Privacy Policy

Last updated: February 2026

What Reach Does

Reach is a personal research agent that searches your connected services (Slack, Google Drive, Confluence, Jira) on your behalf. It stores the minimum data needed to function.

Data We Store

• Authentication cookies — When you export cookies via the browser extension, they are encrypted and stored in AWS Secrets Manager. Each user's cookies are isolated in a separate namespace.
• Conversation history — Your chat messages and agent responses are stored to provide conversation continuity.
• Artifacts — Documents you create are stored in encrypted S3 buckets under your user namespace.
• Subscription data — Your billing status, Stripe customer ID, and message usage counts are stored in an encrypted DynamoDB table.

Encryption

All data is encrypted at rest using AWS KMS customer-managed keys. Data in transit is encrypted via TLS. Your credentials are never stored in plain text.

Data Isolation

Every user's data is strictly namespaced by their unique Cognito user ID. There is no cross-user data access. IAM policies enforce per-user scoping at the infrastructure level.

Third-Party Services

• AWS — Infrastructure hosting, encryption, and authentication
• Google (Cognito) — Sign-in via Google OAuth
• Stripe — Payment processing (we do not store your card details)
• Anthropic/AWS Bedrock — AI model for chat responses

Data Deletion

You can request deletion of all your data by contacting us. Upon cancellation of your subscription, your data is retained for 30 days before automatic deletion.

Contact

For privacy questions, email privacy@reach.example.com.

Back to Reach