PRIVACY
Privacy Policy
Last updated: 13 July 2026 · © 2026 AudienceShift Pte. Ltd.
Part I — Overview and scope
About this document
This Privacy Policy describes how AudienceShift Pte. Ltd. ("AudienceShift", "we", "us" or "our") handles personal data in connection with audienceshift.life, our audience growth marketing services, and related business operations. It is written for website visitors, prospective clients, current clients, suppliers, and anyone whose personal data we process directly as the organisation responsible under Singapore law.
We process personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore, subsidiary legislation, and guidance issued by the Personal Data Protection Commission ("PDPC") where applicable. This policy does not constitute legal advice. If you need advice about your own compliance obligations, consult a qualified professional.
Our privacy commitment
AudienceShift is an audience development and growth marketing agency. We believe transparency about data handling is part of professional practice. We collect only what we reasonably need, use it for clearly defined purposes, protect it with appropriate safeguards, and honour the rights granted to individuals under the PDPA. Where optional processing — such as non-essential analytics or advertising measurement — requires consent, we obtain it through our cookie banner and do not pre-tick consent boxes on enquiry forms.
By visiting audienceshift.life, submitting an enquiry, or engaging our services, you acknowledge that you have read this Privacy Policy. Where the PDPA requires consent, we will request it in a manner that is clear and informed.
Definitions used in this policy
"Personal data" means data about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access. "Processing" includes collecting, using, disclosing, storing, and deleting personal data. "Organisation responsible for personal data" (or data controller) means the organisation that determines the purposes and means of processing. "Data intermediary" means an organisation that processes personal data on behalf of another organisation under a contract — for example, when we manage advertising or analytics on a client's behalf.
Part II — Who is responsible for your data
The organisation primarily responsible for personal data described in this policy is:
AudienceShift Pte. Ltd.
UEN: 202427591W
Registered address: 32 Club Street, #02-01, Singapore 069416
Telephone: +65 6229 3188
General enquiries: [email protected]
Privacy and data protection: [email protected]
Our Data Protection Officer ("DPO") oversees PDPA compliance and handles privacy requests. You may reach the DPO at [email protected] or by post to the address above, marked "Data Protection Officer". We aim to acknowledge enquiries within five business days and to resolve straightforward matters within thirty days, though complex requests may require additional time permitted under the PDPA.
AudienceShift provides professional marketing services focused on audience research, segmentation, content strategy, paid and organic channel planning, creative direction, and performance reporting. We are not a life coaching or wellness provider, not a human-resources or shift-scheduling platform, not a customer-relationship-management software vendor, and not a training course or get-rich-quick programme. The ".life" element of our domain is branding only. References to "audience" on this site mean marketing audiences — groups of people a brand seeks to reach — and "shift" means moving or growing those audiences through planned marketing activity, not a work shift or software migration.
When we process personal data solely on a client's instructions — for instance, audience lists uploaded to an ad platform under retainer — the client remains the organisation primarily responsible for that data. Our obligations as data intermediary are set out in the service agreement and any applicable data processing terms. This Privacy Policy focuses on data for which AudienceShift is the organisation responsible under the PDPA.
Part III — Personal data we handle, by relationship
Rather than listing abstract categories alone, the following sections explain what we typically collect based on how you interact with us.
Website visitors and enquiry contacts
When you browse audienceshift.life, our servers and optional analytics tools may record technical information such as IP address, browser type, device type, operating system, referring URL, pages viewed, and timestamps. If you use our contact form, email us, or call our office, we collect the identity and contact details you provide — commonly name, job title, company, business email, telephone number, and the content of your message — together with your PDPA consent record where required. We may retain correspondence metadata such as date, channel, and subject line.
Clients and commercial counterparties
For organisations that engage AudienceShift, we process billing contacts, authorised signatories, stakeholder names, campaign briefs, brand guidelines, access metadata for platforms we manage (not passwords stored in plain text), performance reports, approval records, and contractual documents. Financial records may include invoice details and payment status. We use this information to scope work, deliver services, invoice, and maintain account governance.
