Privacy Policy

This policy describes the personal information Actually Reliable LLC collects, why we collect it, how it is handled, and the rights you hold over it. We do not sell your data — ever.

Using our Services or creating an Account constitutes your agreement to this Privacy Policy.

Jump to a section:

• What we collect and why
• When we access or disclose your information
• Your rights with respect to your information
• How we secure your data
• What happens when you delete content in your product accounts
• Data retention
• Location of site and data
• When transferring personal data from the EU
• Changes and questions

This policy covers all products built and operated by Actually Reliable LLC: CohesiveMail, OrchestrateMail, GuidedHelpDesk, and ResoluteDNS (collectively, “Actually Reliable LLC”, “Actually Reliable” or the “Services”).

Who this policy covers. This policy governs how we handle information belonging to website visitors, prospective customers, and existing customers and their authorized account users, as they relate to purchasing and managing their relationship with Actually Reliable. Throughout this policy, “you” refers to any of these individuals.

What this policy does not cover. This policy does not apply to data that Actually Reliable receives from customers about their own end users, or that we process on a customer’s behalf, in connection with Services delivered under a separate agreement — including the content of end-user communications (“End User Communications”). Actually Reliable handles End User Communications as a Processor, acting under the instructions of the customer, who serves as the Controller or business under applicable privacy law. Our obligations as a processor with respect to that data are governed exclusively by the applicable services agreement and data protection addendum, not this policy.

If you are an end user of one of our customers and have questions about how your data is handled, please direct those questions to the organization that provided your information to us.

California residents should also review the California Resident Notice at Collection section below, which contains additional disclosures required under California law.

What we collect and why

We collect only what is necessary. Here is what that looks like in practice:

Age eligibility. Our Services are not intended for users under 18 years of age. We do not knowingly collect personal information from anyone below these thresholds. If you believe we may have inadvertently collected data from a minor, please contact us immediately.

Identity and access

When you create an Account, we request basic identifying information — typically your name, email address, and optionally a company name. This lets you personalize your Account and allows us to send you essential product communications. From time to time, we may send optional surveys to better understand how our products are used and where we can improve. With your consent, we may also send newsletters and product updates. Some of our products offer the option to upload a profile photo that appears within the product interface.

We will never sell your personal information, and we will never use your name or company name in any marketing materials without your explicit permission.

Billing information

For paid plans, we collect payment details and a billing address. Your full credit card number goes directly to our payment processor — it never touches our servers. We retain a record of each transaction, including the last 4 digits of the card number, for account history, invoicing, and billing support purposes. Your billing address is stored so we can process charges, calculate applicable taxes, issue invoices, and flag potentially fraudulent transactions. We may use aggregated, anonymized billing data to inform our marketing strategy.

Product interactions

Content you create, upload, send, or receive within your Actually Reliable LLC accounts is stored on our servers so the products can function as intended — for example, so you can send and receive email in CohesiveMail. This content is retained for the life of your Account. Upon Account deletion, content is removed within 60 days.

General geolocation data

We record the full IP address used to register each Account and retain it to help prevent fraudulent or spammy signups. All account access events are also logged by IP address for security and fraud prevention. This login data is kept for as long as the Account remains active.

Website interactions

We collect browsing data for analytics and product development purposes, such as testing conversion flows and evaluating design changes. This includes browser and operating system version, IP address, pages visited, load times, and the referring website. For signed-in users, this data is associated with your IP address and Account until the Account is no longer active. The analytics tools we use are described in the Advertising and Cookies section below.

Anti-bot assessments

We use CAPTCHA services across our applications to defend against brute-force login attempts and automated spam. When you sign in, our CAPTCHA provider evaluates signals such as your IP address, time on the page, and interaction patterns to determine whether activity appears to be automated. The CAPTCHA provider returns a risk score to us; we do not receive or store the underlying signals themselves.

Advertising and Cookies

We use only the cookies our applications strictly require to function — primarily session authentication cookies. We do not deploy tracking or advertising cookies.

Our website analytics are powered by Simple Analytics, a privacy-first service that operates without cookies and does not collect personal data.

Any Google Ads campaigns we run are configured in cookieless mode and do not set tracking cookies on your device.

Voluntary correspondence

When you contact us by email, we retain that correspondence — including your email address — so we have a record of past interactions to reference in future conversations.

