Privacy Policy

Privacy Policy

Last updated: 12 May 2026

1. Who we are

SatuCircle ("we", "us") is operated by PT Kodebyte Inti Teknologi, registered in Jakarta Barat, DKI Jakarta, Indonesia. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Service.

We comply with Undang-Undang Republik Indonesia Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi (UU PDP). You can contact our data protection contact at [email protected].

2. Data we collect

We collect the following categories of personal data:

  • Account data: name, email address, password (hashed), username, profile photo, date of registration.
  • Profile data: city, province, bio, interests, social handles you choose to share.
  • Activity data: activities you host, request, join, cancel, attend; messages and questions you post; reviews you write.
  • Circle Rep data: attendance verification, late cancellations, no-shows, and the resulting trust score and tier.
  • Technical data: IP address, browser type, device type, session timestamps, error logs.
  • OAuth data: if you sign in via Google or other providers, the provider returns your name, email, and profile photo. We do not access your contacts or other provider data.

3. Why we use your data

We process your personal data for these purposes:

  • To create and manage your account
  • To match you with activities and surface relevant content
  • To compute and display Circle Rep scores and history
  • To enable hosts and members to make informed decisions about who to meet
  • To send transactional emails (verification, password reset, activity notifications)
  • To detect and prevent fraud, abuse, and policy violations
  • To respond to your support requests
  • To comply with legal obligations under Indonesian law

Our legal basis under UU PDP includes: your consent (Article 20(2)(a)), performance of a contract you entered into (the Service), and our legitimate interests in running a safe platform.

4. Public vs private data

The following information is visible to other users and the public web:

  • Your name, username, profile photo, bio, city, interests
  • Your trust tier label (Trusted, Good Standing, etc.) — your exact score is shown to logged-in users only
  • Activities you host (public + unlisted; not private)
  • Comments and questions you post on activities

Hosts you request to join can additionally see your participation history with them specifically (attended, late cancels, no-shows with that host).

The following is private and not shown to other users:

  • Email address
  • Phone number (if provided)
  • Password
  • OAuth provider tokens
  • IP address and technical logs

5. Third parties we share with

We share limited data with these processors to operate the Service:

  • IDCloudHost (Indonesia) — application hosting, database, and uploaded files (avatars) reside on our IDCloudHost VPS infrastructure
  • Brevo and Resend — transactional email delivery (verification, password reset, activity notifications)
  • Sentry — error monitoring (no PII intentionally sent; stack traces may incidentally include user IDs)
  • OAuth providers (Google, etc.) — only at your initiation, only data you authorise

We do not sell your personal data. We do not share data with advertisers.

6. How long we keep your data

We keep your account data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within 30 days, except:

  • Records required by law (e.g. financial records, if payments are added later) are kept per Indonesian retention requirements.
  • Public content you posted (activity descriptions, questions on others' activities) may be retained to preserve context for other members, but is detached from your account.
  • Aggregate Circle Rep statistics may be retained in anonymised form to maintain trust system integrity.

7. Your rights under UU PDP

As a data subject, you have the right to:

  • Access the personal data we hold about you
  • Correct or update inaccurate data
  • Delete your data (subject to legal retention exceptions above)
  • Restrict or object to certain processing
  • Withdraw consent (where consent is our legal basis)
  • Receive your data in a portable format
  • Lodge a complaint with the Indonesian data protection authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Cookies and sessions

We use essential cookies to keep you logged in and remember your preferences. We do not use advertising cookies or third-party tracking cookies for marketing.

9. Security

We protect your data with industry-standard measures: TLS encryption in transit, password hashing (bcrypt), secure session cookies, role-based access control on backend systems, and regular security reviews. No system is perfectly secure — if you suspect a breach affecting your account, email [email protected].

10. Children

SatuCircle is not intended for users under 17. We do not knowingly collect data from anyone under that age. If you believe a child has registered, please contact us so we can remove the account.

11. Changes to this policy

We may update this Privacy Policy. Material changes will be notified via in-app banner or email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent change.

12. Contact

Questions about privacy or your data? Email [email protected].