Skip to main content
See sample reportGet a proposal

Privacy Policy

Last updated: April 2026

Introduction

Brandon Digital ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Information We Collect

Personal Information

We may collect personal information that you provide directly to us, including:

  • • Name and contact information (email, phone number)
  • • Company information and job title
  • • Information provided in contact forms or consultations
  • • Communication preferences

Automatically Collected Information

When you visit our website, we may automatically collect:

  • • IP address and device information
  • • Browser type and version
  • • Pages visited and time spent on our site
  • • Referring website information

How We Use Your Information

We use the information we collect to:

  • • Respond to your inquiries and provide customer support
  • • Deliver marketing services and consultations
  • • Send you relevant marketing insights and updates (with your consent)
  • • Improve our website and services
  • • Comply with legal obligations

Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • • With your explicit consent
  • • To service providers who assist in business operations (under strict confidentiality agreements)
  • • When required by law or to protect our legal rights
  • • In connection with a business transaction (merger, acquisition, etc.)

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.

Cookies and Tracking

Our website uses cookies and similar tracking technologies to improve user experience and analyze website traffic. You can control cookie settings through your browser preferences.

Your Rights

You have the right to:

  • • Access the personal information we hold about you
  • • Request correction of inaccurate information
  • • Request deletion of your personal information
  • • Opt out of marketing communications
  • • Request data portability

Malaysia Personal Data Protection Act (PDPA) 2010

As a Malaysian company, Brandon Digital complies with the Personal Data Protection Act 2010 (PDPA). This section outlines your rights and our obligations under Malaysian data protection law.

Consent

We obtain your consent before collecting and processing your personal data. Consent is obtained through our contact forms and cookie consent mechanism. You may withdraw your consent at any time by contacting us, though this may affect our ability to provide certain services.

Data Subject Rights

Under the PDPA, you have the following rights:

  • Right of Access — You may request access to your personal data held by us
  • Right of Correction — You may request correction of personal data that is inaccurate, incomplete, misleading, or not up to date
  • Right to Withdraw Consent — You may withdraw your consent to the processing of your personal data at any time
  • Right to Prevent Processing — You may request that we stop processing your personal data for direct marketing purposes

To exercise any of these rights, please contact us at weijie.c@brandondigital.co. We will respond to your request within 21 days as required by the PDPA.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws. Contact form submissions and lead data are retained for the duration of our business relationship and for a reasonable period thereafter for record-keeping and legal compliance. You may request deletion of your data at any time.

Cross-Border Transfers

Some of our service providers (such as email delivery, analytics, and hosting) may process data outside of Malaysia. Where personal data is transferred outside Malaysia, we ensure that appropriate safeguards are in place to protect your data in accordance with the PDPA, including ensuring the receiving country provides an adequate level of data protection.

WhatsApp Business Platform and Meta Integration

Brandon Digital integrates with Meta Platforms, Inc. products (including the WhatsApp Business Platform, Meta Ads, the Meta Conversions API, and Meta Business Suite) to provide marketing attribution, advertising measurement, and customer messaging services to our clients. This section explains what data we access, how we process it, and your rights. This section takes precedence over the general sections above where the two conflict for Meta-sourced data.

Meta Products We Integrate With

  • WhatsApp Business Platform (Cloud API) — to send and receive business messages on behalf of our clients and to receive webhook events including click-to-WhatsApp ad attribution identifiers
  • Meta Conversions API for Business Messaging — to send conversion events tied to messaging conversations back to Meta for ad optimisation
  • Meta Marketing API — to read ad performance and campaign configuration on behalf of our clients
  • Facebook Login for Business / Embedded Signup — to onboard our clients to the above integrations with their explicit consent

WhatsApp Messaging Data We Access

When a client onboards their WhatsApp Business Account to Brandon Digital via Embedded Signup, we receive limited access to the following data through Meta's APIs:

  • • Inbound message content and metadata (sender phone number, timestamp, message type)
  • • WhatsApp profile display name of the message sender
  • • Referral metadata including ctwa_clid (click-to-WhatsApp click identifier), source ad ID, and ad creative information when the message originates from a Meta ad
  • • Message delivery and read status webhooks
  • • Phone number display name and status of the connected business number

We do not access: existing WhatsApp chat history prior to onboarding, personal (non-business) WhatsApp accounts, or any WhatsApp data outside the WhatsApp Business Account explicitly connected to Brandon Digital.

How We Use WhatsApp and Meta Data

  • • Record each inbound message in our client's CRM of choice (e.g., HubSpot, StartInfinity, Notion) so the client can manage the lead
  • • Parse attribution identifiers (gclid, fbclid, ctwa_clid) from messages and referral objects to tie conversations back to the ads that drove them
  • • Send conversion events (lead, qualified lead, customer) to the Meta Conversions API so our client's ad campaigns optimise against real business outcomes, not just message clicks
  • • Surface aggregated performance metrics to the client through their dashboard on our platform

We do not use WhatsApp messaging data for our own advertising, sell it to third parties, feed it into external analytics or data broker products, or use it to train general-purpose machine learning models.

Our Role: Data Processor vs Data Controller

For the personal data contained in a client's end-customer messages, Brandon Digital acts as a Data Processor on behalf of the client, who is the Data Controller. Our client is responsible for obtaining any consents required under the laws applicable to their end-customers (including the Malaysia PDPA, GDPR, or other jurisdictional equivalents). Our processing is scoped by contract and by Meta's WhatsApp Business Messaging Policy, which we comply with.

For data collected directly from visitors to brandondigital.co (including contact form submissions), Brandon Digital is the Data Controller and the general sections of this Privacy Policy apply.

Data Retention for WhatsApp and Meta Integrations

  • Raw webhook payloads — retained for 30 days for debugging and replay, then automatically purged
  • Parsed attribution identifiers — retained for the duration of the client relationship so we can send accurate conversion events back to Meta
  • Access tokens — stored encrypted at rest; revoked immediately when a client offboards or upon user request
  • End-customer contact data written to the client's CRM — governed by the client's own data retention policy; Brandon Digital does not independently retain a copy beyond the operational caches above

End-User Rights for WhatsApp-Sourced Data

If you are an end-user (not a Brandon Digital client) whose WhatsApp message was processed by our systems, you have the right to request access to, correction of, or deletion of any personal data we hold about you. Because our client is the Data Controller, we will first direct your request to the relevant client for verification. To exercise these rights, email hello@brandondigital.co with your phone number and the approximate date of contact. See our Data Deletion page for the full process.

Meta Platform Terms Compliance

Our use of information received from Meta APIs (including the WhatsApp Business Platform and the Meta Conversions API) adheres to Meta's Platform Terms, WhatsApp Business Messaging Policy, and applicable Developer Policies, including limited use requirements and prohibitions on reselling data.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: weijie.c@brandondigital.co