Privacy Policy

Last updated: 2026-05-13v1.1

Privacy Policy — GetPower

Last updated: 2026-05-13 Version: v1.1

This Privacy Policy explains how TELEBORT AI STUDIO PLT (LLP0046066-LGN) ("Telebort", "we", "us", "our") collects, uses, discloses, and protects personal data in connection with the GetPower service, accessible at https://getpower.cc (the "Service").

This Policy is issued pursuant to the Personal Data Protection Act 2010 ("PDPA") of Malaysia. Telebort is the data controller for personal data processed in connection with the operation of the Service. Where you (the Customer) process personal data of WhatsApp recipients ("Message Recipients") through the Service, you are the data controller for that data and we act as your data processor.


1. Scope

1.1 This Policy applies to personal data we collect about:

  • Customers who register for and use the Service
  • Message Recipients (the contacts and end-users your business communicates with via WhatsApp through the Service)
  • Visitors to https://getpower.cc

1.2 Note: WhatsApp Inc. (a Meta Platforms company) is the operator of the underlying WhatsApp messaging platform and processes message data under its own privacy policy (https://www.whatsapp.com/legal/privacy-policy). This Policy describes only the data Telebort processes; it does not cover Meta's separate processing.

2. Personal Data We Collect

2.1 Customer Account Data

  • Full name, email, phone number, business name, position
  • Authentication credentials (hashed)
  • WhatsApp Business Account identifier / WhatsApp Cloud API credentials (where applicable)

2.2 Billing Data

  • Billing name and address
  • Payment method details (processed by our payment processor; we do not store card numbers)
  • Transaction history

2.3 Service Usage Data

  • IP address, browser type, device identifiers, operating system
  • Pages viewed, features used, session duration
  • Error logs, performance metrics

2.4 WhatsApp Message Data (processed on Customer's behalf)

When you send or receive messages through the Service:

  • WhatsApp phone numbers of Message Recipients
  • Profile names and display photos provided by WhatsApp
  • Message content (text, images, documents, media)
  • Message metadata (timestamps, delivery/read status, conversation IDs)
  • Conversation analytics (response time, resolution status, intent classifications)
  • Contact list metadata (tags, segments, opt-in/opt-out status)

You (the Customer) are responsible for ensuring you have a lawful basis under the PDPA (typically consent under Section 6, with notice under Section 7) to message Recipients and to use the Service to process their data.

2.5 Communication Data

  • Support tickets, chat messages, emails
  • Survey responses, feedback

2.6 Cookies and Similar Technologies

  • Strictly necessary, functional, and (with consent) analytics cookies. See section 9.

3. Sources of Personal Data

3.1 Directly from Customers — registration, configuration, support contact. 3.2 From use of the Service — usage data, device data, cookies. 3.3 From Meta WhatsApp Cloud API — message data, recipient profile data (subject to Meta's own data sharing terms). 3.4 From integrated third parties — where you connect a CRM, e-commerce platform, or other system.

PurposeLegal basis (PDPA)
Provide, operate, and improve the ServiceContract performance; legitimate interest
Authenticate users and secure accountsContract performance; legitimate interest
Process payments and billingContract performance; legal obligation
Comply with tax, accounting, and other legal obligationsLegal obligation
Communicate transactional notices and supportContract performance
Send marketing communicationsConsent (opt-in)
Detect, prevent, and respond to fraud, abuse, and Meta policy violationsLegitimate interest; legal obligation
Process WhatsApp messages on Customer's instructionsProcessing on behalf of Customer (data processor role)
Develop and improve features, including AI/ML on aggregated or de-identified dataLegitimate interest with safeguards
Defend or assert legal claimsLegitimate interest; legal obligation

5. How We Share Personal Data

We do not sell personal data. We share with:

5.1 Service Providers (Sub-processors)

Sub-processorPurposeLocation
Meta Platforms (WhatsApp Cloud API)Core WhatsApp messaging infrastructureGlobal (US, Ireland, Singapore)
SupabaseDatabase, authentication, file storageUnited States / Singapore
VercelApplication hosting, edge computeUnited States / global
AnthropicAI processing (for AI-assisted reply features)United States
Stripe (where applicable)Payment processingUnited States / Singapore
Email delivery providersTransactional emailUnited States / EU

A current list is available on request at studio.telebort@gmail.com. Each sub-processor is bound by confidentiality and data protection obligations.

