Privacy Policy

OptimaFlow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our Client Portal, or engage our services.

This policy applies to all users of our platform, including website visitors, registered clients, and users of our AI Tools. By using our services, you consent to the practices described in this policy.

If you disagree with this policy, please discontinue use of our platform and contact us to request deletion of your data.

We collect information in the following ways:

Information You Provide Directly
• Account registration data: name, email address, company name, phone number
• Payment information: processed securely via Stripe or PayPal (we do not store full card numbers)
• Project materials: files, briefs, and content you upload or share with us
• Communications: messages, support tickets, and feedback you send us
• Profile information: preferences, settings, and notification choices

Information Collected Automatically
• Usage data: pages visited, features used, session duration, and interaction patterns
• Device information: IP address, browser type, operating system, and device identifiers
• Cookies and similar tracking technologies (see Section 7)

Information from Third Parties
• If you sign in with Google, we receive your name, email, and profile picture from Google
• Payment processors may share transaction status and fraud prevention signals

We use your information to:

Provide and Improve Services
• Deliver the services you've contracted, including project management, AI Tools, and billing
• Personalize your dashboard experience with relevant data and recommendations
• Process payments and manage invoices
• Respond to your support requests and communications

Platform Operations
• Monitor platform performance, security, and fraud prevention
• Analyze usage patterns to improve our products and user experience
• Send transactional notifications (project updates, invoice due dates, deliverable approvals)

Marketing & Communications *(with your consent)*
• Send newsletters, product updates, and promotional offers
• You can opt out of marketing emails at any time via the unsubscribe link or your account settings

We do not sell your personal data to third parties.

We process your personal data on the following legal bases:

• Contractual necessity: Processing required to deliver the services you've engaged us for
• Legitimate interests: Improving our platform, fraud prevention, and security monitoring
• Consent: Marketing communications and optional cookies — you may withdraw consent at any time
• Legal obligation: Compliance with applicable Indonesian and international law (e.g., tax, accounting records)

We may share your information with:

Service Providers — Trusted third-party providers that help us operate our platform, including:
• Cloud hosting (AWS, Vercel, or equivalent)
• Payment processors (Stripe, PayPal)
• Email and notification services
• Analytics tools (anonymized or aggregated data only)

All service providers are bound by data processing agreements and may only use your data to perform services on our behalf.

Legal Requirements — We may disclose your data when required by law, court order, or government authority, or to protect the rights and safety of OptimaFlow, our users, or the public.

Business Transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity with equivalent privacy protections.

We will never sell, rent, or trade your personal data to third-party advertisers.

We retain your personal data for as long as necessary to:

• Fulfill the purposes described in this policy
• Comply with legal obligations (e.g., tax records for 5–10 years as required by Indonesian law)
• Resolve disputes and enforce agreements

Account data is retained while your account is active. After account deletion, data is anonymized or deleted within 30 days, except where legally required to retain it.

Project files and deliverables are retained for 12 months after project completion, after which you will be notified and given the option to download before deletion.

AI Tool usage logs are retained for 90 days for debugging and fraud detection, then deleted.

We use cookies and similar technologies to:

• Essential cookies: Maintain your login session and core platform functionality
• Analytics cookies: Understand how users interact with our platform (e.g., pages visited, time on page)
• Preference cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may limit platform functionality.

We do not use third-party advertising cookies or cross-site tracking for ad targeting purposes.

We implement industry-standard security measures to protect your data:

• All data is transmitted over HTTPS with TLS encryption
• Passwords are hashed using bcrypt — we never store plaintext passwords
• Two-factor authentication (2FA) is available and recommended for all accounts
• Access to production systems is restricted to authorized personnel only
• Regular security audits and vulnerability assessments
• Encrypted storage for sensitive files and credentials

Despite our best efforts, no method of transmission or storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by law within 72 hours of discovery.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request that we limit processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent: Withdraw consent for consent-based processing at any time

To exercise any of these rights, contact us at info@optimaflow.id. We will respond within 30 days. We may need to verify your identity before processing your request.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal information, please contact us immediately and we will take steps to delete the information.

OptimaFlow is based in Indonesia. If you access our services from outside Indonesia, your data may be transferred to and processed in Indonesia or other countries where our service providers operate.

We ensure that any international data transfers are conducted with appropriate safeguards, including standard contractual clauses or equivalent protections, to maintain the level of protection described in this policy.

Our website and dashboard may contain links to third-party websites, tools, or services (e.g., staging links, payment portals, social media). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or a prominent notice in the Client Portal at least 14 days before changes take effect.

The "Last updated" date at the top of this page indicates when this policy was last revised. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact our Data Privacy team:

Email: info@optimaflow.id
Website: optimaflow.id/contact
Address: Indonesia

We are committed to working with you to resolve any privacy concerns and aim to respond within 5 business days.