regulations:

We are fully compliant with all applicable data protection laws and regulations. Our partners, Plaid and Salt Edge, are also compliant with a range of global financial regulations, including:

General Data Protection Regulation (GDPR): Ensures data protection and privacy in the European Union.
Payment Services Directive 2 (PSD2): Regulates payment services and providers throughout the EU and EEA.
Financial Conduct Authority (FCA): Regulates financial firms providing services to consumers in the UK.
Open Banking Standards: Promotes secure and standardized data sharing in the financial industry.
Other Regulatory Compliance: Plaid and Salt Edge comply with various other international standards and regulations to ensure secure and lawful data processing.

3. Data Usage

We use your data to:

Analyze and Understand: Gain insights into your spending habits and financial needs.
Personalize Services: Create tailored financial plans and goals to suit your preferences.
Execute Transactions: Carry out automated wire transfers on your behalf, with your explicit consent.

Data Sharing:

No Third-Party Sales: We do not share, sell, or rent your personal or banking data to any third parties.
Service Providers: We may share data with trusted service providers who assist us in operating our services, under strict confidentiality agreements and in compliance with applicable laws.
Legal Obligations: We may disclose information if required by law or to protect our rights.

4. Data Storage and Security

We take your data security seriously and have implemented measures to protect your information.

4.1 Data Storage on Shuttle

Our servers are hosted on Shuttle, a secure and reliable cloud infrastructure provider.

About Shuttle:

High Security Standards: Shuttle offers state-of-the-art security features, including advanced encryption, secure data centers, and continuous monitoring to protect against unauthorized access and data breaches.
Compliance and Certifications: Shuttle complies with industry-leading security standards and holds certifications such as ISO 27001 and SOC 2, demonstrating their commitment to data security and privacy.
Redundancy and Reliability: Shuttle provides high availability and redundancy, ensuring that your data is safe and accessible when needed.

Why Shuttle is Secure:

Encryption: Data is encrypted both at rest and in transit using strong encryption protocols.
Access Controls: Strict access controls and authentication mechanisms prevent unauthorized access to data.
Regular Audits: Shuttle undergoes regular security audits and assessments to maintain the highest security standards.

4.2 Data Security Measures

Security Measures: We implement robust security measures, including encryption, secure servers, and access controls, to protect your data from unauthorized access, disclosure, alteration, or destruction.
Data Retention: We retain your data only as long as necessary to fulfill the purposes outlined in this policy or as required by law.
International Data Transfers: If your data is transferred outside your country, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms.

5. User Rights

You have the following rights regarding your personal data:

Access and Correction: Update or correct your personal information at any time.
Deletion: Request the deletion of your data.
Data Portability: Receive your data in a structured, commonly used format.
Restriction of Processing: Request to limit the processing of your data.
Right to Object: Object to processing based on legitimate interests.

Impact on Service Experience:

Please note that exercising your rights to restrict processing or object to the processing of your data may significantly compromise your experience with Reach. Our services rely on processing your financial data to provide personalized recommendations and insights. Limiting our ability to process your data may result in reduced functionality or inability to provide certain services, meaning you may get less value from Reach.

How to Exercise Your Rights:

To exercise any of your rights, please contact us at support@letsgetreach.com. We will respond to your request in accordance with applicable laws and regulations.

6. Cookies and Tracking Technologies

As our service is currently hosted exclusively on WhatsApp, we do not use cookies or similar tracking technologies within our service. However, WhatsApp or Meta may use such technologies on their platform. We recommend reviewing WhatsApp's Privacy Policy for information on their use of cookies and tracking technologies.

7. Third-Party Links and Services

Our communications may include links to third-party websites or services. Please be aware that:

No Control Over Third Parties: We are not responsible for the content, security, or privacy practices of these third parties.
Encouragement to Review Policies: We encourage you to review the privacy policies of any third-party sites or services before providing them with your personal information.

8. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it.

9. Policy Updates

We may update this Privacy Policy to reflect changes in our practices or legal requirements.

Notification of Changes:

WhatsApp Communication: As our service is exclusively WhatsApp-hosted for now, we will notify you of significant changes via WhatsApp messages.

Access to Updated Policy:

Website and WhatsApp Profile: The updated Privacy Policy will be available on our website at www.letsgetreach.com/privacy-policy and in the description section of our WhatsApp profile.

