01
1. Who we are
TuniReach is a product of TuniReach. For privacy questions, write to contact@tunireach.com.
This Privacy Policy explains what information TuniReach collects, why we collect it, how we use it, and the choices you have. If you self host the platform on your own infrastructure, the data you process stays in your environment and this policy applies only to the hosted service and our marketing site.
TuniReach is a product of TuniReach. For privacy questions, write to contact@tunireach.com.
Account data: the name, email, role, and workspace you provide at signup, plus the organization and project metadata you create.
Content data: the contacts, segments, campaigns, automations, invoices, projects, site audits, blog drafts and messages you store in your workspace.
Usage data: logs of API calls, feature access, IP address, user agent and timestamp, retained for audit and abuse prevention.
Payment data: when you subscribe to a paid plan, Stripe or Konnect processes the payment. We store the subscription id, plan, and billing contact but never the card number.
Provide and maintain the service, including authentication, permission enforcement, dispatch of messages you send through the platform, and audit of the mutations you perform.
Deliver transactional emails (invoices, alerts, password resets) and, with your consent, product updates.
Detect abuse, enforce rate limits and protect the security of the service and its other customers.
Comply with legal obligations, respond to valid requests from courts and regulators, and defend our rights.
We share data with subprocessors that power parts of the service: Stripe and Konnect for billing, MongoDB Atlas for hosted database storage, Amazon Web Services or your VPS provider for compute, the email and SMS providers you yourself configure, and Anthropic or OpenAI when you opt in to AI Assist.
We never sell your data. We never share it with advertising networks.
We offer EU hosted workspaces and self hosted deployments for customers who need to keep data inside a specific jurisdiction. Where data is transferred across borders, we rely on Standard Contractual Clauses and additional safeguards.
We retain account and content data for the life of your workspace plus 30 days after cancellation, then permanently delete. Log data is retained for 13 months for audit and then aggregated or deleted. You may request immediate deletion at any time.
Under GDPR and similar regimes, you have rights to access, rectify, port, restrict and erase the personal data we hold about you. Exercise any of these rights by writing to contact@tunireach.com.
For individuals whose data you process in the platform (your contacts), you are the data controller and we act as processor on your behalf, governed by our Data Processing Agreement.
Data is encrypted at rest and in transit. Secrets are encrypted with a rotating key. We run least privilege access, pipeline secret scanning, and independent penetration testing annually. Report vulnerabilities to security@tunireach.com.
We will notify you of material changes by email and update the date at the top of this page. Continued use after the effective date constitutes acceptance.