Last Updated: January 2026 (Effective immediately)
Introduction
GrowthPort Solutions Sdn. Bhd. (doing business as GrowthStudio, referred to as “we,” “us,” or “our”) respects your privacy and is committed to protecting it in accordance with applicable laws. This Privacy Policy is established in accordance with the Malaysia Personal Data Protection Act 2010 (PDPA)[1], and we endeavor to comply with other data protection laws in Southeast Asia (including Singapore’s PDPA and the Philippines’ Data Privacy Act) as well as the EU General Data Protection Regulation (GDPR). This Policy describes how we collect, use, disclose, and safeguard your personal information when you use our websites, platform, and services (collectively, the “Platform”). By accessing or using the Platform, you agree to the data practices described in this Privacy Policy.
Scope: This Privacy Policy covers personal information we collect from visitors to our website and users of our services. However, note that if you are an end-customer of one of our clients using the GrowthStudio platform, your personal data may be collected and processed on behalf of that client. In those cases, we act merely as a data processor or service provider for our client, who is the data controller. This means that if you provide your data to one of our clients (for example, by interacting with a website or service that our client built on our Platform), that client’s own privacy notice will apply to your data rather than this Privacy Policy[2]. We do not use or disclose such end-customer data except as authorized by our client and as permitted by law. For all other individuals directly interacting with GrowthStudio (e.g. our website visitors, account holders, and customers), this Privacy Policy explains how we handle your data. Please read it carefully. If you do not agree with our policies and practices, please do not use the Platform. Your continued use of our Platform indicates your consent to the practices described here.
Information We Collect
We collect personal information (“Personally Identifiable Information” or “Personal Data”) about you through various means, as outlined below:
Information You Provide Directly: We collect information that you provide to us when you interact with our Platform or communicate with us. For example, when you create an account, subscribe to a newsletter, fill out a form, book a demo, make a purchase, or contact us for support, we may ask for details such as your name, email address, phone number, business name, billing and payment information (e.g. credit card details or payment account), and other contact or account credentials[3][4]. If you schedule an appointment, attend an event, or request information, you might provide similar contact and organizational details. We only ask for personal information that is necessary to provide you with the requested service[5], and we will inform you at the time of collection why we need it and how it will be used.
Information You Provide About Others: In some cases, you may input or upload personal data about third parties (for example, your customers or contacts) into our Platform as part of using our services. If you submit any personal information about other individuals to us or on our Platform, you are responsible for ensuring that you have the legal authority or consent to do so and to allow us to use and process their personal information as described in this Policy[6]. This can include, for instance, client lists containing names, emails, phone numbers, or other details of individuals who are your customers or leads. We will handle such information in accordance with your instructions and this Privacy Policy, while you remain responsible for obtaining any necessary permissions from those individuals.
Information from Third Parties: We may receive information about you from third-party sources in the course of our business. For example, we could obtain contact and professional information from marketing partners, referrals, social media platforms, analytics providers, public databases, or business affiliates[7]. If you interact with our content on social networks or via an affiliate link, we might receive your name and contact info from those third parties. Additionally, if you make payments through our Platform, our authorized payment processors (such as credit card companies or banks) will collect and process your payment information securely; we may receive confirmation of your payment and limited details needed for billing or record-keeping. We require such third-party service providers to handle your Personal Data in accordance with applicable privacy laws and only for the purposes we specify.
Information Collected Automatically: When you use our Platform or visit our websites, we automatically collect certain technical and usage information through cookies and similar tracking technologies. This may include your device’s IP address, browser type, device identifiers, pages or features you access, time and date of visits, and referring website. We use cookies, pixel tags, analytics scripts, and similar tools to remember your preferences and understand how you interact with our Platform[8][9]. A cookie is a small text file that a website stores on your device to recognize you on future visits and to save information about your session[10]. For instance, cookies help us keep you logged in, or in some cases to auto-log you out after a period of inactivity for security purposes (e.g. if an authorized user is logged in and the site is unused for more than 10 minutes, we may automatically log them off)[11]. You can set your browser to refuse all or some cookies or to alert you when cookies are being used. However, if you disable cookies, certain features of our Platform may not function properly[12]. For more details, please refer to our Cookies Policy (if available) or the relevant settings in your account.
