1 Introduction
Creatio Sistem Nusantara ("Company", "we", "us", "our") is committed to respecting and protecting the privacy of every individual who accesses or uses our websites, browser extensions, web applications, SaaS platforms, and all related digital products and services (collectively, the "Services").
This Privacy Policy describes our practices regarding the collection, use, storage, disclosure, and protection of personal information that we may obtain from you when you interact with our Services. By accessing or using any of our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.
This Privacy Policy should be read together with our Terms of Service and Refund Policy, which together form the complete legal framework governing your use of our Services.
2 Information We Collect
We may collect the following categories of information when you use our Services:
2.1 Information You Provide Directly
- Account Information: When you create an account, we may collect your name, email address, and authentication credentials.
- Payment Information: When you subscribe to premium services, your payment is processed by third-party payment processors (e.g., Dodo Payments, Stripe). We do not directly store your credit card numbers or banking details on our servers.
- Support Communications: When you contact our support team, we collect the information you provide in your message, including your name, email address, and the content of your inquiry.
- Feedback & Surveys: Any information you voluntarily submit through feedback forms, surveys, or reviews.
2.2 Information Collected Automatically
- Usage Data: We may collect data about how you interact with our Services, such as features used, pages visited, actions taken, timestamps, and session duration.
- Device Information: Browser type and version, operating system, screen resolution, language preference, and device identifiers.
- Log Data: Server logs may record your IP address, access times, referring URLs, and pages viewed.
- Cookies & Tracking Technologies: We may use cookies, web beacons, pixels, and similar technologies to enhance your experience and collect analytical data. See Section 8 for more details.
2.3 Information from Third Parties
- OAuth Providers: If you sign in using third-party authentication (e.g., Google Sign-In), we may receive your public profile information, email address, and profile picture from those services.
- Payment Processors: We may receive transaction confirmation data, subscription status, and billing email from payment platforms.
- Analytics Services: We may receive aggregated and anonymized data from third-party analytics tools that help us understand usage patterns.
3 How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, operate, maintain, and improve our Services, including processing transactions and managing your account.
- Personalization: To personalize your experience, including remembering your preferences, language settings, and usage patterns.
- Communication: To send you important notifications, service updates, billing confirmations, security alerts, and responses to your inquiries.
- Analytics & Improvement: To analyze usage trends, monitor the effectiveness of our Services, diagnose technical issues, and develop new features.
- Security & Fraud Prevention: To detect, prevent, and investigate fraud, abuse, security incidents, and other potentially harmful or illegal activities.
- Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
- Marketing (with consent): To send promotional materials, newsletters, or product updates, only if you have opted in to receive such communications. You can opt out at any time.
4 Legal Basis for Processing
We process your personal information based on the following legal grounds, as applicable under Indonesian data protection law (UU PDP No. 27/2022) and international standards:
| Legal Basis | Description |
|---|---|
| Consent | You have given explicit consent for the processing of your data for specific purposes (e.g., marketing emails, cookies). |
| Contractual Necessity | Processing is necessary to fulfill a contract with you (e.g., providing paid subscription services). |
| Legitimate Interest | Processing is necessary for our legitimate business interests (e.g., security, analytics, service improvement), provided it does not override your fundamental rights. |
| Legal Obligation | Processing is necessary to comply with applicable laws, regulations, or court orders. |
5 Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following limited circumstances:
- Service Providers: We share data with trusted third-party service providers who assist us in operating our Services (e.g., payment processors, email services, cloud hosting, analytics providers). These providers are contractually bound to use your data only for the purposes we specify and to protect your information.
- AI/LLM Processing: Translation text may be sent to third-party AI model providers (e.g., OpenAI, Google, DeepSeek) for real-time processing. These providers process data according to their own privacy policies. We minimize data sent and do not include identifying information.
- Legal Requirements: We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with legal obligations, protect our rights, investigate fraud, or respond to government requests.
- Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.
- With Your Consent: We may share your information for any other purpose disclosed to you with your prior explicit consent.
6 Data Security
We take the security of your personal information seriously and implement a variety of industry-standard technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS) protocols. Sensitive data stored at rest is encrypted using AES-256 or equivalent standards.
- Access Controls: Access to personal information is restricted to authorized personnel who require it for their job functions. We employ role-based access controls and the principle of least privilege.
