Privacy Policy

1. Introduction

DxIndo ("We," "Us," or "Company") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you:

• Visit our website (dxindo.com or related subdomains)
• Contact us via email, WhatsApp, contact form, or other media
• Use our consulting services or order application development, custom systems, hosting, domains, maintenance, or other digital services

By using our website or services, you consent to the collection and use of your data in accordance with this Privacy Policy.

2. Information We Collect

We collect several types of information:

a. Information You Provide Directly

• Full name
• Email address
• Phone number / WhatsApp
• Company/organization name
• Project description, business need, brief, or technical specifications
• Payment information (if relevant, processed through a secure third party)

b. Automatically Collected Information

• IP Address
• Browser and Device Type
• Operating System
• Pages Visited, Access Times, and Visit Duration
• Cookies and Similar Tracking Technologies (See Cookies Section Below)

c. Third Party Information

If you contact us through a third-party platform (e.g., WhatsApp Business, Google Forms, or social media), we may receive basic information from that platform in accordance with your privacy settings.

3. Purpose of Using Personal Data

We use your information to:

• Respond to inquiries, consultations, and quotation requests
• Execute contracts for application/digital service development
• Send project updates, invoices, and project-related communications
• Improve our website and services
• Prevent abuse, fraud, or illegal activity
• Comply with legal obligations (e.g., tax reporting or law enforcement requests)

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences on the site
• Analyze visitor traffic and behavior (Google Analytics, etc.)
• Improve user experience

You can manage your cookie preferences through your browser settings or the consent banner on our site. Disabling certain cookies may limit the site's functionality.

5. Sharing Personal Data

We do not sell your personal data. We only share data in the following situations:

• With third-party service providers who assist us (hosting servers, payment gateways, email services, cloud storage) with strict data protection agreements
• When required by law or upon official request from competent authorities
• In the event of a merger, acquisition, or corporate restructuring (with notification if required)

6. Data Storage and Security

Data is retained for as long as necessary for the purposes stated above or as required by law (generally a maximum of 5–10 years for contract/project data). We use reasonable technical and organizational security measures, including encryption, firewalls, access control, and regular reviews.

However, no system is 100% secure. We cannot guarantee absolute security.

7. Your Rights to Personal Data

In accordance with the Personal Data Protection Law No. 27 of 2022, you have the right to:

• Know what personal data we hold about you
• Request correction of inaccurate data
• Request deletion of data (within certain limits)
• Withdraw consent (if processing is based on consent)
• Object to certain processing

To exercise these rights, please contact us via the email address below.

7.5 GDPR Compliance (For Users in the European Union/EEA)

Although DxIndo is based in Indonesia and primarily subject to the Personal Data Protection Law No. 27 of 2022, we are committed to implementing data protection principles equivalent to the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) when processing personal data of citizens or residents of the European Union/EEA, particularly in the context of digital services and international projects.

We apply the following key principles of the GDPR:

• Legal Basis for Processing — The processing of personal data is based on your consent, the performance of a contract (for example, when you order app development services), a legal obligation, or our legitimate interests (such as project management and business communications).
• Data Minimization & Purpose Limitation — We only collect data that is strictly necessary for the purposes described and do not use it for any purpose other than that.
• Transparency — This information is communicated clearly and easily accessible through this Privacy Policy.
• Security — We implement appropriate technical and organizational measures (data encryption during transit and storage, access control, regular audits) to protect data from unauthorized access, loss, or destruction.
• Data Subject Rights — You have the following rights under the GDPR (which also aligns with the Indonesian Data Subject Law):
  • The right to access your personal data
  • The right to rectify inaccurate data
  • The right to data erasure ("right to be forgotten") within the law
  • The right to restrict processing
  • The right to object to processing (including for direct marketing)
  • The right to data portability
  • The right not to be subject to automated decisions solely (profiling)
• International Data Transfers — If data is processed outside the EEA (e.g., stored on servers Indonesia or a global cloud provider), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or transfer mechanisms recognized by the European Commission.
• Data Breach Notification — In the event of a data breach that poses a significant risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach (in accordance with GDPR standards).

If you are a resident of the European Union/EEA and wish to exercise your GDPR rights or have questions regarding data processing, please contact us by email at dxindo.com@gmail.com. We will respond within 30 days (in accordance with GDPR requirements).

Note: Full GDPR compliance only applies if we act as a controller or processor of EU citizens' data on a significant scale. For small projects or regular consultations, data processing is primarily governed by Indonesian law (UU PDP).

7.6 CCPA/CPRA Compliance (For Consumers in California, United States)

Although DxIndo is based in Indonesia and primarily subject to the Personal Data Protection Act No. 27 of 2022, we respect the privacy rights of California consumers in accordance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We apply the following CCPA/CPRA principles when processing the personal data of California residents:

• Right to Know — You have the right to request information about the specific categories and types of personal data we have collected, used, shared, or sold about you in the past 12 months.
• Right to Access — You may request a copy of the personal data we hold about you.
• Right to Delete — You have the right to request the deletion of your personal data, with certain exceptions permitted by law (for example, data necessary to complete a contract or fulfill a legal obligation).
• Right to Limit Use of Sensitive Personal Information — We do not use or share sensitive personal data (such as your SSN, health data, or specific financial information) for purposes other than those necessary to provide the Services you have requested.
• Right to Non-Discrimination — We will not discriminate against you (e.g., deny service or charge different prices) because you exercise your CCPA rights.
• Right to Opt-Out of Data Sales/Sharing — We do not "sell" or "share" your personal data as defined in the CCPA/CPRA (no sale of data for cross-context advertising). However, if such practices occur in the future, We will provide a "Do Not Sell or Share My Personal Information" link on the website.

To exercise your CCPA rights, please send a verifiable request via email to dxindo.com@gmail.com with the subject line "CCPA Request – [Your Name]". Include sufficient information to verify your identity (e.g., name, project-related email address, and other relevant details). We will respond within 45 days (extendable by another 45 days if necessary), in accordance with the CCPA.

Note: Full compliance with the CCPA/CPRA only applies if we process the personal data of California residents above a certain threshold. For most interactions (consulting, custom projects, applications), data processing is governed primarily by Indonesian law (UU PDP). We remain committed to providing transparency and equal control rights.

8. Privacy Policy Changes

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new "Last Updated" date. We recommend that you check this page periodically.

9. Contact Us

If you have any questions, complaints, or would like to exercise your rights regarding personal data, please contact:

• Email: dxindo.com@gmail.com
• WhatsApp: +62 8133 3040 17

We will try to respond within 3–7 business days.