Legal · Privacy
Privacy Policy
Last updated: 15 July 2026
This Privacy Policy explains how ReachRush Pte. Ltd. (UEN 202964283N), a company incorporated in Singapore with its registered office at 2 Kallang Avenue, #09-12 CT Hub, Singapore 339407 ("ReachRush", "we", "us" or "our"), collects, uses, discloses, stores and protects personal data when you visit reachrush.life, communicate with us, engage our customer acquisition and growth marketing services, or otherwise interact with us.
We are committed to handling personal data responsibly and in accordance with the Personal Data Protection Act 2012 of Singapore ("PDPA 2012"), its subsidiary legislation, and applicable guidelines issued by the Personal Data Protection Commission ("PDPC"). This policy should be read together with our Cookie Policy and Terms of Service.
By using our website, submitting a form, or engaging our services, you acknowledge that you have read this Privacy Policy. Where consent is required under the PDPA 2012, we will seek your consent in a clear and accessible manner before collecting, using or disclosing your personal data for the relevant purpose, unless an exception under the PDPA 2012 applies.
1. Data controller and contact
For the purposes of the PDPA 2012, ReachRush Pte. Ltd. is the organisation responsible for the personal data described in this policy.
If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to report a concern relating to personal data, please contact our privacy team:
- Email: [email protected]
- Postal address: ReachRush Pte. Ltd., 2 Kallang Avenue, #09-12 CT Hub, Singapore 339407
- Telephone: +65 6708 5264 (Mon–Fri, 09:00–18:00 SGT)
We aim to acknowledge privacy enquiries within five business days and to resolve access and correction requests within the timeframes prescribed by the PDPA 2012, typically within thirty days unless an extension is permitted and communicated to you.
2. Scope of this policy
This policy applies to personal data we process in connection with:
- visitors to our website and users of our online contact and enquiry forms;
- prospective clients, clients and their authorised representatives;
- suppliers, contractors and professional advisers who interact with us in a business capacity;
- individuals who subscribe to marketing communications where permitted;
- attendees at workshops, briefings or events hosted or sponsored by ReachRush; and
- any other individual whose personal data we receive in the ordinary course of operating a Singapore-based digital marketing and customer acquisition studio.
This policy does not apply to third-party websites, advertising platforms, analytics providers or social networks that may be linked from our site or used in campaign delivery. Those services are governed by their own privacy policies. When we manage campaigns on your behalf, we may process personal data as a data intermediary or service provider according to your instructions and our client agreement.
3. Categories of personal data we collect
The personal data we collect depends on how you interact with us. Categories may include:
3.1 Identity and contact data
Name, job title, company name, business email address, telephone number, postal address and other identifiers you provide when enquiring about our services, signing a proposal, attending a meeting or corresponding with us.
3.2 Business and marketing profile data
Information about your organisation, industry, marketing objectives, budget range, channel interests, acquisition goals, target audiences, product or service categories, and other details relevant to scoping customer acquisition, paid media, lifecycle or experiment engagements.
3.3 Communication and correspondence data
Messages, briefs, attachments, call notes, meeting summaries, feedback, support requests and records of enquiries submitted through email, telephone, video conference or our website forms.
3.4 Technical and usage data
Internet protocol (IP) address, browser type and version, device type, operating system, referring URLs, pages viewed, session duration, click paths, approximate location derived from IP address, and similar diagnostic information collected through cookies, pixels and analytics tools where you have provided consent or where collection is necessary for our legitimate operations.
3.5 Consent and preference records
Records of marketing consents, cookie choices, Do Not Call preferences, communication opt-ins or opt-outs, and timestamps associated with those choices.
3.6 Contract, billing and compliance data
Where you become a client, we may process billing contact details, purchase order references, invoicing information, tax identifiers where applicable, engagement records and documentation required for regulatory, accounting or dispute-resolution purposes. We do not intentionally collect national identification numbers through our public website forms.
4. How we collect personal data
We collect personal data through several channels, including:
- Directly from you when you complete our contact form, email us, call our office, meet with our team, sign an agreement, respond to a survey or otherwise provide information voluntarily;
- Automatically when you browse our website, subject to your cookie preferences and applicable law;
- From your organisation when a colleague introduces you, includes you in a client team, or provides your details to facilitate campaign delivery;
- From publicly available sources such as corporate websites, professional networking profiles or business directories, where appropriate for business development and always in compliance with the PDPA 2012; and
- From service providers that support hosting, analytics, email delivery, scheduling or customer relationship management, strictly in accordance with contractual safeguards.
