Privacy Policy

Effective Date: February 18, 2026 · Last Updated: February 18, 2026

This Privacy Policy explains how Calm Stoic, developed and operated by Neurakara Labs ("Neurakara Labs", "we", "us", or "our"), collects, uses, stores, shares, and protects your personal data when you use the Calm Stoic mobile application ("the App"). This policy is drafted in compliance with Indonesia's Personal Data Protection Law (UU No. 27 Tahun 2022, "UU PDP"), Government Regulation No. 17 of 2025 on Child Online Protection, the European Union General Data Protection Regulation (GDPR) where applicable, and Google Play Store policies.

1. Data Controller

The data controller responsible for your personal data is:

Neurakara Labs

Email: privacy@calmstoic.com

Website: https://calmstoic.app

For any questions regarding the processing of your personal data, you may contact our Data Protection Officer at dpo@calmstoic.com.

2. Definitions

In this Privacy Policy:

3. Data We Collect

We collect the following categories of personal data. Under UU PDP, much of this data qualifies as Specific Personal Data due to its health-related and sensitive nature.

3.1 Account Information (General Personal Data)

DataPurposeLegal Basis
Email addressAccount creation, authentication, communicationConsent + Contract
Display namePersonalization within the AppConsent
Password (hashed)Account securityContract
Authentication method preferenceLogin (email, biometric, PIN)Contract

3.2 Chat & Conversation Data (Specific Personal Data)

DataPurposeLegal Basis
Chat messages (text)AI persona responses, memory building, personalizationExplicit Consent
Chat history (per session)Contextual AI responses within a conversationExplicit Consent
Session metadata (timestamps, duration)Usage analytics, quality improvementLegitimate Interest
Message embeddings (numerical vectors)Semantic memory search for personalizationExplicit Consent
Images uploaded in chat (Sage tier)Multimodal AI analysisExplicit Consent

3.3 Journal Data (Specific Personal Data)

DataPurposeLegal Basis
Free-form journal textPersonal journaling, AI insightsExplicit Consent
Guided journal responsesStructured reflection exercisesExplicit Consent
Journal entry type (free, morning, evening, guided)Feature personalizationLegitimate Interest
AI-generated journal insightsReflective feedbackExplicit Consent

3.4 Mood & Emotion Data (Specific Personal Data)

DataPurposeLegal Basis
Daily mood check-ins (scale 1-5, emoji)Mood tracking, pattern visualizationExplicit Consent
Emotion coordinates (valence & arousal, 0-1)Emotional context for AI responsesExplicit Consent
Primary & secondary emotion labelsEmotion analysis, session contextExplicit Consent
Emotion source (manual, chat-derived, journal-derived)Data attributionLegitimate Interest

3.5 AI Memory Data (Specific Personal Data)

The App's AI memory system extracts and stores the following from your interactions to provide increasingly personalized guidance:

Memory CategoryDescriptionVolatility
BoundariesTopics you prefer to avoidInstant update
Top of MindCurrent issues you're dealing withHigh
IdentityWho you are (background, context)Low
PersonalityHow you think and communicateLow
Patterns & CopingBehavioral triggers and strategiesMedium
Values & GoalsWhat matters to youMedium
Growth & TimelineMilestones and breakthroughsCumulative

Memory consolidation occurs automatically via AI processing (nightly). Memories with low relevance (importance score below 0.2) are automatically archived after 90 days.

3.6 Assessment & Profile Data

DataPurposeLegal Basis
Onboarding assessment answers (challenges, life stage, triggers, preferences)Philosopher recommendation, personalizationConsent
Preferred personaDefault chat companionConsent
GoalsPersonalized guidanceConsent
Notification preferencesCommunication settingsConsent

3.7 Subscription & Transaction Data (Specific Personal Data)

DataPurposeLegal Basis
Subscription tier (Free, Premium, Sage)Feature access controlContract
Subscription status & expirationBilling managementContract
Transaction ID (from Google Play)Payment verificationContract + Legal Obligation
Stoic Seeds balance & transaction historyIn-app economyContract

We do not directly collect or store your payment card details. All payment processing is handled by Google Play and RevenueCat.

