CoreReach Logo

Privacy Policy

Last Updated: January 24, 2026

Introduction

CoreReach ("we," "us," or "our") has developed this Privacy Policy to describe our practices regarding the collection, use, and disclosure of personal information from visitors to our website at www.corereach.com (the "Website"), authorized users ("Users") of companies that subscribe to our platform (our "Subscribers"), and individuals who interact with our Services.

This Privacy Policy applies to our Website, mobile applications, AI-powered phone answering services, subscriber dashboard, software applications, and any other digital features or services owned or operated by CoreReach that link to this Privacy Policy (collectively, the "Services"). This Privacy Policy does not govern information collected from our Subscribers' customers and other end users when they interact with the Services, such as through calling a Subscriber's designated phone line; these activities are governed by our agreement with that Subscriber and the Subscriber's privacy policy.

This Privacy Policy explains what personal information we collect, how we use and share that information, and your choices concerning our data practices. This Privacy Policy is incorporated into and forms part of our Terms of Service.

Before using the Services or submitting any personal information to us, please review this Privacy Policy carefully and contact us if you have any questions. By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the Website or otherwise use the Services.

1. Subscribers and Callers

This Privacy Policy does not apply to data collected by third parties, including the subscribing businesses and individuals that use our Services to answer or make calls or perform other functions on their behalf (our "Subscribers"). CoreReach provides the Services to our Subscribers, and each Subscriber determines how it will use the data collected from their callers and other customers through the Services. Any processing of data by CoreReach to train or develop AI technologies is governed by contracts with our Subscribers, not this Privacy Policy.

Subscribers that use the Services may choose to collect and process personal information about their callers or other customers. Each Subscriber is responsible for their own personal information collection and for storing or processing that data through the Services. This includes functionality settings, privacy configurations, data management, providing notice and obtaining consent from callers, and responding to callers' privacy inquiries. Callers should contact the Subscriber with any questions about their personal information on the Services.

2. "Personal Information" Defined

As used in this Privacy Policy, "Personal Information" is information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or device, such as:

  • Identifiers (e.g., name, email address, telephone number, mailing address, username, account credentials)
  • Sensitive Personal Information (e.g., biometric information such as voice recordings, precise geolocation data, health information, contents of communications when we are not the intended recipient; in some cases, information about a minor)
  • Legally protected information (e.g., race, citizenship status, marital status, sex, gender)
  • Employment-related information (e.g., current or past job history, professional credentials)
  • Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99)
  • Commercial information (e.g., products or services purchased, obtained, or considered, purchase history or tendencies)
  • Internet or other electronic network activity (e.g., browsing history, search history, interaction with websites or applications)
  • Inferences drawn from Personal Information to create a profile reflecting preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Personal information does not include information that is: (i) publicly available; (ii) aggregated consumer information from which individual identities and other Personal Information has been removed; or (iii) deidentified so that it cannot reasonably be linked back to an individual.

3. Information We Collect

We collect information that, alone or in combination with other information in our possession, could be used to identify you as follows:

Information You Provide

We collect the following categories of personal information when you register for and use the Services, request information about or a demonstration of the Services, subscribe to our communications, or otherwise interact with CoreReach:

Identification Information: We collect your name, email address, phone number, and account credentials (such as a password or other authentication information).

Financial Information: Our payment processor collects the financial information necessary to process your payments, such as your payment card number and billing details. Our payment processor is certified as a PCI Level 1 Service Provider, the highest level of certification available in the payment card industry. We store only a tokenized version of such information and do not maintain complete payment card information on our servers.

Communication Information: We collect information when you contact us with questions, feedback, or concerns and when you voluntarily respond to questionnaires, surveys, or requests for market research. Providing communication information is optional.

Social Media Information: We maintain pages on social media platforms such as LinkedIn, Twitter, and Facebook ("Social Media Pages"). When you interact with our Social Media Pages, we collect personal information that you choose to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics about the use of our Social Media Pages.

