Privacy Policy - AkunIndo

Official Policy Location: This is the authoritative version of our Privacy Policy. The current version is always available at: www.akunindo.com/privacy

Privacy Policy in Plain Language

What you need to know about how AkunIndo handles your data:

What we collect: Your email, expense data, receipt photos, and basic device information
Why we collect it: To help you track expenses, scan receipts with AI, and generate reports
Who we share with: Cloud services (Supabase, Hetzner), AI provider (Mistral AI), and subscription manager (RevenueCat). We never sell your data.
Where your data goes: Processed in Germany, France (EU), and United States (with legal safeguards)
How long we keep it: While you use the service, plus up to 90 days after account deletion
Your rights: Access, correct, export, or delete your data anytime. Contact privacy@akunindo.com
Your location matters: You're protected by both EU (GDPR) and Indonesian (UU PDP) privacy laws
Tax compliance: YOU must export and keep your data for 10 years (Indonesian tax law). We delete everything after 90 days.

AI Notice: We use AI to read receipts and suggest categories. It's not 100% accurate - always verify before relying on it for tax purposes.

Introduction

Welcome to AkunIndo! We are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Important: By using AkunIndo, you agree to the collection and use of information in accordance with this Privacy Policy. However, accepting these terms does NOT automatically mean you consent to marketing emails or optional data uses - those require separate opt-in consent.

Data Controller

Identity of Data Controller:

Name: Jan Tammen / AkunIndo (operating name)
Location: Germany
Contact: privacy@akunindo.com
Website: www.akunindo.com

Applicable Data Protection Laws:

As AkunIndo is currently operated by a controller based in Germany and serves users primarily in Indonesia, your personal data is protected under:

European Union General Data Protection Regulation (GDPR)
Indonesian Personal Data Protection Law (UU PDP No. 27/2022)

You benefit from the protections of both regulations. Where regulations conflict, we apply the standard that provides you greater protection.

1. Information We Collect

1.1 Personal Information

Account Information: Email address and name
Organization Information: Organization name, business details (if creating an organization account)
Contact Information: When you contact our support team

Note: We do NOT collect payment or billing information. All subscription payments are processed directly by Apple App Store or Google Play Store.

1.2 Financial and Business Data

Receipt and Invoice Images: Photos, PDFs, and screenshots of receipts and invoices you upload
Expense Data: Transaction amounts, dates, vendor names, categories, payment methods, and descriptions
Account Categories: Your customized chart of accounts and expense categorizations
Contact Records: Vendor and customer information you add

1.3 Automatically Collected Information

Device Information: Mobile device type, operating system, unique device identifiers
Usage Data: App features used, pages viewed, time spent in app, interaction patterns
Log Data: IP address, browser type, access times, crash logs, and error reports
Analytics Data: Aggregated usage statistics to improve our Service

1.4 Information from Third Parties

OCR Processing: We use Mistral AI for optical character recognition of your receipts

2. How We Use Your Information

Legal Basis for Processing Your Data

Under GDPR, we must have a legal basis for processing your personal data. Here's our basis for each processing activity:

Data Type	Processing Activity	Legal Basis	GDPR Article
Email address, Name	Account creation, authentication	Contract (Art. 6(1)(b))	Necessary to provide service
Transaction data	Expense tracking, reporting	Contract (Art. 6(1)(b))	Core service functionality
Receipt images	OCR processing, record-keeping	Contract (Art. 6(1)(b))	Service feature
Device info, usage analytics	Service improvement, bug fixes	Legitimate Interest (Art. 6(1)(f))	Product improvement
Marketing communications	Promotional emails	Consent (Art. 6(1)(a))	Opt-in required
Organization member data	Multi-user collaboration	Contract (Art. 6(1)(b))	Organization feature

Legitimate Interest Assessment:

Where we rely on legitimate interest, we have assessed that:

Our interest is legitimate (service improvement)
Processing is necessary for that interest
Your rights don't override our interest
You can object to this processing (see Your Rights section)

Withdrawing Consent:

For processing based on consent (marketing), you can withdraw anytime without affecting other services.

2.1 To Provide and Maintain Our Service

Process and categorize expenses from uploaded documents
Extract data from receipts using AI-powered OCR technology
Store and organize your financial records
Generate expense reports and exports
Sync data across your devices
Provide offline functionality

2.2 To Improve and Optimize Our Service

Analyze usage patterns to enhance user experience
Train and improve our AI models (using anonymized data only)
Develop new features and functionality
Fix bugs and technical issues
Monitor and analyze trends and performance

2.3 To Communicate With You

Send transactional emails (account confirmations, password resets)
Provide customer support and respond to inquiries
Send important service updates and announcements
Request feedback and conduct surveys (optional)
Send marketing communications (with your consent, which you can withdraw anytime)

2.4 For Security and Legal Compliance

Detect and prevent fraud, abuse, and illegal activity
Protect the security and integrity of our Service
Comply with legal obligations and enforce our Terms of Service
Protect our rights, privacy, safety, or property

3. Data Sharing and Disclosure

We do not sell your personal information.