3.8 Device & Technical Data (General Personal Data)

DataPurposeLegal Basis
Device model, OS, OS versionCompatibility, crash diagnosticsLegitimate Interest
App versionFeature availability, debuggingLegitimate Interest
IP address (hashed)Security, rate limitingLegitimate Interest
Firebase Cloud Messaging tokenPush notificationsConsent
Crash reports and stack tracesApp stability improvementLegitimate Interest
Session identifiers (anonymous)AnalyticsLegitimate Interest

3.9 Biometric Data (Specific Personal Data)

If you enable biometric authentication (fingerprint, face recognition), the biometric data itself is processed and stored exclusively on your device within its secure enclave (iOS Keychain / Android Keystore). We do not transmit, access, or store your biometric data on our servers. We only store a boolean flag indicating that biometric authentication is enabled for your account.

3.10 Usage & Analytics Data

We collect anonymized and pseudonymized usage events to improve the App, including:

These events are associated with a pseudonymous user ID and do not contain the content of your messages, journal entries, or mood data.

4. How We Use Your Data

4.1 Providing the Service

4.2 Safety & Crisis Detection

We operate a dual-layer safety system that analyzes message content to detect potential crisis situations (self-harm, suicidal ideation). This system:

Legal basis: Vital interests of the data subject (UU PDP Article 20(d); GDPR Article 6(1)(d) and Article 9(2)(c)).

4.3 Improvement & Analytics

Legal basis: Legitimate interest.

4.4 Communication

Legal basis: Contract performance + Consent.

5. AI Processing & Automated Decision-Making

Calm Stoic relies extensively on artificial intelligence. This section provides transparency about how AI processes your data, as required by UU PDP and GDPR.

5.1 AI Models Used

Your data is processed by third-party large language models (LLMs) via the OpenRouter API. We use multiple specialized models for different purposes:

FunctionPurposeData Sent
Conversational AIChat responses, journal insights, Ask AICurrent message, chat history (up to 10 messages), memory context, emotion state, persona instructions
Analysis AIEmotion analysis, text extraction, summarizationMessage text, recent context (3 messages)
Reasoning AIMemory consolidation, breakthrough detectionAccumulated memories, interaction patterns
Embedding AISemantic memory searchText content (converted to numerical vectors for similarity matching)
Multimodal AIImage analysis (Sage tier only)Uploaded images + text prompt

The specific models used may change over time as we improve the service. All models are accessed through OpenRouter, Inc. (United States) as an intermediary API provider.

5.2 What Data is Sent to AI Providers

When you interact with AI personas, the following data may be included in the AI prompt:

Your data is not used by AI model providers for training their models. We use API endpoints that contractually prohibit the use of input/output data for model training.

5.3 Automated Decision-Making

The App makes the following automated decisions based on your data:

Under UU PDP Article 10 and GDPR Article 22, you have the right to object to automated decision-making. See Section 9 (Your Rights) for details.

6. Third-Party Services & Data Sharing

We share your data with the following third-party service providers, solely for the purposes described. We do not sell your personal data to any third party.

ServiceProviderCountryData SharedPurpose
AI Model APIOpenRouter, Inc.United StatesChat messages, journal text, emotion data, images (Sage)AI response generation
Subscription ManagementRevenueCat, Inc.United StatesUser ID, subscription status, transaction IDsIn-app purchase processing
Product AnalyticsPostHog, Inc.United StatesPseudonymous user ID, usage events, device info, IP hashProduct analytics and improvement
Crash ReportingGoogle LLC (Firebase Crashlytics)United StatesCrash logs, stack traces, device info, user IDApp stability monitoring
Push NotificationsGoogle LLC (Firebase Cloud Messaging)United StatesFCM token, notification payloadSending push notifications
Database & AuthSupabase (self-hosted)Indonesia (VPS)All user dataData storage, authentication

Each third-party provider processes data under their own privacy policy and our data processing agreements:

7. Cross-Border Data Transfer

Your primary data is stored on our self-hosted servers in Indonesia. However, certain data is transferred to third-party service providers located in the United States, as detailed in Section 6.

In accordance with UU PDP and MOCI Regulation 20/2016, we ensure the following safeguards for cross-border data transfers:

For EU/EEA users: Transfers to the United States are governed by Standard Contractual Clauses (SCCs) as adopted by the European Commission, or other applicable transfer mechanisms under GDPR Chapter V.

