1. Data We Collect
- Merchant Account Data: Business/brand name, contact, KYC documents (ID, tax number, business permits).
- Payment Data: Invoices, customers, payment channels, transaction status.
- Communication Data: Email/WhatsApp for billing notifications.
- Security Logs: Login activity, device, IP address, audit trail.
2. How We Use Data
- Send invoices, reminders, and payment notifications.
- Process payments via PSP (Flip) and record ledger/withdrawals.
- AML/KYC compliance, fraud prevention, and audit.
- Service improvement using aggregate/anonymous data.
- Limited personalization for non-promotional communication.
3. Legal Basis
Merchant consent, service contract fulfilment, compliance with payment/AML regulations, and legitimate interest to secure the system.
4. Data Sharing
- PSP (Flip): To process QRIS/VA and disburse funds.
- Communication Providers: Email/WhatsApp APIs for notifications.
- Regulators/law enforcement: When required for fraud/AML investigations.
- Trusted third parties: Only when necessary and under confidentiality agreements.
5. Security
Data is stored encrypted with role-based access and auditing. You must protect account credentials and follow basic security practices.
6. Data Subject Rights
- Access, correct, or request deletion (unless restricted by legal/retention obligations).
- Withdraw consent for marketing communication (not for transactional notifications).
7. Data Retention
Transaction data is stored per accounting/regulatory needs. Access/security logs are retained as needed for audit.
8. Cookies & Tracking
We may use basic cookies/analytics for session security and product improvement. You can manage preferences via your browser.
9. Contact
Privacy requests: legal@ulang.id