Your Rights Regarding Updates:

Right to Object: If you do not agree with the updated Privacy Policy, you have the right to object.
How to Object: You can object by emailing us at support@letsgetreach.com within 30 days of receiving the notification.
Acceptance of Changes: By not objecting within this period, you clearly accept the new policy.

10. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Reach Support Team
Email: support@letsgetreach.com
Address: 186 N 6th St, Brooklyn, NY 11211
Phone: +1 (507) 565-0337

11. Compliance with Laws

We comply with all applicable data protection laws and regulations, including:

General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Gramm-Leach-Bliley Act (GLBA): A U.S. federal law that requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.
Fair Credit Reporting Act (FCRA): Regulates the collection, dissemination, and use of consumer credit information in the United States.
Payment Services Directive 2 (PSD2)
Other Relevant Regulations

Additional U.S. Regulatory Compliance:

As a financial technology company operating in the United States, we are also committed to complying with other relevant federal and state laws, including:

Federal Trade Commission (FTC) Regulations: Enforces laws that protect consumer privacy and security.
State Data Protection Laws: Various U.S. states have their own data protection laws. We strive to comply with all applicable state regulations regarding data privacy and security.

12. Automated Decision-Making

Our AI model may use automated decision-making processes to provide personalized financial recommendations.

Transparency: We ensure that these processes are fair and transparent.
Your Rights: You have the right to request human intervention if you believe that an automated decision has adversely affected you.

Final Notes

Transparency and Trust: We are dedicated to being as transparent as possible about how we handle your data. We believe that transparency builds trust, and we want you to feel confident in using Reach to manage your financial goals.
Legal Review: Please ensure that this revised privacy policy is reviewed by your legal team to confirm compliance with all relevant laws and regulations specific to your business operations.
User-Friendly Language: We've aimed to present this policy in clear and understandable language. If anything is unclear, please don't hesitate to reach out to us for clarification.
Accessibility: This Privacy Policy is easily accessible on our website and within our WhatsApp profile description, ensuring you can review it at any time.

Policy

Introduction

1. Data Collection

We collect personal and financial information to provide and improve our services. Our data collection practices are designed to be transparent and secure, ensuring you understand how your information is handled.1.1 Information Collected Through Third-Party Open Banking Platforms

To connect with your bank account and provide our services, we partner with trusted third-party open banking platforms: Plaid and Salt Edge.

User Approval and Consent:

Explicit User Consent Required: Before we access any of your account information, we will obtain your explicit consent. This consent process is handled securely through the interfaces provided by Plaid and Salt Edge.

Consent Process:

Authorization through Third-Party Platforms: When you choose to link your bank account, you will be directed to a secure connection managed by Plaid or Salt Edge.

Review of Information Access: You will be presented with details about the specific information that will be accessed, such as account details, regular payments, and transaction history.

Granting Consent: You must actively agree to grant access by following the prompts, which may include entering your banking credentials in a secure manner.

Information Accessed with Your Consent:

Account Details: Account numbers, balances, account types, and institution names.

Regular Payments: Standing orders, direct debits, scheduled payments.

Full Banking Transaction History: Dates, amounts, transaction types, merchant names, and descriptions.

GDPR Consent for Data Sharing:

Read-Only Access and Disclaimer:

We access your bank account data in read-only mode. This means we can view your account information and transaction history but cannot perform any actions or transactions on your account without your explicit authorization.

Disclaimer Regarding Third-Party Open Banking Platforms:

Plaid Privacy Policy: Plaid's Privacy Policy

Salt Edge Privacy Policy: Salt Edge's Privacy Policy

1.2 Information Collected Through WhatsApp

Our Minimum Viable Product (MVP) is hosted on WhatsApp, a messaging platform provided by Meta Platforms, Inc. Communication between you and Reach occurs via WhatsApp messages.

Privacy Matters Related to WhatsApp:

Responsibility of Meta: All privacy matters concerning messages shared on WhatsApp are under the responsibility of Meta. WhatsApp provides end-to-end encryption, ensuring that only you and the person you're communicating with can read what's sent, and nobody in between, not even WhatsApp.

Data Collected by WhatsApp: While messages are encrypted, WhatsApp may collect metadata such as your phone number, contact list, usage data, and device information. This data is governed by WhatsApp's own Privacy Policy.

