Trust & security

Built in Europe, for European outbound.

Outbound only works long-term if it's done responsibly. NorReach keeps your data in the EU and builds the compliance controls into the engine — so they apply on every send, not just in a policy document.

Request access See pricing

What's built in

EU data residency — your data is hosted in the EU.

GDPR features: consent tracking, do-not-contact lists and one-click data export. A DPA is available.

Consent basis is checked before every outbound action; a suppression list blocks opt-outs and bounces.

EU quiet-hours hold calls, SMS and WhatsApp outside permitted hours.

AI voice calls disclose they are AI at the start of the call, logged for the EU AI Act (Article 50).

LinkedIn runs in your own session at safe daily limits, not via a back-door API.

Built in Stockholm by Youpal Group.

What we claim — and what we don't

EU data residency. Your data is hosted in the EU. A Data Processing Agreement (DPA) is available on request.

GDPR features. Consent tracking, do-not-contact lists and one-click data export are part of the product, and outbound is gated by consent and suppression checks.

EU AI Act. AI voice calls disclose they're AI at the start of the call (Article 50), and calling respects business-hours and verified-number guardrails.

No badges we don't hold. NorReach doesn't currently claim ISO 27001 or SOC 2, and it isn't a HIPAA product — EU healthcare outbound is governed by GDPR and the EU AI Act, not HIPAA. We'll tell you exactly what's in place rather than display a badge we haven't earned.

See NorReach on your own outreach

NorReach is in invitation-only private beta. Tell us your use case and we'll set you up.

Request access See pricing