Legal

Privacy Policy

Effective date: 27 April 2026

1. Introduction

SendStrike (“SendStrike,” “we,” “our,” “us”) is the outbound email platform for MCA and funding teams operated by Grock Foundation Pte. Ltd. We respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with Singapore's Personal Data Protection Act 2012 (PDPA), the European Union's General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), among other relevant data privacy laws.

By accessing or using our website (https://sendstrike.ai/) or engaging our services, you accept and consent to the terms of this Privacy Policy.

2. Legal Framework

2.1 PDPA (Singapore)

We comply with Singapore's PDPA, which governs the collection, use, disclosure, and protection of personal data of individuals. Under PDPA, we ensure that your personal data is managed with transparency and in accordance with applicable legal obligations.

2.2 GDPR (European Union)

If you are located in the European Economic Area (EEA), the GDPR applies to the collection, processing, and storage of your personal data. Under the GDPR, we recognize your rights to access, correct, erase, restrict processing, object to processing, and request data portability of your personal data. The legal basis for processing your personal data includes the performance of a contract, compliance with legal obligations, consent, and legitimate interests.

2.3 CCPA (California, USA)

For residents of California, the CCPA grants additional rights concerning the collection and use of personal information. You have the right to know what personal information we collect, the right to request deletion of your personal information, and the right to opt out of the sale of your personal information. We do not sell personal data as defined by the CCPA.

3. Personal Data We Collect

We may collect and process various types of personal data, including:

  • Contact information — name, email address, phone number, mailing address.
  • Usage information — IP address, browser type, operating system, and website interaction data.
  • Financial data — payment details when applicable for transactions.
  • Communication data — feedback, inquiries, and information provided through forms.
  • Customer data — merchant lists, email content, mailbox configurations, and reply activity that you upload or generate within the Service.
  • Cookies and tracking data — information gathered from cookies, pixels, and similar tracking technologies.

4. Purposes of Processing

We collect and process personal data for the following purposes:

  • To provide services — processing necessary to fulfill contracts and provide services you request, including mailbox warmup, sending, deliverability monitoring, and reply handling.
  • Marketing communications — sending promotional materials or updates (with your consent or where legally permitted).
  • Improving services — enhancing our website, products, and services based on user data and analytics.
  • Compliance — complying with legal obligations and responding to lawful requests from regulatory authorities.
  • Security and fraud prevention — detecting, investigating, and preventing fraud and security breaches.

5. Legal Bases for Processing (GDPR)

Under the GDPR, our legal bases for processing your personal data include:

  • Consent — where you have provided explicit consent for specific purposes.
  • Contractual necessity — where processing is necessary for the performance of a contract.
  • Legal obligations — where we are required to comply with a legal obligation.
  • Legitimate interests — where processing is in our legitimate interest and not overridden by your data protection rights.

6. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data privacy compliance. You may contact the DPO at any time regarding questions or concerns about your personal data:

Max Korolev, Data Protection Officer
Email: support@outreach2day.com
Mailing address: 68 Circular Road, #02-01, 049422, Singapore

7. Your Rights

7.1 GDPR (EU/EEA residents)

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure (right to be forgotten) — to request the deletion of your personal data.
  • Right to restrict processing — to request the restriction of processing under certain conditions.
  • Right to data portability — to receive your personal data in a structured, commonly used format.
  • Right to object — to object to the processing of your personal data for direct marketing or legitimate interests.

7.2 CCPA (California residents)

  • Right to know — to request disclosure of the categories of personal information collected and the purposes for which it is used.
  • Right to delete — to request the deletion of personal information.
  • Right to opt-out — to opt out of the sale of your personal information (we do not sell personal information).
  • Right to non-discrimination — to be free from discrimination for exercising your rights under the CCPA.

Non-sale of personal data under CCPA. In compliance with the CCPA, we do not sell personal data, including the personal data of minors under the age of 16. If you are a California resident, you have the right to opt out of the sale of your personal data, although we do not engage in such activities.

7.3 PDPA (Singapore residents)

  • Access and correction — to request access to or correction of your personal data.
  • Withdrawal of consent — to withdraw consent at any time for the collection, use, or disclosure of your personal data.

To exercise any of these rights, please contact our DPO.

8. Sharing of Personal Data

8.1 Third-Party Service Providers

We may disclose personal data to third-party service providers who perform services on our behalf, such as:

  • Payment processors
  • Web hosting and IT service providers (including Amazon Web Services, Hetzner, Google)
  • Email infrastructure (operated by our parent infrastructure, Outreach2Day)
  • CRM integrations you authorize (Zoho, Salesforce, HubSpot, and others via our general API)
  • Analytics and product telemetry providers (PostHog, Google Analytics, Ahrefs)
  • Marketing and advertising partners

These third parties are required to comply with data protection regulations and safeguard your data.

8.2 Legal Obligations

We may disclose personal data if required to do so by law or in response to valid requests from public authorities (e.g., regulatory bodies or law enforcement agencies).

8.3 International Transfers

If your personal data is transferred outside of Singapore, the EEA, or California, we will take steps to ensure that your data is transferred with adequate safeguards in accordance with applicable laws, including standard contractual clauses approved by the European Commission for GDPR-compliant transfers.

9. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws. We regularly review retention periods and securely dispose of data that is no longer needed.

10. Security of Personal Data

We implement appropriate technical and organizational measures to ensure the security of personal data and to protect it against unauthorized access, alteration, disclosure, or destruction. However, we cannot guarantee the absolute security of personal data transmitted over the Internet.

11. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience on our website. Cookies help us analyze web traffic and understand user behavior. We also run conversion and ad attribution pixels (Google Ads, Reddit Ads). You can modify your browser settings to reject cookies, although this may limit some functionalities of the site.

12. Children's Privacy

Our services are not intended for individuals under the legal age of consent in their respective jurisdictions:

  • In Singapore, the minimum age for providing personal data without parental consent is 13 years.
  • Under the GDPR, the minimum age is 16 years (parental consent required below 16).
  • Under the CCPA, the minimum age for consent is 13 years; parental consent is required for individuals between 13 and 16 if the data is to be sold.

We do not knowingly collect personal data from individuals below the relevant legal age. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact our DPO. We will take immediate steps to delete such information.

13. Updates and Amendments

We reserve the right to update, modify, or amend this Privacy Policy at any time to reflect changes in our business practices, legal obligations, or regulatory requirements. Any changes to this Privacy Policy will be posted on our website and, where required by law, we will provide notice to you via email or other communication methods.

The updated Privacy Policy will include the “Effective Date” to indicate when the changes take effect. Your continued use of our website or services after any changes to this Privacy Policy constitutes your acknowledgment and acceptance of the updated terms.

In the event of significant changes that affect your rights or how we process your personal data, we will take reasonable steps to notify you and, where legally required, seek your consent before implementing such changes.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or the handling of your personal data, please contact:

Max Korolev, Data Protection Officer
Email: support@outreach2day.com
Mailing address: 68 Circular Road, #02-01, 049422, Singapore