How We Use Your Information
We use the personal information we collect for the following purposes, in compliance with applicable laws (including the PDPA and GDPR principles of lawful processing):
To Provide and Improve the Platform: We process your information to operate our website, apps, and services, and to deliver the functionality you expect. This includes using your information to create and manage your account, provide the services or products you requested, and personalize your experience. For example, we use your contact and account details to log you in, communicate with your device for connectivity, maintain your account preferences, and display relevant content[13][14]. We also analyze usage data (e.g. how you navigate the Platform) to troubleshoot performance issues, monitor uptime and security, and to develop and improve our offerings[15][16]. Some features may incorporate artificial intelligence (AI) tools to enhance functionality (e.g. automated responses or analytics); if so, we ensure any AI service providers only use your data as needed to provide the specific feature and do not use it to train general AI models[17].
To Fulfill Transactions and Communicate with You: We use personal information to process orders, subscriptions, and payments, and to send you important updates. For instance, we (or our payment partners) will use your provided payment information to complete billing transactions for subscription fees or purchases you make. We use your contact information (email, phone) to send you service-related communications such as confirmations, invoices, technical notices, updates, security alerts, and administrative messages. We may also respond to your inquiries or support requests using your contact details[18]. If you sign up for newsletters or provide consent, we might send you marketing communications about new features, offers, or events; you can opt out of these marketing messages at any time. (See Your Rights & Choices below.)
For Customer Support: Your information (like contact history or technical data) is used to provide customer service and support. This helps us investigate and address any issues you encounter on the Platform, answer your questions, and improve the quality of our support. For example, if you report a problem, we will reference your account details and relevant usage logs to troubleshoot effectively[19].
For Business Operations and Compliance: We process personal data as needed to run our everyday business operations, maintain records, and comply with legal obligations. This includes activities like accounting, auditing, billing and collections, fraud monitoring and prevention, detecting and protecting against security incidents, and enforcing our terms and policies[20][21]. We may use your information to exercise or defend our legal rights, to comply with laws and regulations (such as tax and financial reporting requirements), and to ensure we meet obligations under privacy laws (for example, keeping track of consent and opt-outs).
For Advertising and Marketing (with Consent): Where permitted by law and with your consent where required, we may use some of your information to tailor and deliver relevant advertisements or promotional content to you. We might analyze things like which pages you visited, or what services you use, to suggest other products or services you might be interested in. We could partner with advertising networks or social media platforms to show you ads on other sites as well, based on cookies or other identifiers[22][23]. For example, we may utilize data from marketing partners or an affiliate referral program to support targeted advertising[22]. You will always have the option to opt out of targeted advertising or marketing emails, as described in Your Rights & Choices below. (We do not sell your personal data to third parties for money, and any sharing for marketing is done in accordance with privacy laws and with appropriate safeguards.)
For Analytics and Statistics: We compile usage statistics and perform data analysis to understand how our Platform is used and how we can make it better. This involves aggregating data (in a way that does not directly identify individuals) to measure things like overall user engagement, feature popularity, or campaign effectiveness[24]. These statistics help us identify trends and preferences so we can improve the user experience and plan new features or content that better serve our users[25]. Whenever feasible, we use anonymized or aggregated information for these purposes.
To Ensure Security and Prevent Misuse: We may use your information to maintain the security of our Platform, our users, and others. This includes monitoring for fraudulent, harmful, or illegal activities and detecting and preventing spam, abuse, or unauthorized access. For example, IP addresses and device info may be used to block malicious activity, and login data may be used to automatically log out idle sessions for safety[11]. These processing activities help protect against crime, enforce our terms of service, and keep the Platform safe[21].
Legal Bases for Processing: When we process personal data about individuals from certain regions (such as the European Economic Area, UK, or others with similar laws), we do so under recognized legal bases. This means we collect and use your Personal Data only when we have a valid reason, such as: your consent (e.g. for optional marketing cookies or newsletters), performance of a contract (to provide you the services you signed up for), compliance with a legal obligation, or our legitimate interests (for example, improving our services, preventing fraud, or direct marketing) as long as those interests are not overridden by your data protection rights[26][27]. If we ask for personal data to comply with a legal requirement or to fulfill a contract with you, we will inform you at that time whether providing the information is mandatory and the consequences of not providing it. Where we rely on consent, you have the right to withdraw your consent at any time (this will not affect the lawfulness of processing before your withdrawal). For any questions about the legal bases we rely on in your jurisdiction, feel free to contact us.