3.1 With Your Consent

We will share your information when you explicitly authorize us to do so.

3.2 Third-Party Service Providers

We share your data with the following service providers who process data on our behalf:

Database & Hosting

Supabase Inc.

Legal Name: Supabase, Inc.
Address: 970 Toa Payoh North, #07-04, Singapore 318992
Purpose: Database hosting and backend infrastructure
Data Processed: All application data (user accounts, transactions, receipts, organization data)
Location: United States (AWS infrastructure)
Safeguards: Standard Contractual Clauses (SCCs), SOC 2 Type II certified, ISO 27001 certified
Privacy Policy: https://supabase.com/privacy

Hetzner Online GmbH

Legal Name: Hetzner Online GmbH
Address: Industriestr. 25, 91710 Gunzenhausen, Germany
Purpose: API server hosting and infrastructure
Data Processed: All application data in transit, API request processing
Location: Germany (European Union)
Safeguards: GDPR compliant (EU-based), ISO 27001 certified, DIN ISO/IEC 27001
Privacy Policy: https://www.hetzner.com/legal/privacy-policy

AI & OCR Processing

Mistral AI

Legal Name: Mistral AI
Address: 15 Rue des Halles, 75001 Paris, France
Purpose: Optical Character Recognition (OCR) for receipt processing and AI-powered expense categorization
Data Processed: Receipt images, extracted text, transaction amounts, merchant names
Location: France (European Union)
Safeguards: GDPR compliant (EU-based)
Privacy Policy: https://mistral.ai/terms/
Data Retention: Processed data not retained by Mistral AI after processing (per API terms)

Subscription Management

RevenueCat Inc.

Legal Name: RevenueCat, Inc.
Address: 1 Letterman Drive, Building D, Suite DM-700, San Francisco, CA 94129, United States
Purpose: Subscription status verification and entitlement management
Data Processed: User ID, subscription status, purchase events, platform (iOS/Android), subscription duration
Location: United States
Safeguards: Standard Contractual Clauses (SCCs), SOC 2 Type II certified
Privacy Policy: https://www.revenuecat.com/privacy
Note: Payment processing and financial data (credit cards) handled by Apple App Store / Google Play Store directly, not by RevenueCat or AkunIndo

Email Delivery

Resend, Inc.

Legal Name: Resend, Inc.
Address: 2261 Market Street, San Francisco, CA 94114, United States
Purpose: Transactional email delivery (one-time passwords, notifications, receipts)
Data Processed: Email addresses, user names, email content (OTP codes, notifications)
Location: United States
Safeguards: Standard Contractual Clauses (SCCs), SOC 2 Type II certified
Privacy Policy: https://resend.com/legal/privacy-policy

Error Tracking & Monitoring

Sentry

Legal Name: Functional Software, Inc. (dba Sentry)
Address: 45 Fremont Street, 8th Floor, San Francisco, CA 94105, United States
Purpose: Application error tracking, performance monitoring, crash reporting
Data Processed: Error logs, stack traces, user ID (pseudonymized), device information, app version
Location: United States
Safeguards: Standard Contractual Clauses (SCCs), SOC 2 Type II certified, ISO 27001 certified
Privacy Policy: https://sentry.io/privacy/
Data Retention: Error data retained for 90 days, then automatically deleted

Content Delivery & Security

Cloudflare, Inc.

Legal Name: Cloudflare, Inc.
Address: 101 Townsend St, San Francisco, CA 94107, United States
Purpose: Website CDN, DDoS protection, SSL/TLS termination
Data Processed: IP addresses, browser information, website visitor data
Location: United States (global CDN network)
Safeguards: Standard Contractual Clauses (SCCs), ISO 27001 certified
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Data Retention: Logs retained for 4 hours, then automatically deleted

Mobile App Infrastructure

Expo (650 Industries, Inc.)

Legal Name: 650 Industries, Inc.
Address: 14 Calle Genova, San Francisco, CA 94133, United States
Purpose: Mobile app distribution, over-the-air (OTA) updates, push notifications
Data Processed: Device tokens (push notifications), device information (OS version, platform), app version, update requests
Location: United States
Safeguards: Standard Contractual Clauses (SCCs)
Privacy Policy: https://expo.dev/privacy
Note: Push notifications only sent with your consent (can be disabled in settings)

Payment Processing (Indirect)

Apple Inc. / Google LLC

Purpose: In-app subscription payment processing
Data Processed: Payment information, billing address, transaction history
Location: United States
Note: We do NOT receive your payment information. Apple and Google process payments directly and only share subscription status with us via RevenueCat.
Privacy Policies:
- Apple: https://www.apple.com/legal/privacy/
- Google: https://policies.google.com/privacy

These providers are contractually obligated to protect your data and use it only for the specific services they provide to us.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

3.4 Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal processes (subpoenas, court orders)
Government or regulatory requests
Protection of our rights, property, or safety
Enforcement of our Terms of Service
Investigation of fraud, security issues, or illegal activity

3.5 Organization Members

If you are part of an organization account, certain information (expenses, reports) may be visible to other members based on their role.