8. Data Retention

Data CategoryRetention PeriodAfter Account Deletion
Account informationDuration of accountDeleted within 30 days
Chat messagesDuration of accountDeleted within 30 days
Journal entriesDuration of accountDeleted within 30 days
Mood & emotion dataDuration of accountDeleted within 30 days
AI memory dataActive memories: duration of account. Auto-archived after 90 days if importance < 0.2Deleted within 30 days
Message embeddings (vectors)Duration of accountDeleted within 30 days
Subscription & transaction recordsDuration of account + 5 years (legal/tax requirement)Retained for legal compliance
Stoic Seeds transaction historyDuration of account + 1 yearAnonymized after deletion
Usage analytics (PostHog)Up to 7 years (PostHog retention)Pseudonymized; cannot be linked to deleted account
Crash reports (Firebase)90 days (Firebase default)Automatically expired
Redis caches (conversation, semantic, response)1 hour / 30 minutes / 24 hours respectivelyAuto-expired

When you delete your account, we initiate a cascading deletion of all personal data from our databases within 30 days. Data that has already been transmitted to third-party providers is subject to their respective retention policies. Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for statistical purposes.

9. Your Rights

Under UU PDP (Articles 5-14) and GDPR (Articles 15-22), you have the following rights regarding your personal data:

9.1 Right to Information (UU PDP Art. 5; GDPR Art. 13-14)

You have the right to know what personal data we collect, how it is processed, and who has access to it. This Privacy Policy serves as our primary disclosure.

9.2 Right of Access (UU PDP Art. 6; GDPR Art. 15)

You may request a copy of all personal data we hold about you. We will provide this in a structured, commonly used, machine-readable format (JSON) within 30 days of your request.

9.3 Right to Rectification (UU PDP Art. 7; GDPR Art. 16)

You may request correction of inaccurate or incomplete personal data. You can update your display name and profile information directly in the App. For other corrections, contact us.

9.4 Right to Deletion (UU PDP Art. 8; GDPR Art. 17)

You may request deletion of your personal data. You can delete your account through the App settings, which triggers a cascading deletion of all associated data. We will complete the deletion within 30 days, except where retention is required by law.

9.5 Right to Withdraw Consent (UU PDP Art. 9; GDPR Art. 7(3))

You may withdraw your consent for data processing at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal. You can withdraw consent by:

9.6 Right to Object to Automated Decision-Making (UU PDP Art. 10; GDPR Art. 22)

You have the right to object to decisions made solely based on automated processing, including AI-generated emotion analysis, memory consolidation, and crisis detection. If you object, we will review the automated decision with human involvement. Contact us to exercise this right.

9.7 Right to Restrict Processing (UU PDP Art. 11; GDPR Art. 18)

You may request that we limit the processing of your personal data in certain circumstances, such as while a rectification request is being processed or while an objection is being considered.

9.8 Right to Data Portability (UU PDP Art. 13; GDPR Art. 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON), and to request that we transmit this data to another service provider where technically feasible.

9.9 Right to Lodge a Complaint (UU PDP Art. 14)

If you believe your data protection rights have been violated, you may:

9.10 Right to Compensation (UU PDP Art. 12)

If you suffer damages due to a violation of your data protection rights, you are entitled to seek compensation in accordance with applicable law.

How to exercise your rights: Send a written request to privacy@calmstoic.com with the subject line "Data Subject Request". We will verify your identity and respond within 30 days. Requests are free of charge unless manifestly unfounded or excessive.

10. Data Security

We implement comprehensive technical and organizational measures to protect your personal data:

10.1 Encryption

10.2 Access Control

10.3 Infrastructure

11. Data Breach Notification

In the event of a personal data breach, we will:

12. Children's Privacy

Calm Stoic is intended for users aged 18 and above.

In compliance with Government Regulation No. 17 of 2025 on Child Online Protection, we implement the following measures:

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@calmstoic.com and we will take steps to delete the information.

13. Cookies & Local Storage

The Calm Stoic mobile application does not use browser cookies. However, we use the following local storage mechanisms:

For our website (calmstoic.app), we do not use tracking cookies. We may use essential cookies for functionality (language preference).