- Infrastructure Security: Our servers are hosted on reputable cloud platforms with enterprise-grade security, including firewalls, intrusion detection systems, and regular security audits.
- Regular Monitoring: We continuously monitor our systems for vulnerabilities, suspicious activity, and potential security threats.
- Incident Response: We maintain an incident response plan to promptly address and remediate any data security incidents. In the event of a data breach that affects your rights, we will notify you and relevant authorities as required by law.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.
7 Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention guidelines include:
- Account Data: Retained for as long as your account is active. Upon account deletion request, we will delete or anonymize your data within 30 days, except where retention is required for legal or business purposes.
- Transaction Records: Billing and payment records are retained for a minimum of 5 years to comply with tax and financial reporting obligations.
- Support Tickets: Communications with our support team are retained for up to 2 years to improve service quality and for reference purposes.
- Usage Analytics: Aggregated and anonymized analytics data may be retained indefinitely for product improvement and trend analysis.
- Log Data: Server and application logs are typically retained for 90 days and then automatically purged.
8 Cookies & Tracking Technologies
We use cookies and similar tracking technologies to collect and use information about you and your interaction with our Services. Cookies are small data files placed on your device that help us recognize you and remember your preferences.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for the basic functionality of our Services (e.g., session management, authentication, security). | Session |
| Functional | Remember your preferences and settings (e.g., language, theme, display options). | 1 year |
| Analytics | Help us understand how visitors use our Services and identify areas for improvement. | 2 years |
| Performance | Monitor performance metrics, error rates, and loading times to optimize user experience. | 1 year |
You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our Services.
9 Your Rights
Under applicable data protection laws, including the Indonesian Personal Data Protection Law (UU PDP No. 27/2022), you have the following rights regarding your personal information:
- Right to Access: You have the right to request a copy of the personal data we hold about you and information about how it is processed.
- Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: You have the right to request the deletion of your personal data, subject to certain legal exceptions (e.g., legal retention requirements).
- Right to Restrict Processing: You have the right to request that we limit or restrict the processing of your personal data under certain circumstances.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transfer that data to another controller.
- Right to Object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing.
- Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at support@creatiosistem.com. We will respond to your request within 30 days as required by applicable law.
10 Children's Privacy
Our Services are not directed to individuals under the age of 13 ("Children"). We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected personal data from a child under 13 without verified parental consent, we will take immediate steps to delete such information from our servers.
If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at support@creatiosistem.com so that we can take the necessary action.
11 International Data Transfers
Your personal information may be transferred to, stored, and processed in countries other than your country of residence. Our servers and third-party service providers may be located in different jurisdictions, including but not limited to the United States, Singapore, and the European Union.
- When we transfer your data internationally, we ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.
- These safeguards may include data processing agreements, standard contractual clauses, or ensuring that the recipient is in a jurisdiction deemed to provide adequate data protection.
- By using our Services, you consent to the transfer of your information to countries outside your jurisdiction, which may have different data protection rules than your country.
12 Third-Party Services & Links
Our Services may contain links to, or integrations with, third-party websites, applications, and services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of every third-party service you interact with.
Key third-party services we may integrate with include:
- Payment Processors: Dodo Payments, Stripe — for secure payment processing.
- AI Model Providers: OpenAI (GPT), Google (Gemini), DeepSeek — for translation and AI features.
- Authentication: Google Sign-In — for account authentication.
- Analytics: Google Analytics — for understanding user behavior (anonymized).
- Hosting & Infrastructure: Cloud hosting providers — for server infrastructure and data storage.
We are not responsible for the privacy practices or content of any third-party services. Your interactions with these services are governed by their own terms and privacy policies.
13 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational needs. Any changes will be effective immediately upon posting the updated policy on this page, and the "Last Updated" date at the top will be revised accordingly.
For material changes that significantly affect how we handle your personal data, we will make reasonable efforts to provide prominent notice, such as:
- Sending an email notification to the address associated with your account.
- Displaying a prominent banner or in-app notification within our Services.
- Posting an announcement on our official website.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our Services after any modifications indicates your acceptance of the updated policy.
14 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us through the following channels:
- Email: support@creatiosistem.com
- Support Center: creatiosistem.com/support
- Company: Creatio Sistem Nusantara
- Website: creatiosistem.com
We are committed to resolving any privacy-related complaints and will respond to all inquiries within 2x24 hours (business hours). If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.