Privacy Policy

Welcome to Relasify ("Platform"), operated by PT Kreasi Raya Nusantara ("Company", "we", "us", or "our"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our CRM platform, WhatsApp Business integration, and related services. Contact Information: • Company: PT Kreasi Raya Nusantara • Email: [email protected] • Address: Jakarta, Indonesia

2.1 Information You Provide Directly • Account Information: Name, email address, phone number, company name, job title • Business Information: Company details, business address, tax identification number • Payment Information: Billing address, payment method details (processed by secure payment providers) • Communication Content: Messages, templates, media files you send through our platform • Contact Data: Customer phone numbers, names, and other data you upload for messaging 2.2 Information Collected Automatically • Usage Data: Features used, actions taken, time spent on platform • Device Information: Browser type, operating system, device identifiers • Log Data: IP address, access times, pages viewed, referring URLs • Cookies: Session cookies, preference cookies, analytics cookies 2.3 Information from Third Parties • Meta/WhatsApp: Message delivery status, read receipts, phone verification status • Payment Processors: Transaction confirmations, payment status • Business Verification Services: Identity and business verification results

We use collected information for the following purposes: 3.1 Service Delivery • Provide and maintain our CRM and messaging services • Process and deliver messages on your behalf via WhatsApp and other channels • Manage your WhatsApp Business Account integration • Create and manage message templates 3.2 Account Management • Create and manage your account • Process payments and billing • Provide customer support • Send service-related communications 3.3 Improvement and Analytics • Analyze usage patterns to improve our services • Develop new features and functionality • Conduct research and analytics • Personalize your experience 3.4 Legal and Compliance • Comply with applicable laws and regulations • Enforce our terms of service • Protect against fraud, abuse, and security threats • Respond to legal requests and government inquiries

4.1 Service Providers We share information with trusted third-party service providers who assist in operating our services: • Meta/WhatsApp: For message delivery through WhatsApp Business Platform • Cloud Infrastructure: For hosting and data storage (with encryption) • Payment Processors: For secure payment processing • Analytics Services: For service improvement (anonymized data) 4.2 Legal Requirements We may disclose information when required by law or to: • Comply with legal process or government requests • Protect our rights, privacy, safety, or property • Prevent fraud or illegal activity • Protect the safety of our users and the public 4.3 Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity with prior notice. 4.4 With Your Consent We may share information with third parties when you provide explicit consent.

When using our WhatsApp integration features: 5.1 Data Processing • Messages are processed through Meta's WhatsApp Business Platform • We act as a data processor on behalf of businesses using our platform • Message content is transmitted securely via WhatsApp's infrastructure 5.2 Meta's Privacy Policy Your use of WhatsApp features is also subject to Meta's privacy policies: • WhatsApp Privacy Policy: https://www.whatsapp.com/legal/privacy-policy • WhatsApp Business Terms: https://www.whatsapp.com/legal/business-terms 5.3 Message Data • Message content is used solely for delivery purposes • Delivery status and read receipts are received from WhatsApp • Phone numbers are used for message routing • Media files are processed per WhatsApp requirements

We use Google services to enhance your experience on our platform: 6.1 Google Sign-In (OAuth 2.0) When you choose to sign in with Google: • We receive your basic profile information (name, email address, profile picture) • We do not receive or store your Google password • Authentication is handled securely through Google's OAuth 2.0 protocol • You can revoke access at any time through your Google Account settings 6.2 Data We Receive from Google • Profile Information: Name, email address, profile picture URL • Account Identifier: Unique Google account ID for authentication • We only request the minimum permissions necessary for authentication 6.3 Google's Privacy Policy Your use of Google Sign-In is also subject to Google's privacy policies: • Google Privacy Policy: https://policies.google.com/privacy • Google Terms of Service: https://policies.google.com/terms 6.4 Revoking Google Access You can disconnect your Google account from Relasify at any time by: • Visiting your Account Settings in our platform • Or through Google's Security settings at myaccount.google.com/permissions

We retain your data for as long as necessary to provide our services and fulfill the purposes described in this policy: • Account Data: Retained while your account is active, plus 90 days after closure • Message Content: Retained for 90 days for service delivery and support purposes • Usage Logs: Retained for 12 months for analytics and debugging • Billing Records: Retained for 7 years as required by Indonesian tax law • Security Logs: Retained for 24 months for security and compliance You may request deletion of your data at any time, subject to legal retention requirements.

We implement comprehensive security measures to protect your data: Technical Measures • Encryption in transit using TLS 1.3 • Encryption at rest using AES-256 • Regular security assessments and penetration testing • Multi-factor authentication options • Access controls and authentication mechanisms Organizational Measures • Employee security training and awareness programs • Background checks for employees with data access • Incident response procedures • Vendor security assessments • Regular security audits While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal data: • Right to Access: Request a copy of your personal data • Right to Correction: Request correction of inaccurate data • Right to Deletion: Request deletion of your data (subject to legal requirements) • Right to Portability: Request your data in a portable format • Right to Object: Object to certain types of processing • Right to Restrict: Request restricted processing of your data • Right to Withdraw Consent: Withdraw previously given consent To exercise these rights, please contact us at [email protected]. For Indonesian residents, these rights are provided in accordance with Indonesian Law No. 27 of 2022 concerning Personal Data Protection (UU PDP).

Types of Cookies We Use: • Essential Cookies: Required for platform functionality (session management, authentication) • Functional Cookies: Remember your preferences and settings • Analytics Cookies: Help us understand how you use our platform • Marketing Cookies: Used to deliver relevant advertisements (with consent) Managing Cookies: You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality. For more information, see our Cookie Policy.

Your data may be transferred to and processed in countries outside Indonesia. When we transfer data internationally, we ensure appropriate safeguards are in place: • Standard contractual clauses approved by relevant authorities • Adequacy decisions where applicable • Other legal mechanisms as required We primarily store data in secure data centers in Southeast Asia to minimize latency and comply with local regulations.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected], and we will take steps to delete such information.

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by: • Email notification to your registered address • Prominent notice on our platform • In-app notification Continued use of our services after changes constitutes acceptance of the updated policy. We encourage you to review this policy regularly.

For questions, concerns, or requests regarding this Privacy Policy or our data practices: PT Kreasi Raya Nusantara • Email: [email protected] • General: [email protected] • Address: Jakarta, Indonesia We will respond to your inquiry within 30 days.