PT XIPTOR SOFTWARE SERVICE logo, Indonesian deeptech company for AI, native LLM, and systems engineering PT XIPTOR SOFTWARE SERVICE End-to-End IT Engineering

Privacy Policy

Scope. This policy applies to website visitors, leads, clients, and project participants who interact with PT XIPTOR SOFTWARE SERVICE through our website, email, messaging channels, or project systems.

Principles. We keep collection limited to what is reasonably needed, separate client work as much as practical, and apply safeguards that match the sensitivity of the information involved.

Use limits. Client project data is used for the agreed service, support, and administration unless we have another lawful or written basis to do otherwise.

Contact and account data. We may collect name, email address, phone number, company name, role, and other contact details needed to communicate and manage a project.

Project data. We may receive briefs, files, prompts, datasets, specifications, tickets, approvals, feedback, and other materials that are necessary to deliver the service.

Technical data. We may collect device type, browser information, IP address, approximate region, timestamps, logs, error reports, and usage data that help us operate, maintain, and improve the service.

Billing and admin data. We may retain invoice details, payment confirmations, contract references, and records needed for administration and accounting.

Sensitive information. We only collect sensitive or biometric data when it is required by the project and when the use is clearly documented and limited to the agreed purpose.

Delivery. We use data to scope work, build products, run tests, configure systems, provide support, and support the delivery of agreed deliverables.

Communication. We use contact and project information to respond to inquiries, share estimates, send status updates, and manage approvals.

System integrity and reliability. We use logs, telemetry, and access records to help maintain system integrity, identify issues, and investigate incidents where appropriate.

Operations. We use billing and administrative records to manage invoices, contracts, bookkeeping, dispute handling, and internal recordkeeping.

Biometric data. Facial images, voice patterns, fingerprints, or similar data are processed only when the service explicitly requires them, such as identity verification or computer vision features approved in scope.

Minimization. We use the least intrusive method available and avoid keeping raw sensitive data longer than necessary for the project.

Children and vulnerable users. We do not intentionally collect personal data from children without verified authorization from the responsible adult or organization. If a project may involve vulnerable users, extra review and safeguards may be required.

Special categories. Health, religion, political views, union membership, criminal history, and other highly sensitive categories are not collected unless the project clearly requires them and the use is documented and proportionate.

Service providers. We share data only with hosting, storage, collaboration, payment, or model providers that are necessary for the agreed engineering delivery.

Controls. Any processor acting on our behalf is expected to follow confidentiality obligations, purpose limits, and safeguards appropriate to the project.

International transfer. When data must move across borders, we limit it to the minimum necessary set and apply reasonable contractual, technical, and organizational safeguards appropriate to the sensitivity of the data.

No sale. We do not sell client personal data.

External tools. If an external AI model or collaboration tool is used, the relevant provider terms may also apply. Where possible, we prefer settings that reduce retention and reuse.

Protective controls. We use access controls, authentication rules, audit logs, backups, and encryption in transit and at rest where appropriate.

Operational separation. Client projects are separated where practical to reduce accidental exposure between engagements.

Retention. We keep data only as long as it is needed for engineering delivery, support, accounting, dispute handling, and other legitimate business purposes.

Deletion and archiving. When data is no longer needed, we may delete, anonymize, or archive it. We may retain a limited copy where needed for protection, accounting, or recordkeeping.

Essential cookies. We use cookies and similar tools that are necessary for the website to function, preserve sessions, and remember preferences where applicable.

Analytics. We may use analytics with data minimization where practical to understand page performance, navigation flow, error patterns, and general service usage.

Device and log data. Technical logs may include browser type, operating system, request time, referral path, IP address, and similar metadata used for troubleshooting and operational review.

Choice. If cookies or tracking are disabled, some features may not work as intended, but core access may remain available where technically feasible.

Requests. Where available, you may request access, correction, deletion, objection, restriction, or export of your personal data.

Verification. We may ask for reasonable verification before acting on a sensitive request to make sure the request is authorized.

Response. We review requests through our official channels and endeavor to respond within a reasonable timeframe.

Contact. Please use the official email or WhatsApp details listed in the footer for privacy questions or data requests.

Updates. We may update this policy when our services, technology, or data handling practices change.

Posting. The revised version will be published on this page with an updated date where appropriate.

Interpretation. If anything in this policy is unclear, we interpret it in a way that prioritizes client data protection while staying consistent with the service agreement and applicable law.