1. Scope and accountability
This Privacy Policy explains how PixelCode Studio Inc., an Ontario corporation, operating ReachFlow, collects, uses, discloses, and protects personal information when you visit reachflow.ca, create or administer a ReachFlow account, communicate with us, or otherwise interact with our service.
ReachFlow’s designated privacy contact is the Privacy Officer, reachable at support@pixelcode.ca.
2. Our roles
For account, billing, website, support, security, and business-administration information, ReachFlow generally acts as the organization responsible for deciding why and how information is processed.
For subscriber, audience, campaign, and related information uploaded or collected by a Customer, the Customer determines the purposes and means of processing and ReachFlow generally processes that information on the Customer’s behalf. Requests concerning a Customer’s mailing list should normally be directed to that Customer.
3. Information we collect
Information you provide
- name, email address, organization, role, billing and account details;
- support requests, feedback, compliance responses, and communications;
- subscriber lists, custom fields, segments, templates, campaign content, sender identities, and automation settings;
- consent records, unsubscribe status, suppression records, and imported data.
Information collected automatically
- IP address, browser, device, operating system, session, authentication, and security data;
- pages viewed, feature usage, timestamps, error logs, and diagnostic information;
- email delivery events such as sends, deliveries, bounces, complaints, opens, clicks, and unsubscribes where enabled.
Information from others
We may receive information from payment providers, infrastructure providers, identity services, integration partners, abuse-reporting systems, and publicly available business sources.
4. Purposes of processing
We use personal information to:
- provide, administer, secure, troubleshoot, and improve ReachFlow;
- authenticate users and prevent fraud, spam, abuse, and unauthorized access;
- process subscriptions, usage, invoices, and payments;
- deliver campaigns and automation at Customer direction;
- process bounces, complaints, unsubscribes, and suppression events;
- provide support and communicate operational, legal, security, and account notices;
- enforce our agreements and comply with legal obligations;
- create aggregated or de-identified analytics that do not reasonably identify individuals.
5. Consent and lawful grounds
We process information with consent where required, to perform our contract, to comply with legal obligations, and for legitimate business purposes such as security, fraud prevention, service improvement, and customer support, subject to applicable law.
Customers are responsible for obtaining any consent or other lawful authority required for subscriber data and marketing communications.
6. How we disclose information
We may disclose information:
- to service providers supporting hosting, email delivery, security, billing, monitoring, authentication, customer support, and professional advice;
- to Customer-authorized users and integrations;
- to regulators, courts, law enforcement, or other parties where required or permitted by law;
- to investigate abuse, protect rights and safety, or enforce our policies;
- in connection with a financing, merger, acquisition, restructuring, or sale, subject to appropriate confidentiality measures.
We do not sell subscriber lists. We do not permit service providers to use Customer Data for their own unrelated marketing.
7. Service providers and international processing
ReachFlow uses infrastructure and service providers that may process information in Canada, the United States, and other jurisdictions. These providers may include Amazon Web Services for email delivery and related cloud services, Vultr for hosting infrastructure, domain and DNS providers, payment providers, and other vendors needed to operate the service.
Information processed outside your province or country may be subject to the laws and lawful-access requirements of that jurisdiction. We use contractual, technical, and organizational measures intended to provide an appropriate level of protection.
8. Cookies and similar technologies
We use cookies and similar technologies for authentication, session continuity, security, preferences, and service operation. We may use analytics technologies where enabled and legally permitted. Details are available in the Cookie Policy.
9. Retention
We retain information only as long as reasonably necessary for the purposes described in this Policy, including account administration, service delivery, backups, legal compliance, dispute resolution, security, fraud prevention, and suppression obligations.
Retention periods vary by data type, account status, contractual requirement, and legal obligation. Backups may remain for a limited period after deletion. Certain suppression, audit, abuse, or transaction records may be retained longer where necessary to prevent repeat messaging, demonstrate compliance, or protect the service.
10. Security
We use reasonable administrative, technical, and organizational safeguards appropriate to the sensitivity of the information, including access controls, authentication, logging, encryption where appropriate, backups, software maintenance, and restricted administrative access.
No method of transmission or storage is completely secure. Customers must also protect credentials, configure permissions appropriately, and avoid uploading information that is unnecessary for their use of the service.
11. Privacy incidents
We investigate suspected privacy and security incidents and will provide notices to affected organizations, individuals, or regulators where required by applicable law. Customers must promptly notify us of suspected compromise involving their ReachFlow account.
12. Your choices and rights
Depending on where you live, you may have rights to request access to, correction of, deletion of, or information about personal information; withdraw consent where processing is based on consent; object to or restrict certain processing; or complain to a privacy regulator.
Send requests to support@pixelcode.ca. We may verify identity, ask for clarification, and retain information where required or permitted by law. Where data is controlled by a ReachFlow Customer, we may direct your request to that Customer.
13. Marketing communications
You may unsubscribe from ReachFlow marketing communications using the unsubscribe link in the message or by contacting us. You may continue to receive necessary transactional, security, billing, or account-administration communications.
14. Children
ReachFlow is intended for business users and is not directed to children. We do not knowingly collect personal information directly from children without appropriate authorization. Contact us if you believe a child’s information has been provided improperly.
15. Changes
We may update this Policy to reflect legal, technical, or business changes. We will post the revised effective date and provide additional notice where required.
16. Contact and complaints
Contact the ReachFlow Privacy Officer at support@pixelcode.ca. You may also have the right to contact the Office of the Privacy Commissioner of Canada or another applicable privacy authority.