Information We Collect Automatically

Internet Activity Information: When you visit, use, and interact with the Services, we may automatically receive certain information about your visit, use, or interactions. For example, we may monitor the number of visitors to the Services, peak hours of visits, which pages are visited, the domains our visitors come from (e.g., google.com, bing.com, etc.), which browsers people use to access the Services (e.g., Chrome, Firefox, Safari, etc.), broad geographical information, and navigation patterns. The following information is created and automatically logged in our systems:

  • Log Data: Information about your device, including IP address, operating system, browser type, device identifiers, and mobile network information
  • Usage Data: Traffic data, location data, search queries, and information about your interactions with the Services
  • Geolocation Data: We may use third-party geolocation services to determine your approximate location based on your IP address to provide localized service recommendations and improve your experience
  • Email Open/Click Information: We use tracking pixels in our email campaigns that allow us to collect your email address and IP address as well as the date and time you open an email or click on links in the email

Cookies and Similar Technologies: We use cookies to operate and administer our Website, gather usage data, and improve your experience. A "cookie" is a piece of information sent to your browser by a website you visit. Cookies can be stored on your device for different periods of time. Some cookies expire after a certain amount of time or upon logging out (session cookies). Other cookies survive after your browser is closed until a defined expiration date set in the cookie (persistent cookies), and help recognize your device when you open your browser and browse the Internet again.

On most web browsers, you will find a "help" section on the toolbar with information on how to receive notifications when you are receiving a new cookie and how to disable cookies. Please refer to guidance on modifying your web browser's settings on popular browsers:

  • Internet Explorer
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari

Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Website and you may not be able to benefit from the full functionality of the Services.

Advertising networks may use cookies to collect personal information. Most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit the Network Advertising Initiative's online resources and follow the opt-out instructions there.

If you access the Website on your mobile device, you may not be able to control tracking technologies through the settings.

Analytics: We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"), and PostHog, a product analytics platform, to help us analyze how users use the Website and Services. These services use cookies and similar technologies to collect information about your interactions with our platform. For more information on how Google uses this data, visit Google's privacy policy.

Online Tracking and Do Not Track Signals: We and our third-party service providers may use cookies, pixels, or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Services. Our Website currently does not respond to "Do Not Track" ("DNT") signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we respond to DNT signals in the future, we will update this Privacy Policy accordingly.

Information Provided By Our Subscribers

If you are a User, the Subscriber granting you access to the Services may provide your personal information to us. This personal information includes, but is not limited to, your name, email address, login credentials, phone number, and any other personal information our Subscribers choose to provide.

When a Subscriber registers to use our Services, we collect information about their business, including business name, email address, phone number, and other identifiers to create and facilitate their account and use of the Services. We also collect any information a Subscriber submits through the Services, such as account profile information, employee identifiers, and any personal information included in communications with us.

Subscribers authorize CoreReach to collect data from the Subscriber's website, online reviews, and other data sources to configure the Services for the Subscriber's use.

A Subscriber may choose to link the Services with the Subscriber's customer relationship management software ("CRM"), calendars, or other business software. If so, CoreReach will access this information to provide enhanced Services as requested by the Subscriber.

Subscribers are solely responsible for ensuring they are authorized to share personal information with CoreReach for any purpose.

We will also collect data related to Services purchased and transaction history associated with the Subscriber's account.

Subscribers may opt out of receiving marketing communications from CoreReach at any time. If a Subscriber chooses to opt out, CoreReach may continue to send the Subscriber product and support messages to keep them updated on the Services they receive.

Subscribers that collect technical information about their callers may share that information with us. We may combine this information with other data to gather feedback about the Services and to run reports on behalf of our Subscribers. We only use information Subscribers provide to us in our capacity as a service provider as permitted by our contracts with Subscribers or as permitted by law. Note that Subscribers may use this information for their own purposes according to their own privacy practices.

CoreReach reserves the right to refuse Subscriber instructions to collect or process personal information about another individual without their consent or in a manner or for a purpose that CoreReach determines violates others' privacy or publicity rights, or otherwise violates our Terms of Service, and such instructions may result in termination of Services at our option. CoreReach is not responsible for the privacy practices of any of our Subscribers or any third party.

Information We Process Through the Services

In order to provide the Services, we process the information and requests received through calls handled by our Services, such as requests for the location or hours of operation of one of our Subscribers. Personal information about our Subscribers' customers and end users that may be made available during communications through the Services is processed pursuant to our agreements with those Subscribers. We have no direct relationship with the individuals whose personal information we process on behalf of our Subscribers. If you are such an individual and would no longer like your information to be used by one of our Subscribers, or if you would like to access, correct, or request deletion of your information, please contact the Subscriber that you interact with directly.

Call Recordings and Transcripts: The Services generate call recordings and transcripts of conversations.