4. International Data Transfers

Transfer Overview

Your data is processed internationally as follows:

Within the European Union:

API servers: Germany (Hetzner)
OCR processing: France (Mistral AI)
Database infrastructure: Singapore (Supabase Inc., routed through US AWS)
No additional safeguards needed for EU-to-EU transfers (adequacy within EU)

To the United States:

The following service providers process your data in the United States:

Database hosting: Supabase (AWS US regions)
Subscription management: RevenueCat
Email delivery: Resend
Error tracking: Sentry
CDN/Security: Cloudflare
Mobile infrastructure: Expo

Safeguards: All US-based processors operate under Standard Contractual Clauses (SCCs) - EU Commission approved transfer mechanisms that ensure GDPR-level protection.

From Indonesia perspective:

Your data is transferred from Indonesia to:

European Union (Germany, France) - Adequate protection level under EU law
United States (Supabase, RevenueCat, Resend, Sentry, Cloudflare, Expo) - Standard Contractual Clauses (SCCs) ensure data protection

Your Rights Regarding Transfers

Under GDPR and UU PDP, you have the right to:

Be informed of international transfers (this section)
Obtain information about safeguards in place
Object to transfers where appropriate safeguards are absent

For questions about international transfers, contact: privacy@akunindo.com

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Access Controls: Strict role-based access controls and authentication requirements
Secure Infrastructure: Hosted on secure, SOC 2 Type II certified infrastructure (Supabase)
Regular Audits: Security assessments and vulnerability testing
Data Backups: Regular automated backups with encryption
Monitoring: Real-time security monitoring and incident response

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

6. Data Retention

We retain your data only as long as necessary for the purposes outlined in this policy and to comply with legal obligations.

Retention Periods by Data Type

Data Type	Active Account	After Account Deletion	Legal Basis
Personal Information (name, email)	Duration of account	90 days	Security, fraud prevention
Transaction Records	Duration of account	90 days	Security, fraud prevention
Receipt Images	Duration of account	90 days	Security, fraud prevention
Authentication Data	Duration of account	90 days	Security, fraud prevention
Audit Logs	Duration of account	90 days	Security, legal compliance
Analytics Data (anonymized)	Duration of account	Indefinitely	Cannot be linked to you
Marketing Preferences	Until opt-out	Deleted immediately	Consent-based

Account Deletion Process

When you request account deletion:

Days 1-7: Grace Period

Account marked for deletion but reversible
You can cancel deletion request
All data remains accessible

Days 8-30: Access Removal

Account becomes inaccessible to you
Data removed from active systems
Deletion is irreversible after Day 7

Days 31-90: Final Cleanup

Login credentials deleted
All personal data permanently deleted
Email address released for re-registration

After 90 Days: Complete Deletion

All identifiable data permanently deleted from our systems
Anonymized analytics may remain but cannot identify you
No recovery possible after this point

Important: Your Tax Compliance Responsibility

Indonesian tax regulations require businesses to retain financial records for 10 years.

This is YOUR responsibility as the business owner, not AkunIndo's responsibility.

When you delete your account:

✅ We permanently delete ALL your data within 90 days
⚠️ You are responsible for keeping your own records for tax purposes
⚠️ We cannot help with tax audits after account deletion
⚠️ No recovery is possible after 90-day deletion period

We STRONGLY recommend:

Export your data BEFORE deletion (see below)
Keep exported files for 10 years minimum (Indonesian tax law requirement)
Store backups securely for potential tax audits

Export Before Deletion

Before deleting your account, we strongly recommend exporting your data:

Account Settings → Export Data → Download Excel/CSV
Includes all transactions, receipts, reports
One-time download, available immediately

You can request deletion of your data at any time by contacting us at privacy@akunindo.com.

