Privacy Policy — GetPower
Last updated: 2026-05-13 Version: v1.1
This Privacy Policy explains how TELEBORT AI STUDIO PLT (LLP0046066-LGN) ("Telebort", "we", "us", "our") collects, uses, discloses, and protects personal data in connection with the GetPower service, accessible at https://getpower.cc (the "Service").
This Policy is issued pursuant to the Personal Data Protection Act 2010 ("PDPA") of Malaysia. Telebort is the data controller for personal data processed in connection with the operation of the Service. Where you (the Customer) process personal data of WhatsApp recipients ("Message Recipients") through the Service, you are the data controller for that data and we act as your data processor.
1. Scope
1.1 This Policy applies to personal data we collect about:
- Customers who register for and use the Service
- Message Recipients (the contacts and end-users your business communicates with via WhatsApp through the Service)
- Visitors to https://getpower.cc
1.2 Note: WhatsApp Inc. (a Meta Platforms company) is the operator of the underlying WhatsApp messaging platform and processes message data under its own privacy policy (https://www.whatsapp.com/legal/privacy-policy). This Policy describes only the data Telebort processes; it does not cover Meta's separate processing.
2. Personal Data We Collect
2.1 Customer Account Data
- Full name, email, phone number, business name, position
- Authentication credentials (hashed)
- WhatsApp Business Account identifier / WhatsApp Cloud API credentials (where applicable)
2.2 Billing Data
- Billing name and address
- Payment method details (processed by our payment processor; we do not store card numbers)
- Transaction history
2.3 Service Usage Data
- IP address, browser type, device identifiers, operating system
- Pages viewed, features used, session duration
- Error logs, performance metrics
2.4 WhatsApp Message Data (processed on Customer's behalf)
When you send or receive messages through the Service:
- WhatsApp phone numbers of Message Recipients
- Profile names and display photos provided by WhatsApp
- Message content (text, images, documents, media)
- Message metadata (timestamps, delivery/read status, conversation IDs)
- Conversation analytics (response time, resolution status, intent classifications)
- Contact list metadata (tags, segments, opt-in/opt-out status)
You (the Customer) are responsible for ensuring you have a lawful basis under the PDPA (typically consent under Section 6, with notice under Section 7) to message Recipients and to use the Service to process their data.
2.5 Communication Data
- Support tickets, chat messages, emails
- Survey responses, feedback
2.6 Cookies and Similar Technologies
- Strictly necessary, functional, and (with consent) analytics cookies. See section 9.
3. Sources of Personal Data
3.1 Directly from Customers — registration, configuration, support contact. 3.2 From use of the Service — usage data, device data, cookies. 3.3 From Meta WhatsApp Cloud API — message data, recipient profile data (subject to Meta's own data sharing terms). 3.4 From integrated third parties — where you connect a CRM, e-commerce platform, or other system.
4. Purposes and Legal Basis for Processing
| Purpose | Legal basis (PDPA) |
|---|---|
| Provide, operate, and improve the Service | Contract performance; legitimate interest |
| Authenticate users and secure accounts | Contract performance; legitimate interest |
| Process payments and billing | Contract performance; legal obligation |
| Comply with tax, accounting, and other legal obligations | Legal obligation |
| Communicate transactional notices and support | Contract performance |
| Send marketing communications | Consent (opt-in) |
| Detect, prevent, and respond to fraud, abuse, and Meta policy violations | Legitimate interest; legal obligation |
| Process WhatsApp messages on Customer's instructions | Processing on behalf of Customer (data processor role) |
| Develop and improve features, including AI/ML on aggregated or de-identified data | Legitimate interest with safeguards |
| Defend or assert legal claims | Legitimate interest; legal obligation |
5. How We Share Personal Data
We do not sell personal data. We share with:
5.1 Service Providers (Sub-processors)
| Sub-processor | Purpose | Location |
|---|---|---|
| Meta Platforms (WhatsApp Cloud API) | Core WhatsApp messaging infrastructure | Global (US, Ireland, Singapore) |
| Supabase | Database, authentication, file storage | United States / Singapore |
| Vercel | Application hosting, edge compute | United States / global |
| Anthropic | AI processing (for AI-assisted reply features) | United States |
| Stripe (where applicable) | Payment processing | United States / Singapore |
| Email delivery providers | Transactional email | United States / EU |
A current list is available on request at studio.telebort@gmail.com. Each sub-processor is bound by confidentiality and data protection obligations.