  • Calls handled through the Services are recorded for quality assurance, to improve the Services, and for other internal business purposes. Call recordings are used to generate transcripts of conversations and support our Subscribers' use of the Services.
  • Call recordings and transcripts are necessary for our Services to function. For example, our technology may use a recording of a call to schedule an appointment and send appointment reminders through the Subscriber's CRM or other software.
  • Deidentified data from call recordings and transcripts may be used to understand how callers interact with the Services, train our AI technology, or improve the Services.
  • The Subscriber may configure the Services to notify callers that calls are being recorded. By staying on the line after receiving such notification, callers consent to the call recording. If a caller does not consent to call recording, they may end the call.
  • The Subscriber is solely responsible for providing callers with notice and obtaining their consent for call recordings and transcripts in compliance with applicable law, including laws requiring two-party consent. Please contact the Subscriber with questions or concerns.
  • Call recordings, transcripts, and other data from calls belong to the Subscriber, not CoreReach. Each Subscriber determines how data is used and how long it is retained. Please contact the Subscriber you called if you have questions about call recordings.

Real-Time Access to Calls: INTERACTIONS THROUGH THE SERVICES MAY BE ACCESSIBLE TO COREREACH OR OUR THIRD-PARTY SERVICE PROVIDERS SIMULTANEOUSLY AND IN REAL TIME. By interacting through the Services, callers consent to this access to their interactions by CoreReach and our service providers. If a caller does not consent to such access, they should not use the Services.

Voice Analysis: Our technology collects and analyzes caller voice data to understand and process requests and to detect when different responses or human intervention may be necessary to complete a call.

Manual Review: Audio recordings, transcripts, and other data collected through the Services, including personal information, may be manually reviewed by CoreReach personnel or contractors for quality assurance and service improvement purposes. A portion of this data may be reviewed manually. You may opt out of manual review at any time by contacting us through our contact page.

SMS Features: If a Subscriber uses our SMS functionality, CoreReach may send text messages to callers on behalf of the Subscriber related to the reason for their call as instructed by the Subscriber's configurations. For example, we might send a link to the Subscriber's appointment scheduling system, directions to the Subscriber's business location, or other information the Subscriber chooses to make available to callers via SMS. We only send SMS messages with the caller's consent. Callers who consent to receive an SMS message will not be added to a marketing campaign list.

Automated Decision-Making: Our Services leverage AI technologies that process data in ways that may qualify as automated decision-making or profiling under applicable privacy laws, such as call routing, intent recognition, and appointment scheduling. Each Subscriber is responsible for this type of processing and for providing callers with notice and a method to request human intervention. A caller can request human intervention or discontinue the call at any time.

Google User Data

When you connect your Google account to CoreReach (for example, to enable calendar integration), we access certain data from your Google account. This section describes what Google user data we collect, how we use it, how we store it, and how we share it.

What Google User Data We Collect:

  • Google Calendar List: We access the list of Google Calendars associated with your account to allow you to select which calendar(s) to use for appointment scheduling.
  • Google Calendar Events: We access, create, modify, and delete events on your Google Calendar(s). This includes event titles, dates, times, durations, attendees, and descriptions.

How We Use Google User Data:

CoreReach uses Google user data solely to provide the calendar integration features of our Services. Specifically, we use Google Calendar data to:

  • Allow your AI voice agent to schedule appointments based on caller requests and the appointment types you've configured
  • Allow your AI voice agent to reschedule existing appointments when callers request changes
  • Allow your AI voice agent to cancel/delete appointments when callers request cancellations
  • Check your calendar availability to prevent double-booking
  • Display your schedule within the CoreReach dashboard

CoreReach's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

How We Store Google User Data:

Google user data is stored securely in our cloud infrastructure with encryption at rest and in transit. We retain Google Calendar data only as long as necessary to provide the Services. When you disconnect your Google account or cancel your subscription, we delete your Google user data within 30 days.

How We Share Google User Data:

We do not sell, share, or transfer Google user data to third parties except as follows:

  • Service Providers: We may share Google user data with service providers who assist us in providing the Services (such as cloud hosting providers), subject to confidentiality obligations.
  • Legal Requirements: We may disclose Google user data if required by law or in response to valid legal process.

