Privacy Policy

PT Scentus Innovative Technology ("Company", "we", "us") operates the StancioHub platform (stanciohub.com) and all services under it, including but not limited to Versio and Kreasi (collectively, the "Services"). This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with Indonesian Law No. 27 of 2022 on Personal Data Protection ("PDP Law") and its implementing regulations. By accessing or using our Services, you agree to the collection and use of information as described in this Privacy Policy.

We collect the following categories of data: a) Account Information Full name, email address, business name, and other business details you provide when registering or updating your profile. b) Social Media Data When you connect third-party platforms to Versio, we access data according to the permissions you grant, including: Facebook pages/posts/comments, Instagram posts and direct messages, TikTok videos, and WhatsApp messages and email processed through the inbound messaging feature. c) Customer and Lead Data Names, contact information, and conversation history of customers or leads who interact with your business through Versio's CRM. d) Business Data Product information, catalogs, and order data you manage through the Services. e) Created Content Posts, drafts, media uploads, and AI-generated content you create using Versio or Kreasi. f) Payment and Billing Information Payment transactions are processed by Xendit. We do not store your credit or debit card numbers directly. We only retain transaction references, payment status, and necessary billing information. g) Usage and Analytics Data Features used, usage frequency, device information (device type, operating system, browser type), and IP address. We use Umami Analytics, which is cookie-free and respects user privacy.

We use your data to: - Provide, operate, and maintain the Services. - Process transactions and send related information, including confirmations and invoices. - Enable features you activate, such as social media publishing, inbound messaging, and CRM. - Generate AI-powered content at your request through Versio and Kreasi. - Send technical notices, updates, security alerts, and support messages. - Analyze usage patterns to improve and develop the Services. - Comply with legal and regulatory obligations.

In accordance with the PDP Law, we process your personal data based on: - Consent you provide when registering for and using the Services. - Performance of the agreement between you and the Company. - Legal obligations applicable to the Company. - Legitimate interests of the Company that do not override your fundamental rights.

We do not sell your personal data. We share data only with the following parties and for the stated purposes: a) Meta Platforms (Facebook, Instagram, WhatsApp) — to operate the publishing and inbound messaging features you connect through Versio and Kreasi. WhatsApp integration uses the official WhatsApp Business API through Meta. b) TikTok — for video content publishing through Versio and Kreasi. c) AI Providers (OpenAI, Anthropic, Google) — to process and generate AI-powered content. When you use AI features, your input is sent to these providers for processing. We do not share your account information or personal identity with AI providers; only content relevant to your AI request is transmitted. d) Xendit — to process payments securely. e) Cloudflare — for infrastructure, network security, content delivery, and media file storage (Cloudflare R2). All third parties are bound by their own privacy policies and data use terms, and are subject to appropriate data processing agreements as required by Article 35 of the PDP Law. We only share data necessary to operate the features you activate.

Your data is stored on servers located in Indonesia and managed directly by the Company, with Cloudflare infrastructure support for network security and content delivery. Media files are stored on Cloudflare R2. We implement reasonable technical and organizational security measures to protect data from unauthorized access, alteration, disclosure, or destruction, including encryption in transit (TLS) and role-based access controls. We retain your personal data for as long as your account is active or as needed to provide the Services. After account deletion, we will delete or anonymize your data within 30 days, unless further retention is required by law.

In accordance with Article 46 of the PDP Law, in the event of a personal data breach affecting your data, we will notify you in writing within 3x24 hours of becoming aware of the breach. The notification will include: - What personal data was exposed. - When and how the breach occurred. - The remediation and recovery measures we are taking. We will also report the breach to the relevant authorities as required by the PDP Law.

In accordance with Article 53 of the PDP Law, the Company has appointed a Data Protection Officer (DPO) responsible for ensuring compliance with the PDP Law. For questions regarding data protection, you may contact our DPO at [email protected].

Under the PDP Law, you have the right to: - Be informed about the collection and processing of your data. - Access and obtain a copy of your personal data. - Correct inaccurate or incomplete data. - Delete your personal data (subject to legal obligations). - Withdraw consent you have given. - Object to data processing. - Restrict processing under certain conditions. - Transfer your data to another data controller (data portability). - Receive compensation for violations of personal data protection in accordance with the PDP Law. To exercise these rights, contact us at [email protected]. We will respond to your request within 3x24 hours.

The stanciohub.com website uses Umami Analytics, a privacy-respecting analytics solution that does not use cookies. We do not place third-party tracking cookies on our website. The Versio and Kreasi services may store session tokens and local preferences on your device to maintain your login session and improve user experience. These are functional cookies necessary for the operation of the Services.

Your primary data is stored on servers in Indonesia. However, certain processing involves cross-border data transfers, specifically: - AI processing by OpenAI (United States), Anthropic (United States), and Google (United States) when you use AI content generation features. - Payment processing by Xendit, which may involve servers outside Indonesia. - Content storage and delivery through Cloudflare's global network. In all cases of cross-border transfers, we ensure that an equivalent level of data protection is applied in accordance with the PDP Law's provisions on transferring personal data outside the jurisdiction of the Republic of Indonesia.

Our Services are not intended for individuals under the age of 17. We do not knowingly collect personal data from children. If you become aware that a child under 17 has provided data to us, please contact us so we can take appropriate action.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-Service notification at least 14 days before taking effect. Your continued use of the Services after changes take effect constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact: PT Scentus Innovative Technology South Tangerang, Banten, Indonesia Email: [email protected]