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

15. Governing Law & Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Indonesia, particularly UU No. 27 Tahun 2022 (Personal Data Protection). Any disputes arising from this policy shall be resolved through the courts of Jakarta, Indonesia.

For EU/EEA residents, this policy also complies with the General Data Protection Regulation (EU) 2016/679, and you retain the right to lodge complaints with your local Data Protection Authority.

16. Contact Us

General privacy inquiries: privacy@calmstoic.com

Data Protection Officer: dpo@calmstoic.com

Data subject requests: privacy@calmstoic.com (subject: "Data Subject Request")

Mailing address: Neurakara Labs, Jakarta, Indonesia

Kebijakan Privasi

Tanggal Berlaku: 18 Februari 2026 · Terakhir Diperbarui: 18 Februari 2026

Kebijakan Privasi ini menjelaskan bagaimana Calm Stoic, yang dikembangkan dan dioperasikan oleh Neurakara Labs ("Neurakara Labs", "kami"), mengumpulkan, menggunakan, menyimpan, membagikan, dan melindungi data pribadi Anda saat menggunakan aplikasi seluler Calm Stoic ("Aplikasi"). Kebijakan ini disusun sesuai dengan Undang-Undang Perlindungan Data Pribadi Indonesia (UU No. 27 Tahun 2022, "UU PDP"), Peraturan Pemerintah No. 17 Tahun 2025 tentang Perlindungan Anak di Ruang Digital, Peraturan Perlindungan Data Umum Uni Eropa (GDPR) jika berlaku, dan kebijakan Google Play Store.

1. Pengendali Data

Pengendali data yang bertanggung jawab atas data pribadi Anda adalah:

Neurakara Labs

Email: privacy@calmstoic.com

Situs web: https://calmstoic.app

Untuk pertanyaan mengenai pemrosesan data pribadi Anda, silakan hubungi Pejabat Perlindungan Data kami di dpo@calmstoic.com.

2. Definisi

Dalam Kebijakan Privasi ini:

3. Data yang Kami Kumpulkan

Kami mengumpulkan kategori data pribadi berikut. Berdasarkan UU PDP, sebagian besar data ini termasuk Data Pribadi Spesifik karena sifatnya yang berkaitan dengan kesehatan dan sensitif.

3.1 Informasi Akun (Data Pribadi Umum)

DataTujuanDasar Hukum
Alamat emailPembuatan akun, autentikasi, komunikasiPersetujuan + Kontrak
Nama tampilanPersonalisasi dalam AplikasiPersetujuan
Kata sandi (di-hash)Keamanan akunKontrak
Preferensi metode autentikasiLogin (email, biometrik, PIN)Kontrak

3.2 Data Percakapan & Chat (Data Pribadi Spesifik)

DataTujuanDasar Hukum
Pesan chat (teks)Respons persona AI, pembangunan memori, personalisasiPersetujuan Eksplisit
Riwayat chat (per sesi)Respons AI kontekstual dalam percakapanPersetujuan Eksplisit
Metadata sesi (waktu, durasi)Analitik penggunaan, peningkatan kualitasKepentingan Sah
Embedding pesan (vektor numerik)Pencarian memori semantik untuk personalisasiPersetujuan Eksplisit
Gambar yang diunggah di chat (tier Sage)Analisis AI multimodalPersetujuan Eksplisit

3.3 Data Jurnal (Data Pribadi Spesifik)

DataTujuanDasar Hukum
Teks jurnal bebasPenjurnalan pribadi, wawasan AIPersetujuan Eksplisit
Respons jurnal terpanduLatihan refleksi terstrukturPersetujuan Eksplisit
Jenis entri jurnalPersonalisasi fiturKepentingan Sah
Wawasan jurnal yang dihasilkan AIUmpan balik reflektifPersetujuan Eksplisit

3.4 Data Suasana Hati & Emosi (Data Pribadi Spesifik)

DataTujuanDasar Hukum
Check-in suasana hati harian (skala 1-5, emoji)Pelacakan suasana hati, visualisasi polaPersetujuan Eksplisit
Koordinat emosi (valensi & arousal, 0-1)Konteks emosional untuk respons AIPersetujuan Eksplisit
Label emosi primer & sekunderAnalisis emosi, konteks sesiPersetujuan Eksplisit
Sumber emosi (manual, dari chat, dari jurnal)Atribusi dataKepentingan Sah