What We Do NOT Do With Google User Data:

  • We do NOT use Google user data for advertising purposes
  • We do NOT use Google user data for serving ads, including retargeting, personalized, or interest-based advertising
  • We do NOT sell Google user data to third parties
  • We do NOT use Google user data to train AI models or for any purpose other than providing the calendar integration features
  • We do NOT transfer Google user data to any third party for purposes unrelated to providing our Services

4. How We Use Your Information

We may use information about you, including personal information, to:

  1. Provide, administer, maintain, improve, and analyze the Services
  2. Process transactions you initiate
  3. Process your registration with the Services, including verifying that your email address is active and valid
  4. Communicate with you regarding your use of the Services and, in our discretion, changes to our policies
  5. Develop new products, services, or features
  6. Prevent fraud, criminal activity, or misuses of the Services, and ensure the security of our IT systems, architecture, and networks
  7. Comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties
  8. For purposes disclosed at the time you provide your personal information or as otherwise described in this Privacy Policy

We may also use your personal information to contact you about information, products, services, or offerings you request or may be interested in. For instance, if you provide your email address or sign up for our communications, we may use that information to send you updates or promotional offers. You may opt out of receiving promotional emails by following the unsubscribe instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may contact us through our contact page. If you unsubscribe from our marketing lists, you will no longer receive marketing communications, but we will continue to contact you regarding account management, administrative matters, and to respond to your requests.

We may aggregate personal information collected through the Services and use the aggregated information, which does not identify you, to analyze the effectiveness of our Services, to improve and add features to our Services, to train our AI models, and for other similar purposes. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy.

5. How We Share Your Information

We may share your personal information, without further notice to you unless required by applicable law, as described below or otherwise in this Privacy Policy:

Our Subscribers: Because we provide the Services on behalf of our Subscribers, we may share certain personal information with the Subscribers on whose behalf communications are being handled through the Services. Personal information that CoreReach collects as a service provider to our Subscribers belongs to the Subscriber and is made available to our Subscribers to process and use according to their own privacy practices.

Service Providers: We share your personal information with third-party entities that assist with our provision of the Services to our Subscribers and our business operations. These service providers include:

  • Payment processing services
  • AI and speech technology services
  • Telecommunications and communications services
  • Phone number validation services
  • Cloud hosting and storage services
  • Analytics providers
  • Geolocation services
  • Email and marketing services
  • Customer support platforms

To the extent feasible, these service providers are subject to confidentiality obligations and contractual restrictions that limit their use and disclosure of such information. Our key infrastructure service providers maintain industry-recognized security certifications such as SOC 2 and ISO 27001.

Administrative and Legal Reasons: We may also disclose your information, including personal information, in response to a subpoena, court order, or when otherwise required by law; in response to bankruptcy proceedings; to defend our rights; in response to a request from law enforcement; to provide information to a claimed owner of intellectual property who claims that content you have provided to us infringes on their rights; to protect and/or defend any applicable Terms of Service or other policies applicable to the Services; or to protect the personal safety, rights, property, or security of any organization or individual.

Business Transitions: CoreReach may share personal information with our parent companies, subsidiaries, affiliates, and investors primarily for business and operational purposes, so long as any recipient agrees to comply with this Privacy Policy and applicable law. In the event that we undergo a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets, bankruptcy, or other corporate change, including during the course of any due diligence process, your information, including personal information, may be among the assets transferred or otherwise disclosed. We will notify users of any such transfer and any choices you may have regarding your information.

With Your Consent: We may share your personal information with third parties when you provide consent at the time you provide us with information or as otherwise permitted by law.

Aggregated and Deidentified Information: We may share non-personal information, such as aggregate or deidentified user statistics, demographic information, usage information, and related insights with our Subscribers and third parties for our marketing and advertising purposes and to improve the Services.

We may anonymize or deidentify your personal information so that you are not individually identifiable, and provide that information to certain of our Subscribers or service providers to help us improve our Services, such as sending anonymized samples of audio or text to third parties to improve speech-to-text transcription and language understanding. However, we never disclose aggregate usage information to a Subscriber in a manner that would identify you personally as an individual.

6. Children's Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under the age of 16. Each Subscriber is responsible for using the Services in a manner that prevents children from providing their personal information. If a Subscriber permits children to provide personal information through the Services, that Subscriber does so according to its own privacy practices, not ours.

If we discover that a child under 16 has provided us with personal information, we will delete their information from our systems. If you believe we might have any information collected from a child under 16, or if you become aware of any unauthorized submission of information to CoreReach by a minor, please contact us through our contact page.

