Privacy Policy

Last updated: February 2026

Introduction

Reach Private Limited ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use the REACH Data Resilience Assessment platform and related services.

By using our services, you agree to the collection and use of information as described in this policy. If you do not agree with any part of this policy, please do not use our services.

Information We Collect

We collect the following types of information to provide and improve our services:

  • Account information — your name, email address, and organization name, provided when you create an account.
  • Assessment responses — answers you provide when completing the Data Resilience Assessment, used to generate your assessment report and recommendations.
  • Payment information — billing details processed securely by Stripe. We do not store your full credit card number on our servers.
  • Usage analytics — information about how you interact with the platform, including pages visited and features used, to help us improve the service.

How We Use Your Information

We use the information we collect for the following purposes:

  • Delivering the assessment service, generating reports, and providing personalized recommendations.
  • Managing your account, processing subscriptions, and communicating service updates.
  • Improving the platform, refining assessment methodology, and developing new features.
  • Responding to your inquiries and providing customer support.

Data Storage and Security

Your data is hosted on Supabase infrastructure with industry-standard security measures, including encryption in transit and at rest. We implement appropriate technical and organizational safeguards to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Third-Party Services

We use the following third-party services to operate our platform:

  • Stripe — for secure payment processing and subscription management. Stripe's privacy policy governs how they handle your payment data.
  • Supabase — for backend infrastructure, database hosting, and authentication services.

Cookies

We use essential cookies for session management and authentication — these are required for the platform to function. We may also use optional analytics cookies to understand usage patterns and improve the service. For more details, see our Cookie Policy.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of any inaccurate or incomplete data.
  • Request deletion of your personal data from our systems.
  • Withdraw consent for optional data processing at any time.

To exercise any of these rights, please contact us at resilience@reachtech.biz.

Data Retention

We retain your account data and assessment responses for as long as your subscription is active. If you cancel your subscription or request account deletion, we will delete your personal data within a reasonable timeframe, unless we are required by law to retain it.

PDPA Compliance

As a Singapore-based company, we comply with the Singapore Personal Data Protection Act (PDPA). We collect, use, and disclose personal data only for purposes that a reasonable person would consider appropriate, and we obtain consent where required. If you believe we have handled your data inappropriately, you may contact the Personal Data Protection Commission (PDPC) of Singapore.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at resilience@reachtech.biz.