3.5 Data Memori AI (Data Pribadi Spesifik)

Sistem memori AI Aplikasi mengekstrak dan menyimpan informasi berikut dari interaksi Anda untuk memberikan panduan yang semakin personal:

Kategori MemoriDeskripsiVolatilitas
BatasanTopik yang ingin Anda hindariPembaruan instan
Hal TerkiniMasalah yang sedang Anda hadapiTinggi
IdentitasSiapa Anda (latar belakang, konteks)Rendah
KepribadianCara Anda berpikir dan berkomunikasiRendah
Pola & KopingPemicu perilaku dan strategiSedang
Nilai & TujuanApa yang penting bagi AndaSedang
Pertumbuhan & Garis WaktuPencapaian dan terobosanKumulatif

Konsolidasi memori terjadi secara otomatis melalui pemrosesan AI (setiap malam). Memori dengan relevansi rendah (skor kepentingan di bawah 0,2) secara otomatis diarsipkan setelah 90 hari.

3.6 Data Asesmen & Profil

DataTujuanDasar Hukum
Jawaban asesmen onboardingRekomendasi filsuf, personalisasiPersetujuan
Persona yang disukaiPendamping chat defaultPersetujuan
TujuanPanduan yang dipersonalisasiPersetujuan
Preferensi notifikasiPengaturan komunikasiPersetujuan

3.7 Data Langganan & Transaksi (Data Pribadi Spesifik)

DataTujuanDasar Hukum
Tier langganan (Free, Premium, Sage)Kontrol akses fiturKontrak
Status langganan & kedaluwarsaManajemen penagihanKontrak
ID Transaksi (dari Google Play)Verifikasi pembayaranKontrak + Kewajiban Hukum
Saldo Stoic Seeds & riwayat transaksiEkonomi dalam aplikasiKontrak

Kami tidak secara langsung mengumpulkan atau menyimpan detail kartu pembayaran Anda. Semua pemrosesan pembayaran ditangani oleh Google Play dan RevenueCat.

3.8 Data Perangkat & Teknis (Data Pribadi Umum)

DataTujuanDasar Hukum
Model perangkat, OS, versi OSKompatibilitas, diagnostik kerusakanKepentingan Sah
Versi aplikasiKetersediaan fitur, debuggingKepentingan Sah
Alamat IP (di-hash)Keamanan, pembatasan lajuKepentingan Sah
Token Firebase Cloud MessagingNotifikasi pushPersetujuan
Laporan kerusakan dan stack tracePeningkatan stabilitas aplikasiKepentingan Sah
Pengenal sesi (anonim)AnalitikKepentingan Sah

3.9 Data Biometrik (Data Pribadi Spesifik)

Jika Anda mengaktifkan autentikasi biometrik (sidik jari, pengenalan wajah), data biometrik itu sendiri diproses dan disimpan secara eksklusif di perangkat Anda dalam secure enclave (iOS Keychain / Android Keystore). Kami tidak mengirim, mengakses, atau menyimpan data biometrik Anda di server kami. Kami hanya menyimpan tanda boolean yang menunjukkan bahwa autentikasi biometrik diaktifkan untuk akun Anda.

3.10 Data Penggunaan & Analitik

Kami mengumpulkan event penggunaan yang dianonimkan dan dipseudoanonimkan untuk meningkatkan Aplikasi, termasuk:

Event ini dikaitkan dengan ID pengguna pseudonim dan tidak mengandung konten pesan, entri jurnal, atau data suasana hati Anda.

4. Bagaimana Kami Menggunakan Data Anda

4.1 Menyediakan Layanan

4.2 Keselamatan & Deteksi Krisis

Kami mengoperasikan sistem keselamatan dua lapis yang menganalisis konten pesan untuk mendeteksi potensi situasi krisis (menyakiti diri sendiri, ideasi bunuh diri). Sistem ini:

Dasar hukum: Kepentingan vital subjek data (UU PDP Pasal 20 huruf d; GDPR Pasal 6(1)(d) dan Pasal 9(2)(c)).

4.3 Peningkatan & Analitik

Dasar hukum: Kepentingan sah.