Where personal data is provided to us by a third party, we expect that party to have obtained the necessary consent or authority to disclose the data to ReachRush for the purposes described in this policy.
5. Form submissions on reachrush.life
When you submit our website contact form, we collect the fields you complete, which typically include your name, email address, company name, budget range, service interest (such as acquisition, channel experiments, lifecycle growth or a general enquiry), and your message. We also record the fact and time of your PDPA consent when you tick the consent checkbox, which is never pre-selected.
Form submissions are transmitted to our systems and may generate an email notification to our team. We use this information to respond to your enquiry, qualify fit for our services, schedule calls, prepare proposals and maintain an audit trail of communications. We may retain form submissions even if an engagement does not proceed, for the retention periods described below.
Our forms include a hidden honeypot field designed to deter automated spam. You should leave this field blank. Submissions that appear to be automated may be discarded without notice.
6. Purposes for which we use personal data
Subject to the PDPA 2012, we collect, use and disclose personal data for purposes including:
- responding to enquiries and providing information about our acquisition, channel, experiment and lifecycle marketing services;
- assessing, proposing, negotiating and delivering client engagements;
- planning and operating campaigns, analytics reviews, creative testing and reporting where you are a client or authorised representative;
- administering contracts, invoicing and account management;
- improving our website, content, user experience and service quality;
- conducting internal research, training and quality assurance;
- sending service-related notices, security alerts and administrative messages;
- sending marketing communications about ReachRush services where permitted by law and according to your preferences;
- complying with legal obligations, regulatory requests, court orders and professional standards; and
- establishing, exercising or defending legal claims.
If we wish to use your personal data for a purpose not reasonably contemplated at the time of collection, we will provide notice and obtain consent where required under the PDPA 2012.
7. Legal bases and the PDPA 2012
Under the PDPA 2012, organisations generally require consent to collect, use or disclose personal data unless a statutory exception applies. ReachRush relies on one or more of the following, depending on context:
- Consent — for example, when you submit a form with an explicit PDPA consent checkbox, accept non-essential cookies, or opt in to marketing communications;
- Contractual necessity — where processing is necessary to take steps at your request before entering a contract, or to perform a contract with you or your organisation;
- Legitimate interests — where permitted, such as securing our website, preventing fraud, maintaining business records, or pursuing proportionate business development, balanced against your reasonable expectations and rights; and
- Legal obligation — where we must retain or disclose information to comply with applicable law.
You may withdraw consent for any purpose that relies on consent, subject to legal and contractual restrictions. Withdrawal will not affect the lawfulness of processing before withdrawal. To withdraw consent, email [email protected].
8. Analytics, cookies and similar technologies
We use cookies, local storage and similar technologies to operate our website, remember preferences and understand how visitors use our pages. Non-essential analytics and marketing technologies are activated only in line with your cookie choices. For detailed descriptions of cookie categories, vendors, retention and how to Accept all, Reject all or Customise preferences, please see our Cookie Policy.
Analytics data helps us measure page performance, referral sources, device categories and aggregated engagement patterns. We configure analytics tools to avoid collecting unnecessary identifiers where configuration options allow. IP addresses may be truncated or aggregated. We do not use analytics outputs to make solely automated decisions that produce legal or similarly significant effects on individuals visiting our corporate website.
Your cookie consent choice is stored locally in your browser for up to six months, after which we may invite you to confirm your preferences again.
9. Disclosure of personal data
We do not sell personal data. We may disclose personal data to:
- members of the ReachRush team who need access for the purposes described in this policy;
- professional advisers such as lawyers, accountants or auditors under confidentiality obligations;
- IT, hosting, email, analytics, scheduling and customer relationship vendors that process data on our instructions;
- payment processors or banks where required for invoicing;
- regulators, law enforcement or courts when required by law or to protect rights and safety; and
- a successor entity in connection with a merger, acquisition or corporate reorganisation, subject to appropriate safeguards.
When delivering marketing services for clients, we may access data within client-controlled platforms (such as advertising accounts, analytics properties or email tools) according to the client's permissions. In those cases, the client's policies may also apply.