7. Your Data Protection Rights

Under GDPR (European Union Law)

As AkunIndo is operated by a controller based in the EU, you have the following rights under the General Data Protection Regulation:

1. Right to Access (Article 15)

Request confirmation of what personal data we process
Receive a copy of your personal data
Access via: Account Settings → Profile → Export Data

2. Right to Rectification (Article 16)

Correct inaccurate personal data
Complete incomplete personal data
Update via: Account Settings → Profile

3. Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data
We will delete all data within 90 days
Note: You are responsible for keeping your own records for tax purposes (Indonesian law requires 10 years)
Request via: Email privacy@akunindo.com

4. Right to Restriction of Processing (Article 18)

Request we limit how we use your data while resolving disputes
Example: Freeze account while investigating accuracy concern
Request via: privacy@akunindo.com

5. Right to Data Portability (Article 20)

Receive your data in machine-readable format (Excel, CSV)
Transfer data to another service
Export via: Account Settings → Export Data

6. Right to Object (Article 21)

Object to processing based on legitimate interests
Absolute right to object to marketing communications
Object via: Settings → Notifications or privacy@akunindo.com

7. Right to Withdraw Consent (Article 7(3))

Withdraw consent for processing based on consent
Does not affect lawfulness of processing before withdrawal
Withdraw via: Settings or privacy@akunindo.com

8. Right Not to Be Subject to Automated Decision-Making (Article 22)

Not subject to decisions based solely on automated processing
AkunIndo's AI categorization is suggestive only, you have final control
You can always manually edit/override AI suggestions

9. Right to Lodge a Complaint (Article 77)

Complain to data protection supervisory authority
Germany (controller): Federal Commissioner for Data Protection and Freedom of Information (BfDI) - https://www.bfdi.bund.de/
Indonesia (data subject): Ministry of Communication and Information Technology (Kominfo)

How to Exercise Your Rights:

Email: privacy@akunindo.com
Subject line: "GDPR Rights Request - [Specify Right]"
We will respond within 30 days (GDPR Article 12)

Under UU PDP (Indonesian Law)

Indonesian residents have the following rights under UU PDP Article 5:

Right to access personal data
Right to rectify personal data
Right to erase personal data
Right to data portability
Right to object to processing
Right to restrict processing
Right to withdraw consent
Right to file complaint with Kominfo

Exercising UU PDP Rights:

Same contact: privacy@akunindo.com
Response time: 14 days (per UU PDP implementing regulations)

7.1 Access and Correction

You can access, update, or correct your account information through the app settings at any time.

7.2 Data Export

You can export your expense data in Excel or CSV format at any time through the app.

7.3 Account Deletion

You can delete your account and all associated data from the app settings or by contacting us.

7.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us.

8. Automated Processing and AI (GDPR Article 22 Disclosure)

AI-Powered Features

AkunIndo uses artificial intelligence for:

Optical Character Recognition (OCR): Extracting text from receipt images
Expense Categorization: Suggesting expense categories based on transaction details
Merchant Recognition: Identifying vendor names from receipts
Amount Extraction: Reading transaction amounts from images

Processing Provider: Mistral AI (France, EU)

No Fully Automated Decisions

Important: AkunIndo does NOT make decisions based solely on automated processing that produce legal effects or similarly significant effects on you.

AI suggestions require your confirmation
You have full control to accept, modify, or reject AI categorizations
You can manually enter all data without using AI features
No automated decisions affect your account status, access, or pricing

AI Accuracy Limitations

Please note:

AI categorization is NOT 100% accurate
OCR may misread text, amounts, or dates
Suggestions are based on patterns, not your specific context
You must review and verify all AI-generated data

We are not responsible for:

Incorrect categorizations or OCR errors
Tax filing errors based on AI suggestions
Financial decisions made using AI-generated data

Disclaimer: AkunIndo is not tax, accounting, or financial advice. Consult qualified professionals for guidance.

Opting Out of AI

Manual Entry Mode:

You can choose to manually enter transaction details instead of using OCR
Category suggestions can be ignored and manually selected
AI processing is designed to assist, not replace, your judgment

Training Data

We use aggregated, anonymized data to improve AI models:

Personal identifying information removed before analysis
Used to improve categorization accuracy
You cannot opt out of anonymized training data usage

9. Multi-Organization Accounts

AkunIndo offers organization accounts for businesses with multiple team members.

Data Roles

Organization Owner:

Acts as data controller for organization data
Responsible for member data processing compliance
Can view all organization transactions and data
Must obtain employee consent for monitoring

Organization Admins/Managers:

Act on behalf of the data controller (Owner)
Can view organization data according to role permissions
Cannot access members' personal accounts or other organizations

Organization Members (Employees):

Create transaction data within organization context
Data visible to Owners/Admins/Managers (according to role)
Can access and export own transaction data
Cannot access other members' personal accounts

Data Ownership

Transaction Data: Created within an organization belongs to that organization for legal compliance (tax records). Employees can export their own transactions but cannot delete organization records.

Personal Account Data: Your email, name, and authentication data belong to you. Organization admins cannot access your personal account or other organizations you belong to.