If you participate in a customer survey or interview, any written responses you submit are stored. For recorded interviews, we will only record the conversation with your explicit prior consent.

Mobile app permissions

Some of our products have optional desktop and mobile apps. These apps may request access to device features such as contacts, calendars, or the camera, depending on the functionality you choose to use. All such permissions are optional — our apps will work without them, though certain features may not be available if permissions are declined.

When we access or disclose your information

To deliver the Services you’ve requested. We work with third-party subprocessors to operate our infrastructure and deliver our products. Our complete subprocessor list identifies every vendor we use and their purpose.

We may disclose your information to a third-party service if you choose to connect that service to your Actually Reliable Account.

No Actually Reliable employee reads your content except in narrow, specific circumstances with your explicit permission — for example, to diagnose an error that has halted an automated process and cannot be resolved without a limited manual review. These situations are rare. When they do arise, we look for systemic fixes to prevent them from recurring. We may also access data when legally required, as described below.

To exclude you from our advertising. Where permitted by law and where you hold an Account with us, we may share a one-way hash of your email address with advertising platforms for the sole purpose of excluding you from seeing our ads.

To assist with technical support, with your consent. If resolving a support issue requires access to your account content, we will request your explicit permission before doing so.

To investigate and respond to policy violations. Accessing a customer’s Account to investigate potential misuse is a last resort. We take seriously our obligation to protect both customers who report concerns and those being investigated, and we work to balance those interests carefully. Where we determine that our Services are being used in violation of our policies, we will take appropriate action, including notifying relevant authorities where the law requires or circumstances warrant.

Aggregated and de-identified data. We may combine or anonymize information collected through the Services. De-identified or aggregated data that cannot reasonably be linked to any individual may be used for any business purpose, including analytics and marketing.

When required under applicable law. Actually Reliable LLC is a U.S. company with infrastructure based in the United States.

• Law enforcement requests: We will not disclose your data to law enforcement without a valid court order. Requests that arrive without one are refused. Unless legally prohibited, we will notify you when we receive such a request. See our Security Overview for more.
• Data preservation requests: We comply with preservation requests only when compelled by the U.S. Federal Stored Communications Act (18 U.S.C. § 2703(f)) or a properly issued U.S. civil subpoena. Preserved data is not disclosed unless we are required to do so by law or a court order we have chosen not to appeal. If a warrant, order, or subpoena does not arrive before the preservation period expires, we will destroy any preserved copies at that time.
• Tax audits: If we are audited by a tax authority, we will disclose only the minimum billing information necessary — such as billing addresses and applicable tax exemption documentation.

In the event of a business transfer. If Actually Reliable LLC is ever acquired or merges with another company — which we have no plans for — we will give you advance notice before your personal information is transferred to or becomes subject to a different privacy policy.

Your rights with respect to your information

We apply consistent data rights to all customers regardless of where they are located. These rights include:

• Right to Know. You have the right to know what personal information we collect, how we use it, and with whom we share it. This policy describes both the categories of data we collect and the specific purposes for which it is used.
• Right of Access. You may request access to the personal information we hold about you, and information about how it is stored, secured, processed, and shared.
• Right to Correction. You may request that inaccurate personal information be corrected.
• Right to Erasure. Subject to certain legal limitations, you may request that your personal information be deleted from our systems and from those of our service providers. In some cases, fulfilling a deletion request may make it impossible for you to continue using our Services, which may require closing your Account.
• Right to Complain. You may file a complaint with the relevant data protection supervisory authority regarding how we handle your personal information.
• Right to Restrict Processing. You may request that we limit how or why your personal information is used — including opting out of any sale. (To be clear: we have never sold personal data and never will.)
• Right to Object. In certain circumstances, you may object to how we process your personal information.
• Right to Portability. You may request a copy of your personal information in a portable format, or ask that it be transferred to another party. Account data can be exported directly via your account settings.
• Right Against Automated Decision-Making. You have the right to object to decisions that carry legal or similarly significant consequences if those decisions are made solely through automated processes. This right does not apply where such processing is necessary to fulfill a contract with you, is authorized by law, or is based on your explicit consent.
• Right to Non-Discrimination. Exercising your privacy rights will not result in different pricing, reduced service levels, or any other discriminatory treatment. Note that exercising certain rights — such as deletion — may affect your ability to use our Services.