10. Cross-border transfer and hosting
ReachRush is based in Singapore. Our website and certain supporting systems may be hosted on infrastructure located in Singapore and the wider Asia-Pacific region. Some of our service providers may process personal data in other countries where they maintain data centres or support operations.
Where personal data is transferred outside Singapore, we take steps reasonably required under the PDPA 2012 to ensure that the recipient provides a standard of protection comparable to that under the PDPA 2012. These steps may include contractual clauses, provider certifications, access controls and data minimisation. Details of specific transfer mechanisms are available on request by contacting [email protected].
Our footer notice that services are "hosted on Singapore and Asia-Pacific infrastructure" reflects our primary hosting posture; it does not exclude the limited international transfers described above where necessary to operate modern cloud and communications services.
11. Retention of personal data
We retain personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, reporting, dispute resolution and enforcement requirements.
Indicative retention practices include:
- Website enquiries and contact form records: typically up to twenty-four months from last meaningful contact, unless a client relationship continues or a longer period is required;
- Client engagement records, contracts and deliverables: for the duration of the engagement and up to seven years thereafter, or longer if required by law or an active dispute;
- Marketing consents and suppression lists: for as long as needed to honour your preferences and comply with the PDPA 2012 and Do Not Call Registry requirements;
- Cookie consent logs: up to six months, aligned with our cookie banner storage period; and
- Server and security logs: typically between thirty and one hundred eighty days, unless extended for incident investigation.
When personal data is no longer required, we will delete, anonymise or securely destroy it in accordance with our internal procedures.
12. Security measures
We implement administrative, technical and physical safeguards appropriate to the nature of the personal data we hold. Measures may include access controls based on role, encrypted transport (HTTPS) for website traffic, secure configuration of hosting environments, password and authentication policies for internal systems, vendor due diligence, and staff awareness of confidentiality obligations.
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect personal data, we cannot guarantee absolute security. If you believe your interaction with us is no longer secure, please contact us immediately at [email protected].
In the event of a data breach that is notifiable under Singapore law, we will take steps required by the PDPA 2012 and PDPC guidance, which may include assessing impact, containing the incident and notifying affected individuals and the PDPC where applicable.
13. Your rights under the PDPA 2012
Subject to exceptions under the PDPA 2012, you have the right to:
- Access — request access to personal data about you that is in our possession or under our control, and information about how it has been used or disclosed within the preceding year;
- Correction — request correction of personal data that is inaccurate or incomplete; and
- Withdraw consent — withdraw consent for processing that relies on consent, as described above.
To submit an access or correction request, email [email protected] with sufficient information to verify your identity and describe your request. We may charge a reasonable fee for access requests where permitted by law. If we are unable to accede to your request, we will inform you of the reasons, subject to legal restrictions.
If you are dissatisfied with our response, you may contact the Personal Data Protection Commission in Singapore for further guidance, after giving us a reasonable opportunity to address your concern.
14. Marketing communications and the Do Not Call Registry
We may send marketing messages about ReachRush services where you have provided clear consent or where another valid basis applies under Singapore law. You may opt out at any time by using the unsubscribe link in an email, informing your account contact, or emailing [email protected].
We maintain internal do-not-contact records and respect the national Do Not Call Registry for Singapore telephone numbers when conducting telemarketing, where applicable to our activities.
15. Children
Our website and services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under eighteen years of age through our corporate marketing channels. If you believe we have collected data from a minor inappropriately, please contact us and we will take steps to delete it.
16. Third-party links and platforms
Our website may contain links to third-party sites, calendars, social networks or advertising platforms. We are not responsible for the privacy practices of those third parties. We encourage you to review their policies before providing personal data.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, services or internal practices. The "Last updated" date at the top of this page indicates when the policy was last revised. Material changes will be posted on this page. Where appropriate, we may provide additional notice.
Your continued use of our website or services after an update constitutes acknowledgement of the revised policy, subject to any additional consent requirements under the PDPA 2012.
18. Contact us
For any privacy-related matter, including access, correction, withdrawal of consent or questions about cross-border processing, contact:
ReachRush Pte. Ltd.
Data Protection Contact
2 Kallang Avenue, #09-12 CT Hub, Singapore 339407
Email: [email protected]
Telephone: +65 6708 5264