7. Third-Party Content and Services

Certain content provided through the Services may be hosted and served by third parties, including our Subscribers, and may include links to third-party websites or content over which we have no control and which are governed by the privacy policies and business practices of those third parties. Please also note that our content and features may be included on web pages and websites that are not associated with us and over which we have no control. These third parties may independently collect data. We are not responsible or liable for the privacy practices or business practices of any third party.

CoreReach has no control over third-party websites, applications, devices, or systems, and you should exercise caution when deciding to disclose your personal information to third parties.

8. Data Security

CoreReach has implemented and maintains reasonable security measures designed to protect personal information on our Services from accidental loss and unauthorized access, use, alteration, and disclosure. Our security practices include:

  • All data is securely stored in a cloud environment and encrypted using industry-standard encryption methods both at rest and in transit
  • CoreReach personnel are required to follow security protocols and are trained to handle sensitive data
  • Data and systems are subject to regular backups and audits
  • Our service providers are contractually bound to adhere to comparable security protections
  • CoreReach has policies and protocols in place to respond to security incidents in compliance with our customer agreements and applicable law

Our security measures are appropriate to the volume, scope, and nature of the personal information processed and designed to meet our duty of care.

However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services or email. Please keep this in mind when disclosing any personal information to us via the Internet.

Data Breach Notification: In the event of a data security incident that affects personal information, we will notify affected individuals and regulators as required by applicable law.

Subscribers are responsible for securely storing and processing personal information on the Subscriber's information systems and through their use of our Services. We cannot guarantee the security of information transmitted over the Internet. Any data transmissions are at the risk of the person initiating the transfer.

9. Data Retention

As a service provider to our Subscribers, CoreReach retains personal information about callers and other individuals until the Subscriber deletes it or instructs us to do so. Subscriber account information is retained while the account is active and for a period of time thereafter as needed for business or legal purposes. We delete Subscriber account data 30 days after the Subscriber's subscription is cancelled, unless we have a legitimate business or legal reason to retain it longer.

Personal information on our marketing lists is retained until you opt out or we determine that the information no longer serves our business purposes. For example, if you have never been a Subscriber and you do not interact with the marketing content we send you for an extended period, we may remove your personal information from our marketing lists.

Other types of data are retained and disposed of according to our company policies. CoreReach may retain personal information for longer periods if necessary for legal, regulatory, or compliance purposes.

When we no longer have a business need for your personal information, we will either delete, deidentify, or anonymize it whenever feasible. Where not feasible (such as data in backup archives), we will securely store it and isolate it from further processing until it can be permanently deleted.

Google User Data Retention: Google user data is retained only as long as necessary to provide the calendar integration Services. When you disconnect your Google account or cancel your subscription, we delete your Google user data within 30 days.

How to Request Deletion: You may request deletion of your personal information by contacting us through our contact page. We will respond to deletion requests within 30 days.

10. International Users

CoreReach is a United States company using technical infrastructure located in the United States. We market the Services for Subscribers to use to interact with callers and customers located in the United States and Canada. Individuals outside the United States or Canada should not use the Services. We do not warrant that the Services are appropriate or authorized for use in any other jurisdictions. Each Subscriber is responsible for determining whether its use of the Services complies with applicable laws in their jurisdiction.

If you access the Services from outside the United States, please be aware that your personal information may be transferred to, processed, stored, and used in the United States. When your information is moved from your home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country where you live. For example, if your information is in the United States, it may be accessed by government authorities under United States law. By allowing us to collect personal information about you, you consent to the transfer and processing of your personal information as described in this section.

11. Privacy Rights and Controls

CoreReach provides Subscribers, prospective Subscribers, and Website visitors with options to access and control how we collect and use your personal information. If you have interacted with the Services provided by a Subscriber, please contact the Subscriber directly to learn about your privacy rights and controls.

United States Privacy Rights

For individuals in the United States, consumer privacy is governed by federal privacy laws covering specific industries or data uses and state laws providing consumer privacy rights. Residents of states including California, Colorado, Connecticut, Nevada, Utah, Virginia, and other states that offer privacy protections may be entitled to some or all of the privacy rights listed below:

Right to Know: CoreReach provides the required information for a consumer's right to know in this Privacy Policy. We may provide you with additional notices about other ways we process your personal information through the Services or via email. Each Subscriber is separately responsible for providing its callers and customers with notice and disclosure.