Many of these rights can be exercised directly by logging into your Account and updating your information. Some requests may require identity verification before we can respond, which may include confirming your name and email address. If verification is not possible, we may be unable to fulfill the request.

Where applicable law provides a right of appeal, we will include instructions for exercising that right in any response where we deny a request. You also have the right to lodge a complaint with a supervisory authority. EU and UK residents may contact their local data protection authority.

Response timeframe. We will respond to privacy requests within 30 days, as required by applicable law. We will let you know if a request requires additional time due to its complexity.

How we secure your data

Full details on our security practices — including encryption standards, infrastructure architecture, and monitoring — are available in our Security Overview .

Breach notification. If a security incident affects your personal information, we will notify you within 72 hours of becoming aware of it, as required by applicable data protection law.

What happens when you delete content in your product accounts

Trash. Most of our applications allow you to move content to a trash folder rather than deleting it immediately. By default, trashed content remains in your Account until you choose to delete it permanently or configure automatic deletion.

Auto-delete. You can enable auto-delete in your Account settings at any time. When active, trashed content will be permanently deleted after the number of days you configure (minimum: 1 day). Until auto-delete is turned on, trashed content stays in your Account indefinitely.

Exceptions. We will not delete trashed content automatically unless you have enabled auto-delete, except where we are legally, regulatorily, or operationally required to do so.

Data retention

We retain your data for as long as your Account is active. Unless you have configured auto-delete or applicable law requires earlier removal, we do not automatically purge trashed content.

When an Account is cancelled or deleted, your content becomes immediately inaccessible and is permanently deleted from our systems within 60 days. This applies to both voluntary cancellations and system-initiated Account closures. Billing records may be retained for up to 7 years as required by law. IP address and security logs are kept for the duration of your Account and deleted within 60 days of closure.

Location of site and data

Our Services and infrastructure are primarily hosted in the United States. If you are located in the European Union, United Kingdom, or elsewhere outside the United States, information you provide to us will be transferred to and stored in the U.S. For details on our infrastructure and data center arrangements, see our Security Overview .

When transferring personal data from the EU

The European Data Protection Board has established that personal data transferred out of the EU must receive the same level of protection afforded under EU law. The United Kingdom applies equivalent requirements to outbound transfers of UK resident data. To meet these obligations, Actually Reliable has adopted Standard Contractual Clauses as part of our Data Processing Addendum, available at actuallyreliable.com/legal/dpa .

In limited circumstances, EU personal data may be transferred to the U.S. incidentally — for example, when an EU user subscribes to our newsletter or completes a survey. These are occasional, non-repetitive transfers made under the Article 49(1)(b) derogation of the GDPR and the equivalent provision under UK law.

California resident notice at collection

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020 (“CCPA”) entitles you to certain additional disclosures. This section applies only to California residents. The rights described here are consistent with those we extend to all users. This section does not apply to information we collect from employees or job applicants in those capacities, which is governed by separate policies.

For more detail on each category and the third parties involved, see the What we collect and why and When we access or disclose your information sections above.

Opting out of sale or sharing. You have the right to opt out of the sale or sharing of your personal information for online advertising purposes. We do not currently sell or share personal data as defined by the CCPA, and have not done so during the 12 months preceding the effective date of this policy.

Financial incentives. If we ever offer incentives in exchange for personal information, we will provide appropriate disclosure at that time.

Sensitive personal information. We do not use or disclose sensitive personal information for purposes beyond those for which you cannot opt out under the CCPA.

For a full description of your privacy rights and how to exercise them, see the Your rights with respect to your information section above. For retention practices, see the Data retention section.

Shine the Light Disclosure

California’s “Shine the Light” law permits California residents to request information about how we disclose certain categories of personal information to third parties for their direct marketing purposes. Actually Reliable LLC does not disclose personal information to third parties for their own direct marketing use.

Changes and questions

We may revise this policy from time to time to reflect changes in our practices or applicable law. For significant changes, we will update the date at the top of this page and notify customers by email.

Disputes arising from this Privacy Policy or our data practices are subject to the Dispute Resolution provisions in our Terms of Service .

Questions, concerns, or requests regarding this policy or your personal data can be sent to privacy@actuallyreliable.com .

Survival

Provisions relating to data protection, legal compliance, and liability survive termination of this Privacy Policy.

Thank you for trusting Actually Reliable LLC with your data.