4.4 Komunikasi

Dasar hukum: Pelaksanaan kontrak + Persetujuan.

5. Pemrosesan AI & Pengambilan Keputusan Otomatis

Calm Stoic sangat bergantung pada kecerdasan buatan. Bagian ini memberikan transparansi tentang bagaimana AI memproses data Anda, sebagaimana diwajibkan oleh UU PDP dan GDPR.

5.1 Model AI yang Digunakan

Data Anda diproses oleh model bahasa besar (LLM) pihak ketiga melalui API OpenRouter. Kami menggunakan beberapa model khusus untuk tujuan yang berbeda:

FungsiTujuanData yang Dikirim
AI PercakapanRespons chat, wawasan jurnal, Ask AIPesan saat ini, riwayat chat (hingga 10 pesan), konteks memori, keadaan emosi, instruksi persona
AI AnalisisAnalisis emosi, ekstraksi teks, ringkasanTeks pesan, konteks terkini (3 pesan)
AI PenalaranKonsolidasi memori, deteksi terobosanMemori akumulasi, pola interaksi
AI EmbeddingPencarian memori semantikKonten teks (diubah menjadi vektor numerik)
AI MultimodalAnalisis gambar (tier Sage saja)Gambar yang diunggah + prompt teks

5.2 Data yang Dikirim ke Penyedia AI

Saat Anda berinteraksi dengan persona AI, data berikut dapat disertakan dalam prompt AI:

Data Anda tidak digunakan oleh penyedia model AI untuk melatih model mereka.

5.3 Pengambilan Keputusan Otomatis

Aplikasi membuat keputusan otomatis berikut berdasarkan data Anda:

Berdasarkan UU PDP Pasal 10 dan GDPR Pasal 22, Anda memiliki hak untuk menolak pengambilan keputusan otomatis. Lihat Bagian 9 (Hak Anda) untuk detail.

6. Layanan Pihak Ketiga & Pembagian Data

Kami membagikan data Anda dengan penyedia layanan pihak ketiga berikut, semata-mata untuk tujuan yang dijelaskan. Kami tidak menjual data pribadi Anda kepada pihak ketiga mana pun.

LayananPenyediaNegaraData yang DibagikanTujuan
API Model AIOpenRouter, Inc.Amerika SerikatPesan chat, teks jurnal, data emosi, gambar (Sage)Pembuatan respons AI
Manajemen LanggananRevenueCat, Inc.Amerika SerikatID pengguna, status langganan, ID transaksiPemrosesan pembelian dalam aplikasi
Analitik ProdukPostHog, Inc.Amerika SerikatID pengguna pseudonim, event penggunaan, info perangkat, hash IPAnalitik produk dan peningkatan
Pelaporan KerusakanGoogle LLC (Firebase Crashlytics)Amerika SerikatLog kerusakan, stack trace, info perangkat, ID penggunaPemantauan stabilitas aplikasi
Notifikasi PushGoogle LLC (Firebase Cloud Messaging)Amerika SerikatToken FCM, payload notifikasiPengiriman notifikasi push
Database & AutentikasiSupabase (self-hosted)Indonesia (VPS)Semua data penggunaPenyimpanan data, autentikasi

7. Transfer Data Lintas Batas

Data utama Anda disimpan di server yang kami kelola sendiri di Indonesia. Namun, data tertentu ditransfer ke penyedia layanan pihak ketiga yang berlokasi di Amerika Serikat, sebagaimana dirinci di Bagian 6.

Sesuai dengan UU PDP dan Peraturan Menkominfo No. 20/2016, kami memastikan perlindungan berikut untuk transfer data lintas batas:

8. Retensi Data

Kategori DataPeriode RetensiSetelah Penghapusan Akun
Informasi akunSelama akun aktifDihapus dalam 30 hari
Pesan chatSelama akun aktifDihapus dalam 30 hari
Entri jurnalSelama akun aktifDihapus dalam 30 hari
Data suasana hati & emosiSelama akun aktifDihapus dalam 30 hari
Data memori AIMemori aktif: selama akun aktif. Otomatis diarsipkan setelah 90 hari jika kepentingan < 0,2Dihapus dalam 30 hari
Embedding pesan (vektor)Selama akun aktifDihapus dalam 30 hari
Catatan langganan & transaksiSelama akun aktif + 5 tahun (kewajiban hukum/pajak)Disimpan untuk kepatuhan hukum
Riwayat transaksi Stoic SeedsSelama akun aktif + 1 tahunDianonimkan setelah penghapusan
Analitik penggunaan (PostHog)Hingga 7 tahunDipseudoanonimkan
Laporan kerusakan (Firebase)90 hariKedaluwarsa otomatis
Cache Redis1 jam / 30 menit / 24 jamKedaluwarsa otomatis

