R.Reconnaissance
Log in Start free
Legal

Privacy Policy

Last updated: April 16, 2026

Template document

Boilerplate placeholder. Review with qualified legal counsel — especially for GDPR / CCPA compliance — before publishing.

What we collect

Reconnaissance AI collects the minimum personal data needed to provide the Service:

  • Account data — name, email, Google OAuth subject, profile picture
  • Workspace data — contacts, research, outreach, replies, pipeline stages you or your team create
  • Integration data — tokens for connected CRMs and email providers (stored server-side, encrypted at rest)
  • Usage telemetry — page views, feature clicks, error reports (aggregated; PII scrubbed)

We do not collect: bank details, government IDs, social security numbers, or health data.

How we use it

  • To provide the Service (generating outreach, tracking signals, syncing with your CRM)
  • To improve the Service (aggregate product analytics, error monitoring)
  • To communicate with you (billing, product updates, support — never marketing from third parties)
  • To comply with legal obligations

We do not sell your personal data. We do not train generic AI models on your content.

Third-party processors

Providers we use to deliver the Service:

  • Supabase (PostgreSQL + Auth) — primary data store
  • Netlify — hosting, serverless functions
  • Anthropic / OpenAI / Google — LLM providers for AI generation (pass-through; they do not train on your content under their B2B terms)
  • Stripe — billing; your card data never touches our servers
  • Sentry — error monitoring with PII scrubbing
  • Google / LinkedIn OAuth — authentication and warm-intro detection

A full list with roles and data residency is available in our DPA.

Your rights

Under GDPR and similar regulations, you have the right to:

  • Access — request a copy of your data
  • Rectify — correct inaccurate data
  • Erase — delete your account and associated data
  • Portability — export your data in a machine-readable format
  • Object — opt out of processing for specific purposes

Exercise any of these by emailing privacy@reconnaissance.ai. We respond within 30 days.

Data residency

By default, workspace data is stored in the United States (Supabase US region). Enterprise customers may opt into EU data residency (Supabase EU region) as part of their contract.

Retention

Active workspace data is retained while your account is active. On account deletion, personal data is deleted within 30 days, except where we're required to retain it by law (e.g., billing records under tax law).

Security

Details in our Security page. Short version: encryption at rest and in transit, row-level security on every Postgres table, PII scrubbing in error reports, least-privilege access for our team.

Cookies

The marketing site uses strictly necessary cookies only (session, auth). We do not use tracking pixels or third-party advertising cookies.

Children

Reconnaissance is a B2B tool. We do not knowingly collect data from anyone under 16.

Changes

Material changes to this policy are communicated by email at least 30 days in advance.

Contact

Privacy questions: privacy@reconnaissance.ai. Data Protection Officer: available to Enterprise customers on request.