When You Leave an Organization

Your personal account is unaffected
Transaction data you created remains with organization (tax compliance)
Your access to organization data is immediately revoked
You can request data export before leaving
Organization cannot delete your AkunIndo account (only remove you from organization)

For Organization Administrators

If you are an organization Owner/Admin, you are a data controller under GDPR and UU PDP:

Obtain employee consent for data processing
Inform employees about data monitoring
Comply with employment and privacy laws
Respond to employee data rights requests
Do not use data for purposes beyond expense tracking

Employer Obligations:

Transparency with employees about monitoring
Legitimate purpose for data processing
Respect employee privacy rights
Comply with German/Indonesian employment law (as applicable)

10. Mobile App Permissions

AkunIndo requests the following device permissions:

Camera Access

Purpose: Scan receipts directly in-app
When: When you tap "Scan Receipt"
Can Deny? Yes, but must upload from gallery instead
Data Usage: Photos uploaded to servers for OCR processing

Photo Library Access

Purpose: Select existing receipt photos
When: When you choose "Upload from Gallery"
Can Deny? Yes, but must use camera for real-time scanning
Data Usage: Selected photos uploaded for processing

Network Access

Purpose: Sync data with servers, process OCR, receive updates
Can Deny? No, app requires internet connection
Data Usage: All app data transmitted over encrypted connection

Notifications (Optional)

Purpose: OCR completion, export ready, subscription reminders
When: First app launch
Can Deny? Yes, can disable in settings

Permissions We Do NOT Request

For your privacy, AkunIndo does NOT request:

Location access
Contacts access
Microphone access
Calendar access

Managing Permissions

iOS: Settings > AkunIndo > (toggle permissions)

Android: Settings > Apps > AkunIndo > Permissions

You can revoke permissions anytime. Features requiring revoked permissions will prompt you when accessed.

11. Data Breach Procedures

Our Commitment to Security

We implement appropriate technical and organizational measures to protect your data. However, no system is 100% secure.

In the Event of a Data Breach

Our Response Timeline:

0-24 hours: Detection & Assessment

Security monitoring detects incident
Security team assesses scope and severity
Affected systems isolated

24-72 hours: Notification

Supervisory Authority: Report to German DPA (BfDI) within 72 hours (GDPR Article 33)
Affected Users: Notify you via email within 72 hours if high risk to your rights (GDPR Article 34, UU PDP Article 58)
Indonesian Authority: Report to Kominfo as required by UU PDP

72+ hours: Remediation

Vulnerabilities patched
Additional security measures implemented
Third-party security audit conducted

What We'll Tell You

Breach notification includes:

Nature and categories of data affected
Approximate number of users impacted
Potential consequences and risks
Measures we've taken to address the breach
Recommendations for you (e.g., change password)
Contact for questions: privacy@akunindo.com

What You Should Do

If notified of a breach:

Change your password immediately
Monitor accounts for suspicious activity
Enable two-factor authentication if available
Review recent transactions
Contact us if you notice unauthorized activity

Reporting Suspected Breaches

If you suspect your account is compromised:

Immediately change your password
Email: security@akunindo.com (subject: "URGENT: Account Breach")
We will investigate within 24 hours

12. Children's Privacy

AkunIndo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately at privacy@akunindo.com, and we will take steps to delete such information.

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will notify you by:

Posting the updated policy on our website with a new "Last Updated" date
Sending an email notification (for significant changes)
Displaying an in-app notification

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@akunindo.com
Support Email: support@akunindo.com
Phone/WhatsApp: +62 811 305 777 82
Website: akunindo.com

For security-related concerns:

Email: security@akunindo.com

16. Version History

Version 1.0 (November 11, 2025)

Initial Comprehensive Release:

Data Controller identity and jurisdiction disclosure (German operator)
Complete third-party processor list with full contact details and safeguards:
- Supabase (database hosting)
- Hetzner (API hosting)
- Mistral AI (OCR processing)
- RevenueCat (subscription management)
- Resend (email delivery)
- Sentry (error tracking)
- Cloudflare (CDN/security)
- Expo (mobile infrastructure)
All GDPR data subject rights (Articles 15-22, 77) with procedures
UU PDP eight data subject rights explicitly
Legal basis for processing table (GDPR Article 6 compliance)
Detailed data retention schedule with tax law compliance explanation (10-year requirement)
AI/automated decision-making disclosure (GDPR Article 22)
Data breach notification procedures (72-hour commitment)
Multi-organization data handling section (employer/employee rights)
Mobile app permissions disclosure
International data transfer framework with Standard Contractual Clauses (SCCs)
Plain language summary at beginning
Version history tracking

By using AkunIndo, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Lokasi Resmi Kebijakan: Ini adalah versi resmi dari Kebijakan Privasi kami. Versi terbaru selalu tersedia di: www.akunindo.com/privacy

Kebijakan Privasi dalam Bahasa Sederhana

Yang perlu Anda ketahui tentang cara AkunIndo menangani data Anda:

