Privacy Policy

Last updated: June 25, 2025

ReactionData, Inc. (“Reaction,” “we,” “us,” or “our”) operates the Reaction platform and related services (collectively, the “Service”), accessible at https://reactiondata.com. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the Service, including when you choose to connect third-party accounts such as Google Gmail and Google Calendar.

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

Who We Are

Company: ReactionData, Inc.

Address: 1415 E 840 N, Orem, UT 84097, United States

Website: https://reactiondata.com

Privacy contact: privacy@reactiondata.com

Information We Collect

Information you provide

When you register for or use the Service, we may collect:

– Name and contact information (such as email address and phone number)

– Account credentials and organization membership details

– CRM data you or your organization enter (contacts, accounts, notes, tasks, and related records)

– Communications you send through the Service

 

Information collected automatically

When you use the Service, we may automatically collect:

– Device and browser information

– IP address and general usage data (pages viewed, actions taken, timestamps)

– Session and authentication cookies necessary to operate the Service

 

Information from Google when you connect Gmail or Calendar

If you choose to connect your Google account through Integrations, we access Google user data only after you complete Google’s OAuth consent flow. Depending on the permissions you grant, we may access:

– Basic profile information (name, email address, and profile identifier) via openid, email, and profile scopes

– Gmail data via gmail.readonly and gmail.compose, including message metadata (such as subject, sender, recipients, and date), message snippets or previews, and message body content when needed to display threads or send replies from the Communication Log

– Google Calendar data via calendar.readonly and calendar.events, including event titles, descriptions, locations, start and end times, and related calendar metadata

We access Google data only for the connected user who authorized the connection. We do not request access to Google data you have not authorized through Google’s consent screen.

How We Use Information

We use information to:

– Provide, operate, maintain, and improve the Service

– Authenticate users and manage accounts and organizations

– Enable CRM, workflow, survey, and related product features you use

– Provide customer support and respond to inquiries

– Protect the security and integrity of the Service

– Comply with legal obligations

 

How we use Google user data

When you connect Google Gmail or Calendar, we use Google user data solely to provide user-facing features in the Service, including:

– Displaying email history between your connected mailbox and CRM contacts in the Communication Log

– Composing and sending email to CRM contacts from your connected Gmail mailbox when you choose to send a message

– Syncing Google Calendar events into your CRM calendar and, when you create or update CRM calendar events, writing those changes to your Google Calendar when calendar write access is enabled

– Maintaining your connection (including refreshing OAuth tokens) so these features continue to work until you disconnect

 

We do not use Google user data to:

– Serve advertisements, including retargeting or interest-based advertising

– Sell, rent, or license Google user data to data brokers or information resellers

– Determine creditworthiness or for lending purposes

– Train generalized machine learning or artificial intelligence models unrelated to your use of the Service

– Build user profiles for unrelated marketing purposes

How We Store Google User Data

OAuth tokens

When you connect Google, we store OAuth access and refresh tokens, granted scope information, and your connected mailbox address in our application database so the integration can operate on your behalf until you disconnect.

 

Gmail content

Gmail messages are primarily retrieved from Google when you view the Communication Log or related features. We may also store certain email metadata in your organization’s CRM communication log records (such as subject lines, dates, sender and recipient information, and message previews) to support CRM workflows. We do not operate a separate public email archive outside your organization’s Reaction account.

 

Calendar content

Google Calendar events synced into Reaction are stored in your organization’s CRM calendar data so they can be displayed and managed within the Service according to your permissions.

 

Security

We use industry-standard safeguards designed to protect data in transit and at rest, including HTTPS for data transmitted over public networks and access controls limiting employee and system access to production data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

How We Share Information

We do not sell your personal information or Google user data.

We may share information only in these circumstances:

– Within your organization: Data you add to Reaction, including synced communication log and calendar data, is visible to other users in your organization according to your organization’s roles and permissions

– Service providers: We use trusted infrastructure and service providers (such as cloud hosting providers) that process data on our behalf under contractual obligations to protect it and use it only to provide services to us

– Legal and safety: When required by law, legal process, or to protect rights, safety, and security

– Business transfers: In connection with a merger, acquisition, or sale of assets, subject to applicable law and, where required, notice to you

We do not transfer Google user data to third parties except as permitted by the Google API Services User Data Policy, including to provide or improve user-facing features you request, for security purposes, to comply with applicable law, or as part of a merger or acquisition after obtaining your consent where required.

Human Access to Google User Data

Our employees and contractors do not read Google user email or calendar content except:

– When you request support and explicitly authorize us to access specific data to resolve your issue

– When necessary for security purposes (such as investigating abuse or a security incident)

– When required to comply with applicable law

– When data is aggregated and anonymized for internal operations in compliance with applicable law

Your Choices and Data Deletion

Disconnect Google in Reaction

You can disconnect Gmail at any time from Integrations → Gmail → Disconnect. Disconnecting removes your stored OAuth tokens and connection record from Reaction.

 

Revoke access in Google

You can revoke Reaction’s access to your Google account at any time through your Google Account permissions page at https://myaccount.google.com/permissions.

 

Delete synced CRM data

Communication log entries and calendar events previously synced or created through the Google integration may remain in your organization’s CRM records until deleted by authorized users in your organization or until your organization deletes the relevant records. To request deletion of your account or personal data, contact privacy@reactiondata.com.

 

Account deletion

If your organization or account is deleted, we delete or de-identify associated data in accordance with our retention practices and applicable agreements, except where retention is required by law.

Google API Services User Data Policy (Limited Use)

Reaction’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Policy URL: https://developers.google.com/terms/api-services-user-data-policy

In particular:

– We limit our use of Google user data to providing or improving user-facing features that are prominent in the Service

– We access only the Google OAuth scopes needed for those features

– We do not use Google user data for prohibited transfers or uses described in Google’s policies

Data Retention

We retain personal information and Google connection data for as long as your account or organization uses the Service and as needed to provide features you enable. When you disconnect Google, we delete stored OAuth tokens promptly. Other CRM records may be retained according to your organization’s settings and applicable law.

Healthcare and HIPAA

Some customers use Reaction in healthcare or other regulated contexts. Where Reaction acts as a business associate to a covered entity, use of protected health information is governed by applicable business associate agreements and regulatory requirements in addition to this Privacy Policy. This Privacy Policy describes our general platform practices; your organization may have separate contractual terms governing regulated data.

Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us at privacy@reactiondata.com.

International Users

Reaction is operated in the United States. If you access the Service from outside the United States, you understand that your information may be processed in the United States and other countries where we or our service providers operate.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes to how we use Google user data, we will update this policy and, where required, provide notice and obtain your consent before using Google user data in a new way.

The “Last updated” date at the top of this page indicates when this Privacy Policy was last revised. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

Contact Us

Questions about this Privacy Policy or our handling of Google user data:

– Email: privacy@reactiondata.com

– Mail: ReactionData, Inc., 1415 E 840 N, Orem, UT 84097, United States