Individuals in client campaigns
When executing campaigns for clients, we may process pseudonymous or contact data supplied by the client — for example, hashed customer lists for lookalike modelling or email recipients in a lifecycle programme. In those cases the client determines the lawful basis and purpose; we process only as instructed and apply contractual security measures.
Suppliers, freelancers, and partners
We hold contact and contractual information for photographers, media buyers, translators, hosting providers, and other professionals who support our work, as well as records necessary for procurement and quality assurance.
Data we do not seek to collect
We do not intentionally collect sensitive personal data — such as NRIC numbers, financial account credentials, health information, or data relating to minors — through our general website unless you voluntarily provide it and we have a lawful basis. Please do not submit sensitive personal data via our contact form unless we have expressly requested it for a defined purpose.
Part IV — Why we use personal data
We use personal data for purposes a reasonable person would consider appropriate, and not beyond what is reasonable to achieve those purposes. Our main uses include:
- Enquiry handling: reading, assessing, and responding to messages; scheduling calls; preparing introductory materials.
- Service delivery: audience research, channel planning, creative development, media management, reporting, and optimisation for client brands.
- Contract and billing administration: proposals, statements of work, invoicing, payment follow-up, and dispute records.
- Site operation: maintaining security, diagnosing faults, and improving content and usability.
- Measurement: where permitted or consented, evaluating traffic sources, campaign attribution, and aggregate audience behaviour through cookies and pixels — see Part XI and our Cookie Policy.
- Compliance: meeting legal, tax, and regulatory requirements; responding to lawful authority requests; enforcing our Terms of Use.
- Business operations: vendor management, internal reporting, and professional development of our team.
We do not sell personal data. We do not use your contact details to promote unrelated third-party products. Case studies or portfolio references are published with client approval or appropriate anonymisation; we do not publish identifiable personal data without permission.
Part V — Legal bases for processing
Under the PDPA, we may collect, use, or disclose personal data only with consent or where an exception applies. Depending on the activity, AudienceShift relies on:
- Consent: when you affirmatively tick a consent checkbox on our contact form (never pre-ticked), opt in to optional communications, or accept non-essential cookies via our banner.
- Contractual necessity: processing needed to respond to a pre-contractual enquiry, perform a signed agreement, or take steps at your request before entering a contract.
- Legitimate interests: limited processing for security logging, fraud prevention, and business record-keeping, where not overridden by your interests. Optional analytics and advertising cookies rely on consent instead.
- Legal obligation: processing required by Singapore law, court order, or regulatory inquiry.
- Deemed consent by notification: used sparingly and only where permitted under the PDPA and PDPC guidance, after clear notification and a reasonable opt-out opportunity.
You may withdraw consent for optional processing at any time by contacting [email protected], subject to legal or contractual restrictions and reasonable notice to implement your request. Withdrawal does not affect processing lawfully conducted before withdrawal.
Part VI — Sharing and disclosure
We disclose personal data to third parties only where necessary for the purposes in Part IV, including to:
- Cloud hosting, email, and infrastructure providers;
- Analytics and advertising technology vendors, subject to your cookie choices;
- Professional advisers bound by confidentiality;
- Banks or payment processors for invoicing;
- Government authorities when required by law.
We require processors to protect personal data appropriately and to use it only for the services they provide to us. A list of major sub-processor categories may be provided on request for relevant client engagements.
Part VII — Cross-border transfers
Some service providers may store or process data on servers outside Singapore. Where personal data is transferred overseas, we take steps required under the PDPA to ensure the recipient provides a standard of protection comparable to that under the PDPA — for example through contractual clauses, verification of binding corporate rules, or applicable transfer exceptions. Details of specific regions and safeguards may be provided on request where relevant to your engagement.
Part VIII — Security and breach response
We implement reasonable administrative, technical, and physical safeguards to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. Measures include, where appropriate:
- HTTPS encryption for data transmitted via audienceshift.life;
- Role-based access limiting staff access on a need-to-know basis;
- Secure authentication on critical systems;
- Monitoring and patching of hosting infrastructure;
- Confidentiality obligations in contracts with personnel and vendors;
- Secure disposal of records and equipment containing personal data.
No internet transmission or electronic storage is completely secure. While we work to protect your data, we cannot guarantee absolute security. You are responsible for safeguarding credentials and using secure channels for sensitive business information.
