Home /

 Pivacy Policy

Privacy Policy

APILOGY (hereinafter referred to as "APILOGY" or "We") and TELKOM acknowledge that information provided by Users in connection with the use of this service is confidential and protected. Therefore, we are committed to protecting and maintaining the confidentiality of Users' personal data in accordance with applicable laws, including Law No. 27 of 2022 on Personal Data Protection (PDP Law) and its implementing regulations.

By registering and/or using the Site or Services, Users are deemed to have read, understood, and agreed to all contents of this Privacy Policy. Users hereby grant consent to APILOGY for the processing of personal data, including but not limited to the collection, storage, use, modification, and deletion of data, in accordance with the purposes described in this Privacy Policy.

1. Collection and Acquisition of Personal Data

a.

APILOGY collects and acquires Users' Personal Data lawfully and based on informed consent, as stipulated under Article 20 of the PDP Law.

b.

Types of Personal Data obtained directly from Users through registration or authentication processes include:

i. Full Name;

ii. Username;

iii. Password;

iv. Email;

v. Phone Number.

c.

Users are responsible for the accuracy, completeness, and validity of the data provided. APILOGY reserves the right to reject access requests or suspend services if the data provided is inaccurate or unverifiable.

d.

In addition to directly provided Personal Data, APILOGY automatically collects data during service use, including:

i. Device data (device type, operating system, and unique device identifiers);

ii. Activity log data (IP address, access time, usage history, cookies, cache);

iii. Location data (if Users grant location access permissions on their device).

e.

APILOGY will not collect sensitive Personal Data (e.g., biometric data, health data, political data) unless required by law or with explicit User consent.

2. Storage of Personal Data

a.

Users' Personal Data stored in APILOGY has undergone verification, encryption, and protection in accordance with applicable information security standards.

b.

Personal Data is stored based on the principles of purpose limitation and retention period as stipulated in Article 16 of the PDP Law, meaning it is retained only as long as necessary to support APILOGY services or to fulfill legal obligations.

c.

If APILOGY Services are terminated or a User Account is permanently deactivated, Users' Personal Data will be stored for a maximum of 5 (five) years from the termination date. After this period, the data will be permanently deleted or anonymized in accordance with TELKOM's internal data destruction policies.

d.

APILOGY may use databases, cloud infrastructure, or third-party services that are legally authorized to store and process Personal Data. Service providers are selected with consideration for security, confidentiality, and legal compliance.

e.

APILOGY does not store sensitive payment-related data such as bank account numbers, credit card numbers, CVV codes, or other financial authentication data belonging to Users. Such data is processed directly by official payment partners (e.g., payment gateways or banks) under Payment Card Industry Data Security Standard (PCI-DSS) compliance.

f.

For security, auditing, and service monitoring purposes, APILOGY servers may store activity logs including API requests, IP addresses, timestamps, device types, and service usage activities. These logs will not be used for commercialization but only for maintenance, security, and service improvements.

g.

APILOGY may use cookies or similar technologies to optimize the User experience (e.g., session authentication, preferences, and usage analytics). Users may adjust cookie preferences in their browsers, although doing so may affect service functionality.

3. Security and Privacy of Personal Data

a.

Technical Security

APILOGY implements reasonable technical, administrative, and organizational security measures to protect Users' Personal Data, including the use of encryption, firewalls, and role-based access controls. Users may change security keys or other credentials through official features provided by APILOGY.

b.

User Responsibilities

1)

Maintaining the confidentiality of their account, password, API key, or other credentials used to access APILOGY.

2)

Not sharing access credentials with third parties without APILOGY's written consent.

3)

Bearing responsibility for all activities carried out through their account, whether with or without their knowledge.

c.

Limitations and Risks

APILOGY applies industry-standard security measures but cannot guarantee absolute security due to risks beyond reasonable control, including but not limited to network interception, third-party cyberattacks, or internet transmission disruptions.

d.

Notification in Case of Breach

1)

If a data protection failure occurs that significantly impacts Users, APILOGY will notify affected Users within 72 (seventy-two) hours of becoming aware of the incident, in accordance with Article 46 of the PDP Law.

2)

Notifications will be delivered through the User's registered email and/or APILOGY's official communication channels.

3)

APILOGY will include details of the affected data, potential risks, and recommended mitigation steps.

4. Use of Personal Data

APILOGY uses Users' Personal Data only for legitimate, limited, and clearly informed purposes in accordance with the principles set out in Articles 21–22 of the PDP Law.

a.

Purposes of Use

1)

To verify User identity and provide access to the services.

2)

To manage, maintain, and improve the quality of APILOGY services.

3)

To contact Users regarding services, security, or policy updates.

4)

To process transactions and payments through officially appointed partners.

b.