Cookies and Tracking Technologies
As noted above, we use cookies and similar tracking technologies on our website and Platform to enhance your experience. Cookies are small files stored on your device that help websites remember information about you. We use cookies for several reasons, including:
Essential Cookies: to enable core site functionality (such as keeping you logged in, or remembering your cookie consent preferences). The Platform cannot function properly without these cookies.
Functional Cookies: to remember choices you make and provide enhanced features (for example, to save your language or region preference).
Analytics Cookies: to collect information about how visitors use our site (which pages are popular, how long users stay, how they navigate) so we can improve performance and user experience. We use third-party analytics services that set their own cookies, such as Google Analytics, to help with this.
Advertising Cookies: to track your browsing activity and interests so that we (or our advertising partners) can show you relevant ads on our site or elsewhere. These cookies might be set by advertising networks with our permission. They remember that you visited our site and help us measure the effectiveness of ad campaigns.
When you first visit our site, we may ask for your consent to place non-essential cookies (especially in jurisdictions where consent is required). You can always adjust your browser settings to refuse cookies or delete cookies stored on your device[12]. However, please note that if you disable certain cookies, some parts of our Platform may not function properly or your user experience may be degraded (for example, you might not be able to use certain features or may need to re-enter information). By continuing to use our site without disabling cookies, you consent to our use of cookies as described in this Policy. For more details on the specific cookies we use, you may refer to a separate Cookies Policy or contact us for more information.
How We Share or Disclose Information
We treat your Personal Data with care and confidentiality. We do not sell your personally identifiable information to third parties. However, in order to operate our business and provide our services, we may share or disclose information (only as necessary) in the following situations:
With Our Affiliates: If GrowthPort Solutions Sdn. Bhd. has affiliate companies or subsidiaries, we may share your information with them for purposes consistent with this Privacy Policy (for example, if they assist in providing our services)[28]. All such entities are bound to protect your information to the same standards described here.
With Authorized Service Providers and Partners: We employ trusted third-party companies and individuals to perform certain functions on our behalf. This includes service providers such as payment processors, website hosting providers, cloud infrastructure, data storage, customer support tools, analytics providers, marketing partners, and other IT or professional services[29]. We only share the information that is necessary for these vendors to perform their services (for example, sharing your payment details securely with a payment gateway to process a transaction, or providing our email service with your email address to send you a notification). Our contracts with service providers require them to use your data only for the agreed-upon purpose and to implement appropriate security measures to protect it[30]. We may also share anonymized or aggregated data (which cannot identify you personally) with partners for analysis, research, or to improve our services[29].
With Business Partners or Integrations: In some cases, we may partner with third parties to offer combined or integrated services. For example, if our Platform integrates with a third-party application or if we have referral/affiliate arrangements, we might share certain information with those partners. If you sign up through a referral link or engage with a joint offering, we may share your contact information or account status with the referring partner as necessary[31][32]. We will do so only in accordance with this Policy and, where required, with your consent.
For Advertising and Marketing: As noted, we may share some data (such as cookies or hashed email addresses) with third-party advertising networks or platforms to enable targeted advertising or re-marketing campaigns, only if permitted by law. These partners help us deliver ads that are more relevant to you and measure their effectiveness[33]. You can opt out of this sharing for marketing purposes by adjusting your cookie settings or contacting us, as described in Your Rights & Choices. We do not share your phone number or any personal contact info for marketing texts/calls with any third party without your explicit consent[34].
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, restructuring, bankruptcy, receivership, sale of company assets, or other corporate transaction, your information may be transferred to a successor or affiliate as part of that transaction. In such cases, we will ensure the new owner or combined entity will either continue to honor the commitments we have made in this Privacy Policy or will provide notice and/or obtain consent for any new uses of your data.