Review WhatsApp's Privacy Policy: For detailed information on how WhatsApp handles your data, please review their privacy policy: WhatsApp Privacy Policy

Our Use of WhatsApp Data:

Communication Purpose: We use WhatsApp solely to communicate with you regarding our services.

Data Security: We do not share your WhatsApp communications with any third parties, except as necessary to provide our services or comply with legal obligations.

2. Purpose and Legal Basis for Data Collection

We collect your data to:

Provide Services: Offer personalized financial advice, recommendations, and automate wire transfers to optimize your financial situation.

Improve Services: Enhance and train our AI model to deliver the best user experience.

Compliance: Comply with legal obligations and regulatory requirements.

Legitimate Interests: For security, fraud prevention, and to protect our rights and interests.

User Consent and Legal Basis:

Explicit Consent: Our legal basis for processing your personal data primarily relies on the explicit consent you provide during the account linking process.

Contractual Necessity: Processing your data is necessary for the performance of the services you request from us.

Compliance with Legal Obligations: We may process your data to comply with applicable laws, regulations, and legal processes.

Compliance with Regulations:

We are fully compliant with all applicable data protection laws and regulations. Our partners, Plaid and Salt Edge, are also compliant with a range of global financial regulations, including:

General Data Protection Regulation (GDPR): Ensures data protection and privacy in the European Union.

Payment Services Directive 2 (PSD2): Regulates payment services and providers throughout the EU and EEA.

Financial Conduct Authority (FCA): Regulates financial firms providing services to consumers in the UK.

Open Banking Standards: Promotes secure and standardized data sharing in the financial industry.

Other Regulatory Compliance: Plaid and Salt Edge comply with various other international standards and regulations to ensure secure and lawful data processing.

3. Data Usage

We use your data to:

Analyze and Understand: Gain insights into your spending habits and financial needs.

Personalize Services: Create tailored financial plans and goals to suit your preferences.

Execute Transactions: Carry out automated wire transfers on your behalf, with your explicit consent.

Data Sharing:

No Third-Party Sales: We do not share, sell, or rent your personal or banking data to any third parties.

Service Providers: We may share data with trusted service providers who assist us in operating our services, under strict confidentiality agreements and in compliance with applicable laws.

Legal Obligations: We may disclose information if required by law or to protect our rights.

4. Data Storage and Security

We take your data security seriously and have implemented measures to protect your information.

4.1 Data Storage on Shuttle

Our servers are hosted on Shuttle, a secure and reliable cloud infrastructure provider.

About Shuttle:

High Security Standards: Shuttle offers state-of-the-art security features, including advanced encryption, secure data centers, and continuous monitoring to protect against unauthorized access and data breaches.

Compliance and Certifications: Shuttle complies with industry-leading security standards and holds certifications such as ISO 27001 and SOC 2, demonstrating their commitment to data security and privacy.

Redundancy and Reliability: Shuttle provides high availability and redundancy, ensuring that your data is safe and accessible when needed.

Why Shuttle is Secure:

Encryption: Data is encrypted both at rest and in transit using strong encryption protocols.

Access Controls: Strict access controls and authentication mechanisms prevent unauthorized access to data.

Regular Audits: Shuttle undergoes regular security audits and assessments to maintain the highest security standards.

4.2 Data Security Measures

Security Measures: We implement robust security measures, including encryption, secure servers, and access controls, to protect your data from unauthorized access, disclosure, alteration, or destruction.

Data Retention: We retain your data only as long as necessary to fulfill the purposes outlined in this policy or as required by law.

International Data Transfers: If your data is transferred outside your country, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms.

5. User Rights

You have the following rights regarding your personal data:

Access and Correction: Update or correct your personal information at any time.

Deletion: Request the deletion of your data.

Data Portability: Receive your data in a structured, commonly used format.

Restriction of Processing: Request to limit the processing of your data.

Right to Object: Object to processing based on legitimate interests.

Impact on Service Experience:

We collect personal and financial information to provide and improve our services. Our data collection practices are designed to be transparent and secure, ensuring you understand how your information is handled.
1.1 Information Collected Through Third-Party Open Banking Platforms

Reach Support Team
Email: support@letsgetreach.com
Address: 186 N 6th St, Brooklyn, NY 11211
Phone: +1 (507) 565-0337