Right to Reasonable Expectations: You can expect CoreReach to collect, use, or disclose your personal information responsibly and not for any purpose other than as stated at the time of collection or described in this Privacy Policy. If we collect or use your personal information based on your consent, we will notify you of any material changes and will request your further consent as required by law. You may withdraw your consent at any time with reasonable notice by contacting us through our contact page. Subscribers must set expectations for their callers and customers separately. Please contact the Subscriber you interacted with to change or withdraw your consent.

Right to Accuracy and Correction: You can correct or update your personal information held by CoreReach by updating your account settings or by contacting us through our contact page. However, we do not guarantee that personal information contained in our Subscribers' data (including information collected through the Services) is accurate. CoreReach must rely on our Subscribers to ensure that the data we process on the Subscriber's behalf is current, complete, and accurate. Please contact the Subscriber you interacted with if you become aware that your personal information processed through our Services is not accurate.

Right to Access: Callers and other individuals should contact the Subscriber they interacted with to request access to their personal information processed through the Services. Others may submit a request to CoreReach via our contact page to receive a copy of their personal information held by us. We will provide copies upon request where required by law, along with details about the types of personal information we process, why we process it, and any third parties we work with to collect personal information on our behalf. Certain laws may limit the scope or frequency of requests we must fulfill.

Right to Deletion: Callers and other individuals should contact the Subscriber they interacted with to request the deletion of their personal information. If CoreReach collected your personal information for our own purposes, upon your request and when required by law, we will delete your personal information from our systems. This right is not absolute, and we may be entitled to retain and process your personal information despite your request for legitimate legal, contractual, or business reasons.

Right to Data Portability: In some cases, we are required to provide your personal information to another organization at your request in a structured, commonly used, machine-readable format.

No Selling or Sharing of Personal Information: CoreReach does not sell any personal information or share personal information with third parties for cross-contextual behavioral advertising purposes. Subscribers may use personal information according to the Subscriber's own privacy practices. Please review the Subscriber's privacy notice to learn more.

Limited Use and Disclosure of Sensitive Personal Information: CoreReach does not use or disclose sensitive personal information for the purpose of inferring characteristics about a consumer. Subscribers may collect sensitive personal information through the Services or other means. Please review the Subscriber's privacy notice to learn more and to understand how to opt out.

Right to Non-Discrimination: If you reside in a jurisdiction that extends a right to non-discrimination related to the exercise of privacy rights, we will not (i) deny you goods or services, (ii) charge you different prices or rates for goods or services, (iii) provide you a different level or quality of goods or services, (iv) retaliate against you as an employee, applicant for employment, or independent contractor; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised your statutory right unless permitted by law.

Right to Disclosure of Certain Information: You may have a right to request information about how we collect and use your personal information, such as (i) the categories of personal information we have collected about you; (ii) the categories of sources for the personal information we have collected about you; (iii) our business purpose for collecting, using, disclosing, or selling that personal information, as applicable; and (iv) the categories of third parties with whom we disclose that personal information. CoreReach does not sell or share your personal information, but if we did, you could request two separate lists stating: (a) sales, identifying the personal information categories that each category of recipient purchased; and (b) sharing for a business purpose, identifying the personal information categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.

Right Regarding Automated Decision-Making and Profiling: Our Services leverage AI technologies that process data in ways that may qualify as automated decision-making or profiling under privacy laws. Each Subscriber is responsible for this type of processing and for providing notice and a method to opt out. An individual can prevent their personal information from being processed in this manner by requesting human intervention through the Services or by discontinuing use.

Right to Restrict Processing: You may have the right to request that we restrict the processing of your personal information if (i) the data is inaccurate, (ii) the processing is unlawful, (iii) we no longer need the personal information, or (iv) you exercise your right to object. Your right to restrict may be limited to personal information that is sensitive in nature, or that is sold or shared for certain purposes. Individuals should contact the Subscriber they interacted with to restrict processing of personal information collected through the Services.

Right to Object: You may have the right to request, under certain circumstances and where we are required to do so by law, that we limit our processing of your personal information as you request.

California Shine the Light Act: If you are a resident of the State of California, California's Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California consumers to request certain disclosures regarding personal information sharing with affiliates and/or third parties for marketing purposes. To make such a request, please contact us through our contact page.

