1Scope
This explains how [Legal Entity Name] (“ceritai”) handles personal data when you use ceritai.com, consistent with Indonesia’s Personal Data Protection Law (UU No. 27/2022) and, where applicable, the GDPR and similar laws.
2Data we collect
- Account data: name, email, and authentication data (via our auth provider).
- Payment data: processed by our Merchant of Record and payment partners — we do not store full card numbers.
- Usage data: your prompts and inputs, Generated Content, jobs, and Credit-usage logs.
- Technical data: IP address, device and browser information, and cookies.
- Communications: messages you send us.
3How we use data
To provide and secure the Service, process payments (via our MoR), generate content via AI providers, prevent abuse, comply with law, and communicate with you. Our legal bases include performing our contract with you, your consent, and our legitimate interests.
4Sub-processors & third parties
We share data only as needed with the service providers below, each of which processes your data under its own privacy policy:
- Dodo Payments — our Merchant of Record for international payments; handles payment processing, tax, and chargebacks. Your use is also subject to Dodo’s merchant and acceptable-use policies.
- Midtrans (PT Midtrans) — our payment processor for Indonesian methods (QRIS, virtual account, e-wallet, cards), licensed and supervised by Bank Indonesia and PCI-DSS compliant. Card data is handled by the processor; we do not store full card numbers.
- Our authentication, database, cache, and vector-search providers, and the AI model providers that generate your content.
Some providers process data outside Indonesia; we rely on appropriate safeguards for such transfers, and share only the data each provider needs to perform its service for us.
5AI processing
Your prompts and inputs are sent to third-party AI providers to generate output. We [do not / do] use your inputs to train our own models beyond operating the Service; provider handling is governed by their terms.
6Cookies
We use essential cookies to run the Service and [analytics cookies, if any] to understand usage. You can control cookies in your browser; blocking essential cookies may affect functionality.
7Data retention
We keep personal data only as long as needed to provide the Service and meet legal obligations, then delete or anonymise it. You can request deletion at any time (see your rights).
8Your privacy rights
Subject to applicable law, you may request access, correction, deletion, restriction, or a copy of your data, and may withdraw consent. Contact [email protected]; we aim to respond within [30] days.
9International transfers
Because some of our providers operate outside Indonesia, your data may be transferred and processed abroad. Where required, we use appropriate safeguards for these transfers.
10Security
We use reasonable technical and organisational measures to protect your data. No system is 100% secure, and any submission of data is at your own risk.
11Children
The Service is not directed to anyone under 18, and we do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.
12Changes & contact
We may update this policy; material changes will be notified and the “Last updated” date will change. Questions or requests: [email protected] — [Legal Entity Name], [business address].