Ketika Anda menghapus akun, kami memulai penghapusan bertingkat semua data pribadi dari database kami dalam 30 hari.

9. Hak Anda

Berdasarkan UU PDP (Pasal 5-14) dan GDPR (Pasal 15-22), Anda memiliki hak-hak berikut terkait data pribadi Anda:

9.1 Hak atas Informasi

Anda berhak mengetahui data pribadi apa yang kami kumpulkan, bagaimana data tersebut diproses, dan siapa yang memiliki akses.

9.2 Hak Akses

Anda dapat meminta salinan semua data pribadi yang kami miliki tentang Anda dalam format JSON dalam 30 hari.

9.3 Hak Perbaikan

Anda dapat meminta koreksi data pribadi yang tidak akurat atau tidak lengkap.

9.4 Hak Penghapusan

Anda dapat meminta penghapusan data pribadi Anda melalui pengaturan Aplikasi. Penghapusan diselesaikan dalam 30 hari.

9.5 Hak Menarik Persetujuan

Anda dapat menarik persetujuan Anda untuk pemrosesan data kapan saja melalui pengaturan Aplikasi, menghapus akun, atau menghubungi kami di privacy@calmstoic.com.

9.6 Hak Menolak Pengambilan Keputusan Otomatis

Anda berhak menolak keputusan yang dibuat semata-mata berdasarkan pemrosesan otomatis. Hubungi kami untuk menggunakan hak ini.

9.7 Hak Membatasi Pemrosesan

Anda dapat meminta agar kami membatasi pemrosesan data pribadi Anda dalam keadaan tertentu.

9.8 Hak Portabilitas Data

Anda berhak menerima data pribadi Anda dalam format JSON yang dapat dibaca mesin.

9.9 Hak Mengajukan Keluhan

Hubungi kami di privacy@calmstoic.com atau ajukan keluhan ke Lembaga Perlindungan Data Pribadi Indonesia.

9.10 Hak Ganti Rugi

Anda berhak menuntut ganti rugi jika hak perlindungan data Anda dilanggar.

Cara menggunakan hak Anda: Kirim permintaan ke privacy@calmstoic.com dengan subjek "Permintaan Subjek Data". Kami akan merespons dalam 30 hari.

10. Keamanan Data

10.1 Enkripsi

10.2 Kontrol Akses

10.3 Infrastruktur

11. Notifikasi Pelanggaran Data

Dalam hal terjadi pelanggaran data, kami akan memberitahu subjek data yang terkena dampak dalam 3 x 24 jam sesuai UU PDP Pasal 46.

12. Privasi Anak

Calm Stoic ditujukan untuk pengguna berusia 18 tahun ke atas. Kami tidak secara sadar mengumpulkan data dari individu di bawah 18 tahun.

13. Cookie & Penyimpanan Lokal

Aplikasi seluler tidak menggunakan cookie browser. Situs web kami tidak menggunakan cookie pelacakan.

14. Perubahan Kebijakan Ini

Kami dapat memperbarui Kebijakan Privasi ini. Perubahan material akan diberitahukan melalui notifikasi dalam aplikasi atau email.

15. Hukum yang Berlaku & Yurisdiksi

Kebijakan ini diatur oleh hukum Republik Indonesia, khususnya UU No. 27 Tahun 2022. Sengketa diselesaikan melalui pengadilan di Jakarta, Indonesia.

16. Hubungi Kami

Pertanyaan privasi umum: privacy@calmstoic.com

Pejabat Perlindungan Data: dpo@calmstoic.com

Permintaan subjek data: privacy@calmstoic.com (subjek: "Permintaan Subjek Data")

Alamat surat: Neurakara Labs, Jakarta, Indonesia