Yang kami kumpulkan: Email Anda, data pengeluaran, foto struk, dan informasi perangkat dasar
Mengapa kami mengumpulkannya: Untuk membantu Anda melacak pengeluaran, memindai struk dengan AI, dan membuat laporan
Dengan siapa kami berbagi: Layanan cloud (Supabase, Hetzner), penyedia AI (Mistral AI), dan pengelola langganan (RevenueCat). Kami tidak pernah menjual data Anda.
Ke mana data Anda pergi: Diproses di Jerman, Prancis (UE), dan Amerika Serikat (dengan perlindungan hukum)
Berapa lama kami menyimpannya: Selama Anda menggunakan layanan, ditambah hingga 90 hari setelah penghapusan akun
Hak Anda: Akses, koreksi, ekspor, atau hapus data Anda kapan saja. Hubungi privacy@akunindo.com
Lokasi Anda penting: Anda dilindungi oleh hukum privasi UE (GDPR) dan Indonesia (UU PDP)
Kepatuhan pajak: ANDA harus mengekspor dan menyimpan data Anda selama 10 tahun (hukum pajak Indonesia). Kami menghapus semuanya setelah 90 hari.

Pemberitahuan AI: Kami menggunakan AI untuk membaca struk dan menyarankan kategori. Ini tidak 100% akurat - selalu verifikasi sebelum mengandalkannya untuk keperluan pajak.

Pendahuluan

Selamat datang di AkunIndo! Kami berkomitmen untuk melindungi privasi Anda dan menangani data Anda secara bertanggung jawab. Kebijakan Privasi ini menjelaskan bagaimana kami mengumpulkan, menggunakan, mengungkapkan, dan melindungi informasi Anda saat Anda menggunakan aplikasi seluler dan layanan kami.

Penting: Dengan menggunakan AkunIndo, Anda menyetujui pengumpulan dan penggunaan informasi sesuai dengan Kebijakan Privasi ini. Namun, menerima syarat ini TIDAK secara otomatis berarti Anda menyetujui email pemasaran atau penggunaan data opsional - itu memerlukan persetujuan opt-in terpisah.

Pengendali Data

Identitas Pengendali Data:

Nama: Jan Tammen / AkunIndo (nama operasional)
Lokasi: Jerman
Kontak: privacy@akunindo.com
Website: www.akunindo.com

Undang-Undang Perlindungan Data yang Berlaku:

Karena AkunIndo saat ini dioperasikan oleh pengendali yang berbasis di Jerman dan melayani pengguna terutama di Indonesia, data pribadi Anda dilindungi berdasarkan:

Peraturan Perlindungan Data Umum Uni Eropa (GDPR)
Undang-Undang Perlindungan Data Pribadi Indonesia (UU PDP No. 27/2022)

Anda mendapat perlindungan dari kedua peraturan tersebut. Di mana peraturan bertentangan, kami menerapkan standar yang memberikan Anda perlindungan lebih besar.

1. Informasi yang Kami Kumpulkan

1.1 Informasi Pribadi

Informasi Akun: Alamat email dan nama
Informasi Organisasi: Nama organisasi, detail bisnis (jika membuat akun organisasi)
Informasi Kontak: Saat Anda menghubungi tim dukungan kami

Catatan: Kami TIDAK mengumpulkan informasi pembayaran atau penagihan. Semua pembayaran langganan diproses langsung oleh Apple App Store atau Google Play Store.

1.2 Data Keuangan dan Bisnis

Gambar Struk dan Faktur: Foto, PDF, dan tangkapan layar struk dan faktur yang Anda unggah
Data Pengeluaran: Jumlah transaksi, tanggal, nama vendor, kategori, metode pembayaran, dan deskripsi
Kategori Akun: Chart of accounts dan kategorisasi pengeluaran yang Anda sesuaikan
Catatan Kontak: Informasi vendor dan pelanggan yang Anda tambahkan

1.3 Informasi yang Dikumpulkan Secara Otomatis

Informasi Perangkat: Jenis perangkat seluler, sistem operasi, pengidentifikasi perangkat unik
Data Penggunaan: Fitur aplikasi yang digunakan, halaman yang dilihat, waktu yang dihabiskan di aplikasi
Data Log: Alamat IP, jenis browser, waktu akses, log crash, dan laporan kesalahan

2. Cara Kami Menggunakan Informasi Anda

2.1 Untuk Menyediakan dan Memelihara Layanan Kami

Memproses dan mengkategorikan pengeluaran dari dokumen yang diunggah
Mengekstrak data dari struk menggunakan teknologi OCR bertenaga AI
Menyimpan dan mengorganisir catatan keuangan Anda
Membuat laporan pengeluaran dan ekspor
Menyinkronkan data di seluruh perangkat Anda

2.2 Untuk Meningkatkan dan Mengoptimalkan Layanan Kami

Menganalisis pola penggunaan untuk meningkatkan pengalaman pengguna
Melatih dan meningkatkan model AI kami (hanya menggunakan data anonim)
Mengembangkan fitur dan fungsionalitas baru
Memperbaiki bug dan masalah teknis

3. Berbagi dan Pengungkapan Data

Kami tidak menjual informasi pribadi Anda.