AI sub-processor — no-training assurance. Under our agreement with Anthropic, Anthropic does not train its AI models on data we send through the AI features — including WhatsApp message content, recipient context, and any other Customer Data passed to AI processing. That sub-processor relationship is inference-only (real-time AI outputs returned to you). This is distinct from the "AI/ML on aggregated or de-identified data" line in clause 4 above, which refers to Telebort's own model-improvement activities and is governed by the safeguards described there.

5.2 Authorities

We may disclose personal data when required by law, subpoena, court order, or in response to valid government or regulatory requests (including under the Communications and Multimedia Act 1998).

5.3 Business Transfers

Personal data may be transferred in connection with a merger, acquisition, restructuring, or sale of assets, subject to confidentiality.

We may share for other purposes only with your consent.

6. International Data Transfers

6.1 Your personal data may be processed in countries outside Malaysia, including the United States, Singapore, Ireland, and the European Union, where our sub-processors and Meta operate.

6.2 We rely on contractual safeguards (data processing agreements, standard contractual clauses) under Section 129 of the PDPA.

6.3 Note: WhatsApp Cloud API may route messages through Meta's global infrastructure, governed by Meta's data transfer mechanisms.

7. Data Retention

Data categoryRetention period
Customer account and identity dataDuration of subscription + 7 years (tax retention under Section 82, Income Tax Act 1967)
WhatsApp messages and conversation dataDefault ninety (90) days, configurable in account settings (max 7 years; minimum 0 days for compliance-driven deletion)
Billing and payment records7 years
Service usage logs13 months (rolling)
Communication records3 years
Marketing consent recordsUntil withdrawn + 3 years

Upon termination, Customer-uploaded data is retained for thirty (30) days in exportable form, then deleted subject to legal retention obligations.

8. Security

We implement reasonable technical and organisational measures:

  • Encryption in transit (TLS) and at rest where applicable
  • Authentication and access controls (with multi-factor authentication options)
  • Security testing and code review
  • Least-privilege access for our team
  • Logging and monitoring
  • Incident response procedures

We will notify affected data subjects and the Personal Data Protection Commissioner of personal data breaches likely to cause harm, as required.

9. Cookies and Similar Technologies

We use cookies for: session management (strictly necessary), preference storage (functional), and (with consent) aggregated analytics. Manage via browser settings; disabling strictly necessary cookies will impair the Service.

10. Your Rights Under the PDPA

You have the following rights under the Personal Data Protection Act 2010:

  1. Right of Access (Section 30)
  2. Right of Correction (Section 34)
  3. Right to Withdraw Consent (Section 38)
  4. Right to Prevent Processing Likely to Cause Damage or Distress (Section 42)
  5. Right to Prevent Processing for Direct Marketing (Section 43)

Submitting Requests

Contact studio.telebort@gmail.com. We will respond within twenty-one (21) days (Section 31). A prescribed fee may apply for access requests.

Message Recipient Requests

If you are a Message Recipient (a contact of a Telebort Customer using GetPower to message you):

  • For requests about your data, contact the Customer who messaged you first — they are the data controller
  • You may also contact us at studio.telebort@gmail.com; we will route your request to the relevant Customer or, where appropriate, act under our processor role to assist
  • You may opt out of further messages by replying "STOP" in the WhatsApp thread (Customer is required by Meta's policies to honour this)

Right to Lodge a Complaint

Personal Data Protection Commissioner Malaysia: https://www.pdp.gov.my

11. Children's Data

The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from children. Customers using the Service to message individuals under 18 must have appropriate consent under the PDPA and Meta's policies.

12. Customer Data Subjects (Processing on Customer's Behalf)

12.1 When you (the Customer) upload contact lists or message recipients into the Service, you are the data controller for that data; we are your data processor.

12.2 Our processing is governed by our standard Data Processing Agreement (available on request). We will:

  • Process only on your documented instructions
  • Apply appropriate security
  • Engage sub-processors with equivalent data protection obligations
  • Assist with data subject requests
  • Notify you of breaches without undue delay
  • Return or delete Customer Data on termination

13. Changes to This Policy

We may update this Policy. The "Last updated" date reflects the most recent revision. Material changes will be notified at least thirty (30) days before effective date via email or in-Service notification.

14. Contact

TELEBORT AI STUDIO PLT (LLP0046066-LGN) Data Protection Contact: studio.telebort@gmail.com Address: George Town, Pulau Pinang, Malaysia


Version log

  • v1.0 — 2026-05-11 — Initial draft (Claude Code, studio/legal/ kit launch)
  • v1.1 — 2026-05-13 — Add AI sub-processor no-training assurance after §5.1 sub-processor table (per Anthropic Commercial Terms Section B)

Questions? Email hello@getpower.cc.

See also: Privacy · Terms