Legal Compliance and Protection: We may disclose your personal information when required to comply with the law or valid legal process. This means we will release information if we believe in good faith that such disclosure is necessary to comply with a subpoena, court order, or other legal request served on us[35]. We may also disclose information as needed to establish, exercise or defend legal claims. Additionally, we will disclose information if we believe it is reasonably necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety, rights or property of any person, or violations of our terms of service[36].
With Your Consent or At Your Direction: Apart from the cases above, if you explicitly consent or request that we share your information with a third party, we will do so. For instance, if you intentionally use features on the Platform to share information with others (such as linking your account to a third-party service or using an API integration), we will share data as needed to fulfill your request[37]. You may also authorize us to share your feedback or testimonials on our website or marketing materials; in such cases, we will publish personal information only with your permission.
We do not publicly disclose any personal contact information or identifiers except as described above. Any third parties with whom we share data are obligated to protect it and use it only for legitimate purposes consistent with this Policy. If you have questions about third parties that may have access to your data, feel free to contact us.
Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements[38]. In practical terms, this means we keep your data while your account is active or as needed to provide you services. After you discontinue using our services, we may still keep some data for a period of time that is appropriate considering the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use, the purposes of processing, and whether we can achieve those purposes through other means[39]. We also retain information as required by law or for legitimate business interests such as handling any disputes, enforcing our agreements, or protecting our legal rights.
In some cases, you may request that we delete your personal information (see Your Rights below). Upon such a request, we will take reasonable steps to remove or anonymize your personal data in our systems. However, please note that complete deletion may not be immediately possible in all instances due to technical, legal, or contractual obligations. For example, data might persist temporarily in backups or archived copies. If information remains in backups or logs, we will suppress or segregate it so that it is no longer readily accessible, and we will not use or disclose it further except if necessary for legal compliance[40]. We may retain certain minimal information to document your request and our response. In any event, once your data is no longer needed for the purposes for which it was collected, we will either securely destroy it or irreversibly anonymize it.
Data Security
We take the security of your personal data seriously. GrowthStudio implements commercially reasonable administrative, technical, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction[41]. For example, our systems employ industry-standard encryption protocols for data transfers (such as SSL/TLS for data in transit) and encryption or hashing for sensitive information (like passwords or payment details) stored at rest. Personal Data collected by us is stored on secure servers, and is only accessible to a limited number of authorized personnel who have special access rights to such systems[42]. Our employees and contractors are bound by confidentiality obligations; all team members are made familiar with our security policies and practices, and only trained, authorized individuals can handle personal data[42]. We regularly audit and update our security measures in line with technological advancements and industry best practices[43].
Despite our efforts, please be aware that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. Cyber threats continually evolve, and there is always some risk of data breaches or other unauthorized access. You can help protect your information by using strong passwords, keeping your login credentials confidential, and logging out of the Platform when you are done. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect that your account has been compromised), please contact us immediately so we can take appropriate action. We will promptly notify you, and any applicable regulators, of a data breach affecting your personal data if required by law.
Your Rights & Choices
Depending on your jurisdiction and applicable law, you may have certain rights regarding your personal data. We honor the rights of individuals as provided under laws like the GDPR and local data protection acts. These may include, but are not limited to, the following:
Right to Access: You can request confirmation of whether we are processing your personal information and obtain a copy of the data we hold about you[44]. This allows you to know and review the information we have collected.
Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request correction or updating of that information[45]. We encourage you to keep your information with us up-to-date and will honor legitimate requests to rectify inaccuracies.
Right to Erasure: You have the right to request that we delete your personal data under certain circumstances (for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and no other legal basis for processing applies)[45]. Upon a valid request, we will erase your data, unless retention is required by law or overriding legitimate interest (in which case we will inform you).
Right to Restrict Processing: You can ask us to limit the processing of your data in certain scenarios – for instance, if you contest the accuracy of the data or object to our processing, we will restrict processing while your request is being considered[46].
Right to Object to Processing: You have the right to object to the processing of your personal information in some cases, especially regarding processing for direct marketing or when we process data based on our legitimate interests[47]. If you object, we will stop processing your data for that purpose unless we have compelling legitimate grounds to continue or as otherwise permitted by law.
Right to Data Portability: To the extent applicable, you may request to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller (or ask us to do so, where technically feasible)[48]. This right applies when the processing is based on your consent or a contract with you and the processing is carried out by automated means.