AI sub-processor — no-training assurance. Under our agreement with Anthropic, Anthropic does not train its AI models on data we send through the AI features — including WhatsApp message content, recipient context, and any other Customer Data passed to AI processing. That sub-processor relationship is inference-only (real-time AI outputs returned to you). This is distinct from the "AI/ML on aggregated or de-identified data" line in clause 4 above, which refers to Telebort's own model-improvement activities and is governed by the safeguards described there.
5.2 Authorities
We may disclose personal data when required by law, subpoena, court order, or in response to valid government or regulatory requests (including under the Communications and Multimedia Act 1998).
5.3 Business Transfers
Personal data may be transferred in connection with a merger, acquisition, restructuring, or sale of assets, subject to confidentiality.
5.4 With Consent
We may share for other purposes only with your consent.
6. International Data Transfers
6.1 Your personal data may be processed in countries outside Malaysia, including the United States, Singapore, Ireland, and the European Union, where our sub-processors and Meta operate.
6.2 We rely on contractual safeguards (data processing agreements, standard contractual clauses) under Section 129 of the PDPA.
6.3 Note: WhatsApp Cloud API may route messages through Meta's global infrastructure, governed by Meta's data transfer mechanisms.
7. Data Retention
| Data category | Retention period |
|---|---|
| Customer account and identity data | Duration of subscription + 7 years (tax retention under Section 82, Income Tax Act 1967) |
| WhatsApp messages and conversation data | Default ninety (90) days, configurable in account settings (max 7 years; minimum 0 days for compliance-driven deletion) |
| Billing and payment records | 7 years |
| Service usage logs | 13 months (rolling) |
| Communication records | 3 years |
| Marketing consent records | Until withdrawn + 3 years |
Upon termination, Customer-uploaded data is retained for thirty (30) days in exportable form, then deleted subject to legal retention obligations.
8. Security
We implement reasonable technical and organisational measures:
- Encryption in transit (TLS) and at rest where applicable
- Authentication and access controls (with multi-factor authentication options)
- Security testing and code review
- Least-privilege access for our team
- Logging and monitoring
- Incident response procedures
We will notify affected data subjects and the Personal Data Protection Commissioner of personal data breaches likely to cause harm, as required.
9. Cookies and Similar Technologies
We use cookies for: session management (strictly necessary), preference storage (functional), and (with consent) aggregated analytics. Manage via browser settings; disabling strictly necessary cookies will impair the Service.
10. Your Rights Under the PDPA
You have the following rights under the Personal Data Protection Act 2010:
- Right of Access (Section 30)
- Right of Correction (Section 34)
- Right to Withdraw Consent (Section 38)
- Right to Prevent Processing Likely to Cause Damage or Distress (Section 42)
- Right to Prevent Processing for Direct Marketing (Section 43)
Submitting Requests
Contact studio.telebort@gmail.com. We will respond within twenty-one (21) days (Section 31). A prescribed fee may apply for access requests.
Message Recipient Requests
If you are a Message Recipient (a contact of a Telebort Customer using GetPower to message you):
- For requests about your data, contact the Customer who messaged you first — they are the data controller
- You may also contact us at studio.telebort@gmail.com; we will route your request to the relevant Customer or, where appropriate, act under our processor role to assist
- You may opt out of further messages by replying "STOP" in the WhatsApp thread (Customer is required by Meta's policies to honour this)
Right to Lodge a Complaint
Personal Data Protection Commissioner Malaysia: https://www.pdp.gov.my
11. Children's Data
The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from children. Customers using the Service to message individuals under 18 must have appropriate consent under the PDPA and Meta's policies.
12. Customer Data Subjects (Processing on Customer's Behalf)
12.1 When you (the Customer) upload contact lists or message recipients into the Service, you are the data controller for that data; we are your data processor.
12.2 Our processing is governed by our standard Data Processing Agreement (available on request). We will:
- Process only on your documented instructions
- Apply appropriate security
- Engage sub-processors with equivalent data protection obligations
- Assist with data subject requests
- Notify you of breaches without undue delay
- Return or delete Customer Data on termination
13. Changes to This Policy
We may update this Policy. The "Last updated" date reflects the most recent revision. Material changes will be notified at least thirty (30) days before effective date via email or in-Service notification.
14. Contact
TELEBORT AI STUDIO PLT (LLP0046066-LGN) Data Protection Contact: studio.telebort@gmail.com Address: George Town, Pulau Pinang, Malaysia
Version log
- v1.0 — 2026-05-11 — Initial draft (Claude Code, studio/legal/ kit launch)
- v1.1 — 2026-05-13 — Add AI sub-processor no-training assurance after §5.1 sub-processor table (per Anthropic Commercial Terms Section B)