Privacy Policy

Summary: SI Reach is committed to protecting your privacy. We collect only the data necessary to operate our expert network platform, we never sell your personal data, and you have full rights over your information at any time.

Who We Are
Data We Collect
How We Use Your Data
Legal Basis for Processing
Who We Share Data With
Cookies & Tracking
Google Ads & AdSense
Data Retention
Your Rights
Security
Children's Privacy
International Transfers
Changes to This Policy
Contact Us

1. Who We Are

SI Reach ("we", "our", "us") is an expert network platform that connects institutional investors, corporates, and consulting firms with verified subject-matter experts for primary research and strategic insights.

Data Controller: SI Reach
Registered Address: [Insert registered address]
Contact: privacy@sireach.com

2. Data We Collect

2.1 Data You Provide Directly

Category	Examples	Collected via
Identity data	Name, job title, company	Contact form, expert application
Contact data	Email address, phone number	Contact form, expert application
Professional data	LinkedIn URL, bio, years of experience, industry	Expert application
Communications data	Messages, research briefs you send us	Contact form, email, chatbot

2.2 Data Collected Automatically

Category	Examples
Technical data	IP address, browser type, device type, operating system
Usage data	Pages visited, time on site, referral URL
Cookie data	Session IDs, preference cookies (see Section 6)

3. How We Use Your Data

Purpose	Data used	Basis
Respond to enquiries and research requests	Identity, contact, communications	Contract / Legitimate interest
Process and review expert applications	Identity, contact, professional	Contract
Match clients with suitable experts	Professional, industry	Contract / Consent
Send transactional emails (confirmations, status updates)	Contact	Contract
Platform security and fraud prevention	Technical, usage	Legitimate interest
Analytics to improve our platform	Usage, technical (aggregated/anonymised)	Legitimate interest
Display contextual advertising (Google AdSense)	Cookie, technical	Consent
Legal compliance	All categories where necessary	Legal obligation

We do not use your data for automated profiling that produces legal effects, nor do we sell personal data to third parties.

4. Legal Basis for Processing

We rely on the following legal bases under the GDPR and applicable privacy laws (including India's Digital Personal Data Protection Act 2023):

Contract: Processing necessary to perform a contract with you or take pre-contractual steps.
Legitimate interests: Our legitimate interest in operating a secure and effective platform, provided your interests do not override ours.
Consent: Where you have given specific, informed consent (e.g., marketing emails, advertising cookies). You may withdraw consent at any time.
Legal obligation: Where we must process data to comply with applicable law.

We share personal data only with:

Service providers who operate on our behalf (e.g., email delivery, cloud hosting on Hostinger). All processors are bound by data processing agreements.
Matched experts/clients — limited professional identity data (name, title, industry) shared as part of expert matching, only with your prior knowledge and consent.
Compliance & legal: Where required by law, court order, or regulatory authority.
Business transfers: In the event of a merger or acquisition, data may transfer to the successor entity subject to equivalent privacy protections.

We do not sell, rent, or trade your personal data to third parties for marketing.

6. Cookies & Tracking

We use the following categories of cookies:

Type	Purpose	Duration
Strictly necessary	Session management, admin login, security	Session
Functional	Remember your preferences (e.g., chat state)	30 days
Analytics	Understand site usage (Google Analytics, if enabled)	Up to 2 years
Advertising	Google AdSense — personalised or contextual ads	Up to 13 months

You can manage cookie preferences via our cookie consent banner when you first visit the site, or at any time via your browser settings. Blocking advertising cookies will not affect access to our content.

7. Google Ads & AdSense

SI Reach displays advertisements served by Google AdSense. Google, as a third-party vendor, uses cookies (including the DoubleClick cookie) to serve ads based on your prior visits to our site and other sites on the internet.

You may opt out of personalised advertising by visiting Google Ad Settings or by visiting aboutads.info.

Google's use of advertising cookies is governed by the Google Privacy Policy. We have implemented Google's EU User Consent requirements and display a cookie consent notice for EEA users accordingly.

8. Data Retention

Data type	Retention period
Contact form enquiries	3 years from submission, or until you request deletion
Expert application data (pending/rejected)	18 months, then anonymised or deleted
Expert application data (approved active)	Duration of engagement + 2 years
Transactional emails	3 years
Analytics data	Up to 26 months (Google Analytics default)
Admin session logs	90 days

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you.
Rectification — Ask us to correct inaccurate or incomplete data.
Erasure ("right to be forgotten") — Request deletion of your data where we no longer have a lawful basis to hold it.
Restriction — Ask us to restrict processing while a dispute is resolved.
Portability — Receive your data in a structured, machine-readable format.
Objection — Object to processing based on legitimate interests, including direct marketing.
Withdraw consent — At any time, where processing is based on consent.

To exercise any right, email privacy@sireach.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g., ICO in the UK, the Data Protection Board of India).

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

HTTPS/TLS encryption for all data in transit
SQLite database stored in a web-inaccessible directory with .htaccess protection
Password-protected admin panel with session-based authentication
Regular security reviews and access controls

No method of transmission over the internet is 100% secure. In the event of a data breach that poses a high risk to your rights, we will notify you within 72 hours as required by applicable law.

11. Children's Privacy

SI Reach is a professional B2B platform. Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact privacy@sireach.com and we will delete it promptly.

12. International Transfers

Your data may be processed in countries outside your own (including India, the US, and EU/EEA member states) by our service providers. Where data is transferred outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or adequacy decisions.

13. Changes to This Policy

We may update this Privacy Policy periodically. The "Last updated" date at the top will reflect the most recent revision. For material changes, we will notify registered users by email and/or a prominent site notice at least 14 days before changes take effect.

14. Contact Us

For privacy-related queries, data subject requests, or concerns:

Email: privacy@sireach.com
Post: Data Privacy Officer, SI Reach, [Insert registered address]

We aim to respond to all requests within 30 days.

Contents