Our Commitment to Your Data: Clarity & Control
At Reachivo, trust is our currency. We treat your personal data with the same rigor and respect we apply to our creative work.
This policy outlines exactly how we collect, use, and protect your information when you engage with our agency. We operate out of Paris, France, and adhere strictly to GDPR and EU data protection regulations. No vague legalese, no hidden clauses—just a transparent explanation of our digital relationship.
Effective Date
October 2026
We process data only when necessary to deliver our services or improve your experience on reachivo.world. You hold the right to access, correct, or delete your data at any time.
Information We Gather
A precise breakdown of touchpoints.
Direct Correspondence
Name, email address, phone number, and company details when you fill out our contact form or email us directly. This is strictly used to respond to your inquiry.
Technical Footprints
IP address, browser type, device identifiers, and pages visited. We collect this via standard server logs to analyze site performance and security.
Optional Project Data
If you grant access, we may temporarily hold brand assets or analytics data solely for the purpose of a specific audit or proposal.
Why We Hold Data
And Why We Don't
We use your information for three distinct purposes. First, communication: answering your questions and sending proposals. Second, improvement: analyzing how visitors use our site to refine the experience. Third, legal compliance: meeting tax and business record-keeping requirements in France.
Crucially, we do not sell your data. We do not trade email lists. We do not run aggressive retargeting campaigns using third-party trackers. Your data stays within the Reachivo ecosystem, used only to facilitate our professional engagement with you.
Core Promise
- • Minimal Retention: We delete inquiry data within 24 months of our last contact unless you become a client.
- • Secure Storage: Data is encrypted at rest and in transit using industry-standard protocols.
- • No Spam: You will only receive emails directly relevant to your request or our ongoing work.
The Balancing Act
Operational necessities vs. absolute privacy.
| Operational Need | The Trade-off | Our Mitigation |
|---|---|---|
| Website Analytics | Understanding user flow requires tracking behavior. | → We use a privacy-focused, self-hosted analytics tool (Plausible) that stores no cookies and anonymizes IPs. |
| CRM Management | Centralizing client data improves service speed. | → Our CRM is hosted within the EU (Paris region) with strict access controls; no data is used for AI training. |
| Project Archives | Case studies require showcasing past work. | → We anonymize project specifics or request explicit written consent before publishing any client-related visuals. |
Your Rights Under GDPR
Right to Access
You may request a copy of the personal data we hold about you.
Right to Rectification
You can correct inaccurate data or complete incomplete records.
Right to Erasure
Request deletion of your data when it is no longer necessary.
Right to Restrict Processing
Temporarily suspend processing while disputes are resolved.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or direct marketing.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
Due Diligence for Partners
Questions your internal compliance team should ask us.
1. Where is data physically hosted?
All Reachivo infrastructure (web server, email, CRM) is located in data centers within the European Union, specifically Paris and Frankfurt.
2. Do you share data with third parties?
No, we do not sell or rent data. The only third-party processors we use are strictly for technical delivery (e.g., email hosting, domain registration).
3. What happens on contract termination?
Upon contract end or request, all client-specific data is securely purged from our active systems within 30 days, unless legal retention applies.
4. Is there a Data Processing Agreement?
Yes. We provide a standard DPA for all clients requiring one, aligning with EU Model Clauses.
5. How do you handle breach notifications?
In the unlikely event of a breach, we notify affected users and the CNIL (French Data Protection Authority) within 72 hours of discovery.
6. Do you use AI to process my data?
We do not feed client correspondence or uploaded files into public generative AI models.
Common Misunderstandings
Avoid these mistakes when evaluating agency data policies.
The "Global Server" Assumption
Assuming an agency uses US-based cloud providers (AWS US-East, Google Cloud US). Avoidance: Always ask specifically for the region of origin. We use EU zones exclusively.
Relying on "Standard Clauses"
Signing a DPA that relies on outdated transfer mechanisms without verifying actual hosting. Avoidance: Demand transparency on the physical location of the database.
The "Free Tool" Trap
Using free form builders or survey tools that monetize user data. Avoidance: We audit our tools. If a tool isn't GDPR-compliant and paid, we don't use it for client data.
Vague Retention Periods
Leaving data in a CRM "just in case." Avoidance: We schedule annual data purges to ensure we hold nothing beyond its useful life.
Contact Our Data Officer
For privacy-specific inquiries, data requests, or to file a complaint regarding our handling of your information.
Supervisory Authority
If you believe we have processed your data in violation of GDPR, you have the right to lodge a complaint with a supervisory authority. For Reachivo, being a French entity, the relevant authority is:
CNIL
Commission Nationale de l'Informatique et des Libertés
Working Hours
Mon-Fri: 9:00-18:00 (CET)
We observe standard French bank holidays and closures.