Skip to main content
MisarReach

Legal

Privacy Policy

Last updated: 10 June 2026

This Privacy Policy explains how Misar AI Technology Pvt Ltd ("Misar AI", "we", "us") handles personal data in connection with MisarReach (the "Service") at reach.misar.io. We process personal data in line with India's Digital Personal Data Protection Act, 2023 ("DPDP") and, where applicable, the EU/UK General Data Protection Regulation ("GDPR").

1. Who we are

Misar AI Technology Pvt Ltd is the data fiduciary/controller for account and billing data. For the lead and contact data you import or generate through the Service, you are the fiduciary/controller and we act as your data processor, handling that data only on your instructions and under our agreement with you.

2. Information we collect

  • Account data — name, work email, and organization, received via Misar ID single sign-on (id.misar.io) when you sign up or sign in.
  • Usage data — log data, device/browser information, and product analytics events used to operate, secure, and improve the Service.
  • Lead & contact data — business contact details you upload, or that the Service discovers and enriches from third-party sources (e.g. Hunter, Apollo, Snov, PDL, GitHub, Maps, LinkedIn), and the outreach and reply history associated with them.
  • Billing data — wallet balance, credit usage, and subscription status. Card payments are handled by our payment processor; we do not store full card numbers.
  • Cookies — strictly necessary cookies for authentication and session management, and limited analytics. See "Cookies" below.

3. How we use personal data

  • To provide, maintain, and secure the Service and your account.
  • To find, enrich, score, and verify leads and to send outreach on your behalf.
  • To process payments, manage the shared wallet, and prevent abuse and fraud.
  • To provide support and to send service and security notices.
  • To comply with legal obligations and enforce our Terms.

4. Legal bases

We rely on the DPDP grounds of consent and legitimate uses, and the GDPR bases of contract performance, legitimate interests (operating and securing the Service, B2B outreach), legal obligation, and consent where required. Where you process lead data through the Service, you are responsible for establishing a lawful basis for contacting those individuals.

5. Lead data and enrichment

The Service surfaces and enriches business contact information from third-party sources and public data. You are responsible for ensuring your use of that data — including outreach — complies with applicable law (DPDP, GDPR, and anti-spam rules such as CAN-SPAM and similar regimes). We honour your workspace's suppression and consent lists and provide tools to delete contacts and respond to data-subject requests.

6. Sharing and sub-processors

We share personal data only as needed to run the Service:

  • MisarMail (Misar suite) — email delivery for outreach steps and the shared wallet.
  • Lead-source & enrichment providers — to discover and verify contact data you request.
  • AI provider (Assisters) — for lead scoring and copy generation, via API.
  • Payment processor — to handle top-ups and subscriptions.
  • Channel providers you connect (e.g. your own Twilio for SMS/WhatsApp, LinkedIn) — under your own accounts and terms.

We do not sell personal data.

7. Data retention

We retain account and billing data for as long as your account is active and as required for legal, tax, and audit purposes. Lead and contact data is retained according to your workspace configuration; you can delete it at any time, and we delete or anonymize it within a reasonable period after account closure unless retention is legally required.

8. Where data is processed

The Service is hosted in India. Where data is transferred internationally (for example to a channel or enrichment provider you use), we rely on appropriate safeguards consistent with DPDP and GDPR.

9. Your rights

Subject to applicable law, you may request access to, correction of, or erasure of your personal data, withdraw consent, and raise a grievance. To exercise rights over lead data you process, contact the relevant workspace owner (the fiduciary/controller). For account data, contact us using the details below. We respond within the timelines required by law.

10. Security

We use encryption in transit, access controls, and least-privilege practices to protect personal data. No system is perfectly secure, but we work to protect your data and will notify you and the authorities of breaches as required by law.

11. Cookies

We use strictly necessary cookies for authentication and session management and limited, privacy-respecting analytics to improve the Service. You can control non-essential cookies through your browser settings.

12. Children

The Service is intended for business use and is not directed to children.

13. Changes

We may update this policy and will revise the "Last updated" date above. Material changes will be communicated through the Service.

14. Contact and grievance officer

For privacy questions or to exercise your rights, contact our Grievance Officer at [email protected]. General privacy queries: [email protected].

Privacy Policy — MisarReach · MisarReach