3.1 Penyedia Layanan Pihak Ketiga

Kami berbagi data Anda dengan penyedia layanan berikut yang memproses data atas nama kami:

Supabase Inc. - Hosting database dan infrastruktur backend (Amerika Serikat)
Hetzner Online GmbH - Hosting server API (Jerman)
Mistral AI - Pemrosesan OCR dan kategorisasi pengeluaran (Prancis)
RevenueCat Inc. - Manajemen langganan (Amerika Serikat)
Resend, Inc. - Pengiriman email transaksional (Amerika Serikat)
Sentry - Pelacakan kesalahan dan pemantauan (Amerika Serikat)
Cloudflare, Inc. - CDN dan keamanan (Amerika Serikat)
Expo - Infrastruktur aplikasi seluler (Amerika Serikat)

Penyedia ini diwajibkan secara kontraktual untuk melindungi data Anda dan menggunakannya hanya untuk layanan spesifik yang mereka berikan kepada kami.

4. Transfer Data Internasional

Data Anda diproses secara internasional:

Dalam Uni Eropa:

Server API: Jerman (Hetzner)
Pemrosesan OCR: Prancis (Mistral AI)

Ke Amerika Serikat:

Hosting database: Supabase
Manajemen langganan: RevenueCat
Pengiriman email: Resend
Pelacakan kesalahan: Sentry
CDN/Keamanan: Cloudflare
Infrastruktur seluler: Expo

Perlindungan: Semua pemroses berbasis AS beroperasi di bawah Standard Contractual Clauses (SCC) - mekanisme transfer yang disetujui Komisi UE yang memastikan perlindungan setingkat GDPR.

5. Keamanan Data

Kami menerapkan langkah-langkah keamanan standar industri untuk melindungi informasi Anda:

Enkripsi: Semua data dienkripsi saat transit (TLS/SSL) dan saat diam (AES-256)
Kontrol Akses: Kontrol akses berbasis peran yang ketat dan persyaratan otentikasi
Infrastruktur Aman: Dihosting pada infrastruktur yang aman, tersertifikasi SOC 2 Type II
Audit Reguler: Penilaian keamanan dan pengujian kerentanan
Backup Data: Backup otomatis reguler dengan enkripsi

6. Retensi Data

Kami menyimpan data Anda hanya selama diperlukan untuk tujuan yang diuraikan dalam kebijakan ini.

Proses Penghapusan Akun

Hari 1-7: Periode grace - Akun ditandai untuk dihapus tetapi dapat dibatalkan

Hari 8-30: Akses dihapus - Akun tidak dapat diakses oleh Anda

Hari 31-90: Pembersihan akhir - Kredensial login dan data pribadi dihapus permanen

Setelah 90 Hari: Penghapusan lengkap - Tidak ada pemulihan yang mungkin

Penting: Tanggung Jawab Kepatuhan Pajak Anda

Peraturan perpajakan Indonesia mengharuskan bisnis menyimpan catatan keuangan selama 10 tahun.

Ini adalah tanggung jawab ANDA sebagai pemilik bisnis, bukan tanggung jawab AkunIndo.

Kami SANGAT merekomendasikan:

Ekspor data Anda SEBELUM penghapusan
Simpan file yang diekspor minimal 10 tahun (persyaratan hukum pajak Indonesia)
Simpan backup dengan aman untuk potensi audit pajak

7. Hak Perlindungan Data Anda

Berdasarkan GDPR (Hukum Uni Eropa)

Hak Akses (Pasal 15) - Minta konfirmasi data pribadi apa yang kami proses
Hak Rektifikasi (Pasal 16) - Koreksi data pribadi yang tidak akurat
Hak Penghapusan (Pasal 17) - Minta penghapusan data pribadi Anda
Hak Pembatasan Pemrosesan (Pasal 18) - Minta kami membatasi penggunaan data
Hak Portabilitas Data (Pasal 20) - Terima data Anda dalam format yang dapat dibaca mesin
Hak Keberatan (Pasal 21) - Keberatan terhadap pemrosesan berdasarkan kepentingan sah
Hak Menarik Persetujuan (Pasal 7(3)) - Tarik persetujuan untuk pemrosesan berbasis persetujuan
Hak Mengajukan Keluhan (Pasal 77) - Keluhan ke otoritas pengawas

Berdasarkan UU PDP (Hukum Indonesia)

Warga Indonesia memiliki hak berikut berdasarkan UU PDP Pasal 5:

Hak mengakses data pribadi
Hak memperbaiki data pribadi
Hak menghapus data pribadi
Hak portabilitas data
Hak keberatan terhadap pemrosesan
Hak membatasi pemrosesan
Hak menarik persetujuan
Hak mengajukan keluhan ke Kominfo

Cara Melaksanakan Hak Anda:

