Privacy Policy

getpower.cc is operated by TELEBORT AI STUDIO PLT (SSM Reg. 202604000838 / LLP0046066-LGN), a Limited Liability Partnership registered in Malaysia.

For all privacy-related questions or to exercise your rights under the Malaysian Personal Data Protection Act 2010 (PDPA), email privacy@getpower.cc.

• Account data: your email address and display name (handled by Supabase Auth).
• WhatsApp data: the phone number you connect via QR scan, the text and sender info of inbound messages we process, the auto-reply drafts we generate, and the auto-reply rules you configure.
• Payment data: handled entirely by Stripe. We never see or store your card number — only a Stripe customer ID and your subscription status.
• Telemetry: anonymized product usage events (PostHog) and error stack traces (Sentry). Telemetry does not include the content of your WhatsApp messages.

Solely to run the auto-reply service for you: matching inbound messages against your rules, generating reply drafts, sending them to your WhatsApp contacts, and showing you what was sent in your dashboard.

We do not train AI models on your data. Your rules and messages stay scoped to your account.

To deliver the service, your data is processed by:

• Anthropic(LLM provider) — sees inbound message text and your rules to generate replies. Per Anthropic's API terms, they do not retain or train on this data.
• Stripe — billing and subscription management.
• Supabase — database and authentication hosting (US/EU regions).
• Vercel — web application hosting.
• Browserbase (or our own infrastructure) — cloud browser sessions that hold your WhatsApp Web login.
• Resend — transactional email (welcome, session-expired alerts).
• PostHog and Sentry — product analytics and error tracking.

We do not sell your data, and we do not share it with marketing or advertising partners.

• Account: retained until you delete your account.
• Inbound messages and replies: 90 days, then anonymized (sender phone hashed, message text removed).
• Operational logs: 30 days.
• WhatsApp QR codes: deleted from storage after a successful scan or after 10 minutes, whichever comes first.

Under the Malaysian Personal Data Protection Act 2010, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Withdraw consent for processing
• Request deletion (subject to legal retention obligations)
• Object to processing in specified circumstances

Email privacy@getpower.cc to exercise any of these. We respond within 14 days.

Data is encrypted in transit (TLS) and at rest. We use Postgres row-level security so each tenant's data is isolated at the database layer. Worker-to-API requests are HMAC-signed and expire within 5 minutes of issue.

No system is perfectly secure. If you discover a vulnerability, please report it to security@getpower.cc.

Some of our service providers (Anthropic, Vercel, Supabase, Browserbase) operate from data centers outside Malaysia, primarily in the United States and European Union. By using getpower.cc you consent to your data being processed in those jurisdictions.

We use a minimal set of cookies: a Supabase Auth session cookie (essential — required to keep you logged in) and PostHog analytics cookies (optional — used to understand product usage). We do not use advertising or cross-site tracking cookies.

getpower.cc is for users aged 18 and over. We do not knowingly collect data from minors. If you believe a minor has signed up, email privacy@getpower.cc and we'll delete the account.

We may update this policy as the product evolves. Material changes are communicated via email at least 30 days before they take effect. Minor edits (typo fixes, clarifications) update the " last updated" date at the top of this page.

Privacy queries: privacy@getpower.cc

Complaints: you may also contact Malaysia's Personal Data Protection Commissioner if you believe we've mishandled your data.