Health Data Rights: CoreReach does not knowingly collect health data for our own purposes. A Subscriber may choose to collect health data through the Services or otherwise process health data using our platform. Some laws entitle consumers to certain details about health data collected about them. Please contact the Subscriber you interacted with for information about health data they may have collected.

Canadian Privacy Rights

For users in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws give Canadians specific rights regarding their personal information. The rights afforded under Canadian privacy laws are described below.

Right to Know Why Personal Information is Collected, Used, and Distributed: This Privacy Policy explains CoreReach's privacy practices for the right to know. We may provide additional notices about other ways we process personal information through the Services or via email. Each Subscriber is separately responsible for providing its callers and customers with notice and disclosure.

Right to Expect Responsible Collection, Use, and Disclosure: CoreReach sets your expectations in this Privacy Policy and collects express or implied consent at various stages of collection or processing. You may withdraw your consent at any time with reasonable notice by contacting us through our contact page. Subscribers must set expectations for their callers and customers separately. Please contact the Subscriber you interacted with to change or withdraw your consent.

Right to Accuracy: CoreReach takes steps to reasonably ensure that the personal information we collect for our own purposes is accurate. However, we do not guarantee that personal information contained in our Subscribers' data (including information collected through the Services) is accurate. CoreReach must rely on our Subscribers to ensure that the data we process on the Subscriber's behalf is current, complete, and accurate. Please contact the Subscriber you interacted with if you become aware that your personal information processed through our Services is not accurate.

Right to Access: Individuals should contact the Subscriber they interacted with to request access to their personal information processed through the Services. Others may submit a request through our contact page to access their personal information collected by CoreReach, information about the ways in which that information is being used, and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfill the request. If limited by law or potential infringement on another's privacy rights, we may not be able to provide access to some or all of the personal information you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal, and outline further steps that are available to you.

How to Exercise Your Privacy Rights

Privacy Requests: If you are a caller or customer of one of our Subscribers, please direct any privacy-related requests or inquiries to the Subscriber you contacted through the Services. Otherwise, to exercise privacy rights as a Subscriber or Website visitor, express concerns, lodge a complaint, or request information, please contact us through our contact page. CoreReach responds to privacy requests as required by applicable law.

Identity Verification: To protect your privacy and security, we may require you to verify your identity before processing certain privacy requests. We may ask you to provide information that matches records we have on file. If we cannot verify your identity, we may not be able to fulfill your request.

Limitations on Requests: We do not charge a fee to process or respond to your privacy requests unless the request is manifestly unfounded, excessive, or repetitive. If we determine that a request warrants a fee, we will notify you of the reasons and provide a cost estimate before fulfilling your request. We reserve the right to refuse requests that are abusive, made in bad faith, or that would require disproportionate effort to fulfill.

Subscriber Accounts: Subscribers can access, correct, update, or delete certain personal information on their account by logging in and saving their changes or adjusting their settings. If you require assistance or want to revoke a consent you previously gave us, please contact us through our contact page.

Emails from CoreReach: CoreReach may send you support emails related to your account or, if you opt in, we will send you marketing emails. You can unsubscribe or change your preferences via the links provided in the emails or by contacting us through our contact page. If you opt out of marketing emails, we will still send support emails related to your account.

Text Messages from CoreReach: If you provide your wireless number, you consent to CoreReach sending you service text messages. However, we will only send you marketing text messages if you opt in. The number of texts you receive will depend on the Services you use and the information you request from us.

Individuals may receive texts from CoreReach on behalf of the Subscriber they contacted. These texts are sent according to the Subscriber's privacy practices. Please contact the Subscriber with questions or concerns.

You can unsubscribe from text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.

Your Device Settings: You can control the data we collect through cookies and related technologies by adjusting your device settings or your cookie preferences on the Website.

Do Not Track: Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser "do-not-track" requests.

12. Changes to This Privacy Policy

CoreReach may update this Privacy Policy from time to time. We will notify you about material changes to this Privacy Policy through the Services or by email, and we will collect your consent to these changes to the extent required by applicable law. Any changes will be effective upon posting. The "Last Updated" date at the top of this Privacy Policy will be updated to reflect the date of the most recent changes. We encourage you to regularly check this Privacy Policy for any updates. Your continued use of the Services following an update to this Privacy Policy will constitute your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions or comments about this Privacy Policy or our information practices, or if you wish to exercise your privacy rights, please contact us through our contact page.