Email: privacy@akunindo.com
Kami akan merespons dalam 30 hari (GDPR) / 14 hari (UU PDP)

8. Pemrosesan Otomatis dan AI

Fitur Bertenaga AI

AkunIndo menggunakan kecerdasan buatan untuk:

Optical Character Recognition (OCR): Mengekstrak teks dari gambar struk
Kategorisasi Pengeluaran: Menyarankan kategori pengeluaran berdasarkan detail transaksi
Pengenalan Merchant: Mengidentifikasi nama vendor dari struk
Ekstraksi Jumlah: Membaca jumlah transaksi dari gambar

Tidak Ada Keputusan Sepenuhnya Otomatis

Penting: AkunIndo TIDAK membuat keputusan berdasarkan pemrosesan otomatis saja yang menghasilkan efek hukum atau efek signifikan serupa pada Anda.

Saran AI memerlukan konfirmasi Anda
Anda memiliki kontrol penuh untuk menerima, memodifikasi, atau menolak kategorisasi AI
Anda dapat memasukkan semua data secara manual tanpa menggunakan fitur AI

Batasan Akurasi AI

Harap dicatat:

Kategorisasi AI TIDAK 100% akurat
OCR mungkin salah membaca teks, jumlah, atau tanggal
Anda harus meninjau dan memverifikasi semua data yang dihasilkan AI

Kami tidak bertanggung jawab atas:

Kategorisasi yang salah atau kesalahan OCR
Kesalahan pengajuan pajak berdasarkan saran AI
Keputusan keuangan yang dibuat menggunakan data yang dihasilkan AI

9. Izin Aplikasi Seluler

AkunIndo meminta izin perangkat berikut:

Akses Kamera: Memindai struk langsung di aplikasi
Akses Galeri Foto: Memilih foto struk yang ada
Akses Jaringan: Menyinkronkan data dengan server, memproses OCR
Notifikasi (Opsional): Penyelesaian OCR, ekspor siap, pengingat langganan

Izin yang TIDAK Kami Minta

Untuk privasi Anda, AkunIndo TIDAK meminta:

Akses lokasi
Akses kontak
Akses mikrofon
Akses kalender

10. Prosedur Pelanggaran Data

Dalam Kasus Pelanggaran Data

Timeline Respons Kami:

0-24 jam: Deteksi & Penilaian - Tim keamanan menilai ruang lingkup dan tingkat keparahan

24-72 jam: Notifikasi - Laporan ke otoritas dan pengguna yang terkena dampak jika berisiko tinggi

72+ jam: Remediasi - Kerentanan diperbaiki, langkah keamanan tambahan diterapkan

11. Privasi Anak

AkunIndo tidak ditujukan untuk digunakan oleh individu di bawah usia 18 tahun. Kami tidak secara sadar mengumpulkan informasi pribadi dari anak-anak.

12. Perubahan Kebijakan Privasi Ini

Kami dapat memperbarui Kebijakan Privasi ini dari waktu ke waktu. Ketika kami membuat perubahan, kami akan memberitahu Anda melalui:

Memposting kebijakan yang diperbarui di website kami dengan tanggal "Terakhir Diperbarui" yang baru
Mengirim pemberitahuan email (untuk perubahan signifikan)
Menampilkan notifikasi dalam aplikasi

13. Hubungi Kami

Jika Anda memiliki pertanyaan, kekhawatiran, atau permintaan mengenai Kebijakan Privasi ini atau praktik data kami, silakan hubungi kami:

Email: privacy@akunindo.com
Email Dukungan: support@akunindo.com
Telepon/WhatsApp: +62 811 305 777 82
Website: akunindo.com

Untuk masalah terkait keamanan:

Email: security@akunindo.com

14. Riwayat Versi

Versi 1.0 (11 November 2025)

Rilis Komprehensif Awal:

Identitas dan yurisdiksi Pengendali Data (operator Jerman)
Daftar lengkap pemroses pihak ketiga dengan detail kontak dan perlindungan
Semua hak subjek data GDPR (Pasal 15-22, 77) dengan prosedur
Delapan hak subjek data UU PDP secara eksplisit
Tabel dasar hukum pemrosesan (kepatuhan GDPR Pasal 6)
Jadwal retensi data terperinci dengan penjelasan kepatuhan hukum pajak (persyaratan 10 tahun)
Pengungkapan AI/pengambilan keputusan otomatis (GDPR Pasal 22)
Prosedur notifikasi pelanggaran data (komitmen 72 jam)
Bagian penanganan data multi-organisasi (hak pemberi kerja/karyawan)
Pengungkapan izin aplikasi seluler
Kerangka transfer data internasional dengan Standard Contractual Clauses (SCC)

Dengan menggunakan AkunIndo, Anda mengakui bahwa Anda telah membaca, memahami, dan menyetujui Kebijakan Privasi ini.

Privacy Policy Kebijakan Privasi