Right to Withdraw Consent: If we rely on your consent to process personal information, you have the right to withdraw that consent at any time[49]. Once you withdraw consent, we will stop the specific processing that was based on consent. Please note that withdrawal does not affect the lawfulness of processing before the withdrawal. For example, you can opt out of marketing emails or withdraw consent for non-essential cookies through our preference center.
Right to Complain to a Regulator: If you believe your privacy rights have been violated, you have the right to lodge a complaint with a supervisory authority. For individuals in Malaysia, you may contact the Personal Data Protection Commissioner’s office. In Singapore, you may approach the Personal Data Protection Commission (PDPC). In the Philippines, you can reach out to the National Privacy Commission (NPC). If you are in the European Union (EU) or United Kingdom, you have the right to complain to your local data protection authority[50]. We would, however, appreciate the chance to address your concerns directly before you approach a regulator – so please feel free to contact us with any issues.
These rights may be subject to certain conditions and legal limitations depending on the jurisdiction. For example, some rights might not apply if fulfilling them would interfere with obligations we have under other laws. To exercise any of these rights, please contact us using the information in the Contact Us section below. We will respond to your request within the timeframe required by law (typically within one month for GDPR-related requests, extendable if necessary). We will not discriminate against you for exercising any of these rights. Note that, for security, we may need to verify your identity before fulfilling certain requests (such as access or deletion requests) to ensure that your data is not disclosed to someone impersonating you.
Additionally, you have choices regarding marketing communications and cookie preferences: if you no longer wish to receive marketing emails from us, you can opt out by clicking the “unsubscribe” link in those emails or by contacting us. For SMS or phone communications, you can opt out by following the instructions provided or contacting us to revoke consent. For cookies, as mentioned, you can adjust your browser or device settings to reject cookies, or use any consent management tool we provide on our site.
Children’s Privacy
Our services are not directed to children, and we do not knowingly collect personal information from individuals under the age of 18[51]. If you are under 18, please do not use the Platform or provide any personal data to us. We understand the importance of protecting children’s privacy, especially in an online environment. If we learn that we have inadvertently collected or received personal information from a child under 18 without verified parental consent, we will take steps to delete that information from our records as soon as possible[52]. If you are a parent or guardian and you become aware that your minor child has provided personal information to us, please contact us immediately so that we can investigate and take appropriate actions. (For residents of certain jurisdictions, such as the U.S., we observe the age limits and requirements of applicable laws like COPPA – even though our primary markets are Malaysia and other SEA countries, we choose to err on the side of caution in not allowing under-18 users.)
Links to Other Sites
Our website or Platform may contain links to third-party websites or services that are not operated by us. For example, our Platform might integrate with social media platforms (Facebook, Instagram, etc.) or payment gateways, or our marketing site might link to partner websites. Please note that this Privacy Policy applies solely to GrowthStudio’s own Platform and services, and not to any external sites or services that we do not control[53]. Once you click on a link to another website and leave our site, we have no control over the content, privacy practices, or security of that other site[54]. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the practices of such third parties regarding your data.
Changes to This Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make any material changes to how we handle your personal information, we will notify you by updating the “Last Updated” date at the top of this Policy and, if appropriate, by additional means such as an email notification or a prominent notice on our website[55]. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of the Platform after any changes to this Policy constitutes your acceptance of the updated terms, except in cases where your explicit consent is required (if, for instance, a change would permit a new use or disclosure of personal data that is incompatible with the purpose for which it was originally collected, we will obtain your consent or give you a clear opportunity to opt out of such new uses). If you do not agree with any updates or changes, you should discontinue use of the Platform and may request that we remove your data as per your rights outlined above.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and address any issues you may have about your privacy or data security. You can reach our data protection team at:
Email: [email protected]
Address: GrowthPort Solutions Sdn. Bhd. – [Full Business Address, e.g., Street, City, Postcode, Country]
Please include your name and contact information along with your request or inquiry. If you are making a data subject request (for access, correction, etc.), please describe the nature of your request with sufficient detail for us to process it. We will respond as soon as reasonably possible, and no later than required by applicable law.
Thank you for trusting GrowthStudio with your personal information. We are committed to safeguarding your privacy and providing a secure experience for all our users.