Usage Limitations

1)

APILOGY will not use Users' Personal Data for purposes outside those communicated, unless with User consent or required by law.

2)

APILOGY will not sell, rent, or trade Personal Data to third parties.

3)

Use of Personal Data for analytics or service improvements will be conducted in an aggregated and anonymized (non-identifiable) form.

c.

Use of Activity Data

APILOGY may collect and process Users' activity data (server logs, API usage metadata, usage preferences) for the following purposes:

1)

Improving service performance and User experience.

2)

Providing operational reports or aggregated usage statistics.

3)

Detecting, investigating, and preventing fraud, security breaches, or illegal activities.

5. Users' Rights over Personal Data

APILOGY Users have rights over their Personal Data as regulated in the PDP Law. To exercise these rights, Users may contact us via email or other official channels. APILOGY will verify and process each request within a maximum of 14 (fourteen) business days.

Users' rights include:

a.

Right to Access and Obtain Information

1)

To know what data is stored;

2)

To request copies or information regarding the use of their data.

b.

Right to Rectification and Erasure

1)

To correct inaccurate or incomplete data;

2)

To request deletion of data if it is no longer relevant, upon request, or if consent is withdrawn.

c.

Right to Manage Consent

1)

To withdraw consent for data use;

2)

To refuse data use for purposes outside those consented to.

d.

Right to Lodge Complaints

1)

To file complaints or objections regarding data usage;

2)

If unresolved, to report to the relevant authorities.

e.

Right to Object to Automated Profiling

To refuse the use of their data for automated decision-making (profiling) that significantly affects them.

6. Storage, Disclosure, and Deletion of Personal Data

a.

Storage

1)

APILOGY will retain Users' Personal Data as long as necessary to:

a) Deliver services; or

b) Fulfill applicable legal requirements.

2)

Once the purpose of data use has been fulfilled or the legal relationship with the User has ended:

a) Data will be retained for a maximum of 5 (five) years, unless otherwise required by law;

b) Users may request deletion via email or official channels;

c) Requests will be processed within a maximum of 14 (fourteen) business days;

d) Data will then be permanently deleted or anonymized so that it no longer contains personal identifiers.

3)

Deletion of Personal Data may be delayed under certain conditions as stipulated by law:

a) Legal and regulatory obligations: Telkom Indonesia is required to comply with applicable laws and regulations, including data retention requirements in accordance with the Personal Data Protection Act (UU PDP) and other related regulations. Therefore, data deletion can only be carried out after all legal obligations have been fulfilled.

b) Completion of transactions and internal audits: If the data is still needed to complete ongoing transactions, audits, investigations, or other internal processes within Telkom Indonesia, data deletion will be postponed until these processes are completed.

c) Security protection and abuse prevention: To ensure service security and prevent fraud, violations of terms, or misuse, Telkom Indonesia may postpone data deletion until all relevant verification and investigation processes have been completed.

b.

Disclosure

APILOGY guarantees that Users' Personal Data will not be displayed, published, transmitted, distributed, and/or disclosed to other parties, except in the following circumstances:

1)

With explicit consent from the User, unless otherwise required by law;

2)

After verification of the accuracy and conformity of Personal Data with its original purpose of collection;

3)

For law enforcement purposes, if legally requested by authorized authorities under applicable laws. In such cases, TELKOM, as the electronic system operator, is obligated to provide the stored or generated Personal Data, as stipulated in Article 42 of the PDP Law.

c.

Destruction

Personal Data in APILOGY may only be destroyed if:

1)

It is no longer relevant or required for its original collection purposes;

2)

The retention period has expired as set by law or regulatory/oversight authorities; or

3)

The User submits a deletion request due to no longer using APILOGY services.

7. Complaint Mechanism and Contact

a.

Users may submit questions, complaints, or requests related to the implementation of this Privacy Policy via email or other official channels.

b.

Each complaint will be handled in accordance with APILOGY's internal resolution procedures, and a response will be provided within a maximum of 3 (three) business days.

c.

APILOGY will also provide Users with access to track the status of their complaint through a reference number issued when the report is first made.

8. Changes to the Privacy Policy

a.

APILOGY may make changes, updates, or adjustments to this Privacy Policy to reflect regulatory changes or service operations.

b.

Any changes will be notified through APILOGY's official website and/or the User's registered email no later than 7 (seven) days before they take effect.

c.

By continuing to use the services after the policy is updated, Users are deemed to have read and agreed to the changes.

9. Closing Provisions

a.

This Privacy Policy is an inseparable part of the Terms and Conditions of Use of APILOGY and applies to all Users who access or use these Services.

b.

By using APILOGY services, Users declare that they have read, understood, and agreed to all provisions in this Privacy Policy, including any future amendments.

c.

These Terms and Conditions shall become effective on October 1, 2025.