If a data breach is likely to result in significant harm, we will notify affected individuals and the PDPC as required under the PDPA's data breach notification provisions, and take steps to contain and remediate the incident.
Part IX — Retention and deletion
We retain personal data only as long as necessary for the purposes collected, or as required by law or legitimate business need. Typical periods include:
- Website enquiries: up to twenty-four months from last meaningful contact, unless a client relationship develops and records merge into the client file.
- Client files: duration of engagement plus up to seven years for legal, tax, and dispute purposes unless a longer period is required.
- Financial records: in line with Singapore accounting requirements, typically seven years.
- Security logs: up to twelve months unless needed for an active investigation.
- Cookie consent preferences: six months in your browser, after which the banner reappears — see our Cookie Policy.
- Marketing opt-in records: until you unsubscribe, plus a minimal suppression record.
When data is no longer needed, we take reasonable steps to destroy or anonymise it. Anonymised aggregate statistics that cannot reasonably identify an individual may be retained longer.
Part X — Your rights under the PDPA
You may request access to personal data about you that is in our possession or under our control, and request correction of errors or omissions, subject to exceptions in the Act. To exercise these rights:
- Write to [email protected] with enough detail to identify the data concerned.
- We may request reasonable proof of identity before disclosure or correction.
- We will respond within thirty days or inform you if an extension is required.
- A reasonable fee may apply to manifestly unfounded or excessive access requests, in line with PDPC guidance; we will inform you before processing.
If we process your data on a client's behalf — for example, as a recipient of a client's email campaign — we may direct you to the client, who is primarily responsible. We will assist clients where contractually required.
You may also withdraw consent for optional processing, request limitation of certain optional uses while a complaint is reviewed, and lodge a complaint with us if you believe we have handled your data contrary to the PDPA. We investigate complaints fairly and respond with findings and remedial steps.
Part XI — Cookies and similar technologies
audienceshift.life uses cookies, local storage, and similar technologies for core functionality, consent records, and — with your permission — analytics and advertising measurement. Non-essential cookies are not placed until you accept them via our cookie banner or customise preferences in the cookie modal.
For categories, vendors, the six-month consent storage period, and opt-out options, read our Cookie Policy. You may refresh preferences by clearing site data and revisiting the site, or using "Customise" when the banner is displayed.
Part XII — Third-party websites and platforms
Our site may link to social networks, advertising platforms, industry publications, or client properties. This Privacy Policy does not apply to external sites. We are not responsible for third-party privacy practices. Platform integrations referenced in our work — such as Meta, Google, LinkedIn, or TikTok — are governed by those providers' terms and policies when you interact with them directly.
Part XIII — Children
Our services are directed at business professionals. We do not knowingly collect personal data from individuals under eighteen. If you believe we have inadvertently collected a minor's data, contact [email protected] and we will take steps to delete it.
Part XIV — Marketing performance expectations
AudienceShift provides audience growth and marketing services. We do not guarantee specific audience size, engagement rates, lead volume, conversion rates, revenue, or return on investment. Illustrative metrics on our site or in correspondence reflect past work or planning assumptions, not promises of future performance. This Privacy Policy does not alter that position; see also our Terms of Use.
Part XV — Changes to this policy
We may update this Privacy Policy to reflect changes in practice, technology, law, or business operations. Material changes will be indicated by updating the "Last updated" date and, where appropriate, notice on audienceshift.life or direct communication to affected clients. Continued use after an update constitutes acknowledgement, subject to any additional consent required for new processing.
- 13 July 2026: Initial publication for audienceshift.life — PDPA scope, relationship-based data description, DPO contact at [email protected], retention schedules, security overview, cookie cross-reference, and PDPC escalation path.
Part XVI — Complaints to the PDPC
If a concern is not resolved after contacting our DPO, you may escalate to the Personal Data Protection Commission:
Personal Data Protection Commission (PDPC)
Website: www.pdpc.gov.sg
Guidance on filing complaints is available on the PDPC website.
The PDPC administers and enforces the PDPA in Singapore. Filing with the PDPC does not affect your right to seek remedies through the courts where applicable.