The short version. Top Reacher is an AI cold-email tool. To run it we store your account details, your saved API keys, your subscription, and a record of the emails you send. Your uploaded contact lists and email drafts stay in your own browser, not on our servers. We send the text you generate to the AI provider you choose, and we deliver your emails through your own smtp2go account. We do not sell your data, and Top Reacher shows no ads. The full detail is below.
Top Reacher is an AI cold-email outreach tool operated by an individual sole proprietor ("Top Reacher", "we", "us", "our"). Top Reacher helps you research companies, write personalised emails, and send them from your own Gmail or Outlook address through your own smtp2go account. This Privacy Policy governs your access to and use of the services available at topreacher.com and its subdomains, including the Top Reacher web application and all related tools (collectively, the "Service"). Capitalised terms not defined here have the meaning given in our Terms of Use.
This policy describes our practices for the collection, processing, transfer, storage, sharing, use, and disclosure of your information when you use the Service. It applies to information we collect through the Service and through any communication with us. You can browse our public website without giving us personal information. If you do not agree with this policy, please discontinue your use of the Service.
Top Reacher operates on a "bring your own keys" model: you supply your own AI and email-sending credentials. This means parts of what happens during use are governed by the policies of those third parties as well as by this policy. We point those out where relevant.
Our application database and backend are hosted on Supabase. To be clear about what lives where:
| Data | Where it is stored |
|---|---|
| Contact lists you upload, and email drafts generated for a batch | In your own browser (local storage on your device). They are not stored in our database. |
| Account, profile, sessions, subscription & license records, saved API keys, sender inboxes, sent-email logs, open/bounce events, suppression list, template purchases and premium template content | In our database on Supabase. |
Because contact lists and drafts are kept in your browser, clearing your browser data or switching devices means that locally-stored data will not carry over. When you generate or send an email, the specific fields needed for that action (such as the recipient and the relevant website text) are transmitted to our servers and, for sending, recorded in our logs as described above.
We use the information we collect to: provide, operate, and maintain the Service; authenticate you and keep your account secure; generate and deliver the emails you create; show you your sending history and analytics; process payments and manage your subscription; send you transactional messages such as confirmations and password resets; respond to support requests; detect, prevent, and address abuse, fraud, and security issues; improve and develop the Service; and comply with our legal obligations.
We do not use your data to serve third-party advertising. Top Reacher is ad-free, and we do not sell, rent, or trade your personal information.
To personalise an email, Top Reacher sends the relevant input — your instruction, the template, fields about the contact, and text fetched from the contact's public website — to the AI provider you have selected (OpenAI, Groq, Gemini, or Anthropic), using your API key. That provider processes the input to produce the generated text and handles it under its own terms and privacy policy. We do not use your prompts or generated content to train any model. The website-fetching step retrieves publicly available content from the contact's website so the AI has accurate context.
When open tracking is enabled, emails you send may include a small invisible image (a "tracking pixel") that records whether and when the email was opened, so your stats reflect real opens. You can avoid this by sending in plain-text / Primary-inbox mode, which does not embed the pixel. We also add standard one-click List-Unsubscribe headers to your sends so recipients can opt out easily. Because you are the sender of these emails, you are responsible for meeting any disclosure or consent obligations you owe your own recipients.
If you are in the EU or UK, we process your personal data on these legal bases: to perform our contract with you (operating your account and the Service); our legitimate interests (securing the Service, preventing abuse, and improving the product), balanced against your rights; your consent, where we ask for it; and to comply with legal obligations. You can withdraw consent at any time where processing is based on consent.
We do not sell, trade, or rent your personal information. We share information only with service providers that help us run the Service, and only as needed for them to perform their function:
We may also disclose information if required by law, to enforce our Terms, or to protect the rights, property, or safety of Top Reacher, our users, or the public. If the operator of Top Reacher is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, and we will notify you of any change in control or use of your personal data.
Top Reacher serves users worldwide, and our providers operate in various countries. This means your information may be processed and stored in countries other than the one you live in, where data-protection laws may differ. By using the Service you understand that your information may be transferred to and processed in those locations.
We retain your account information, sending logs, and related records for as long as your account is active or as needed to provide the Service, resolve disputes, prevent abuse, and meet legal, tax, and accounting obligations. You can delete your account at any time from within the app; doing so removes your associated data from our active systems, including your sessions, license records, saved keys, suppression list, send events, and template purchases. Residual copies may persist in routine backups for a limited period before being overwritten. Contact lists and drafts held in your browser are removed when you clear them locally.
We use reasonable technical and organisational measures to protect your information, including access controls and encryption of data at rest provided by our hosting platform. Saved keys are used only server-side to perform the actions you request and are never returned to your browser in full. No method of transmission or storage is completely secure, however, so we cannot guarantee absolute security. Please keep your password and API keys confidential, and tell us promptly if you suspect unauthorised access to your account.
Top Reacher uses session storage and cookies that are necessary to keep you signed in and to remember your preferences. We do not use third-party advertising or cross-site tracking cookies. You can set your browser to refuse cookies, but some features of the Service may not work properly without them.
Depending on where you live (for example under the GDPR in the EU/UK, the CCPA in California, or the DPDP Act in India), you may have the right to access the personal data we hold about you, to correct it, to delete it, to object to or restrict certain processing, and to data portability. You can manage your keys and delete your account directly in the app, and clear locally-stored contacts from your browser. To make any other request, email us at kaustubh@concieit.com and we will respond within a reasonable timeframe. We will not discriminate against you for exercising these rights.
The Service is not directed to anyone under 18, and we do not knowingly collect personal information from minors. If you believe a minor has given us personal information, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page, and material changes take effect when posted. Your continued use of the Service after an update means you accept the revised policy.
If you have questions about this Privacy Policy or our data practices, contact us at kaustubh@concieit.com.