Privacy Policy

This Privacy Policy explains how kelolabiz ("we") collects, uses, and protects your information when using our services. We are committed to complying with Indonesian Government Regulation No. 71 of 2019 on Electronic Systems and Transactions and applicable Indonesian data protection regulations.

Data We Collect

• Account information: name, email, phone number, shop name, and business information
• WhatsApp data: phone numbers of customers contacting your shop, message content processed by the bot
• Product data: product catalog, prices, inventory that you upload to the system
• Usage data: message counts, response times, bot performance for service purposes
• Payment data: subscription information (processed by Xendit, we do not store card data)

How We Use Your Data

• Running the WhatsApp bot service for your shop
• Processing customer messages and generating accurate responses
• Syncing product data, prices, and real-time stock
• Sending service notifications and feature updates
• Improving service quality and bot performance
• We do not use WhatsApp message data for retargeting, consumer profiling, cross-platform advertising, or any purpose beyond delivering the service to you. Data obtained via the WhatsApp Business Solution is not shared with or sold to third parties for marketing purposes.

Third Parties

Meta (WhatsApp Cloud API)

Messages sent and received via your WhatsApp number are processed through Meta's official Cloud API. By using kelolabiz's WhatsApp automation features, you and your customers' messages are subject to Meta's Privacy Policy, the WhatsApp Business Platform Terms (business.whatsapp.com/policy), and Meta's Business Data Processing Terms (whatsapp.com/legal/business-data-processing-terms). kelolabiz acts as a Business Solution Provider on your behalf and does not use WhatsApp Business Solution data for retargeting or consumer profiling.

AI Provider (Groq)

Message content is processed by Groq AI models to generate responses. Message content is processed transiently and is not permanently stored by Groq. We have data processing agreements in place with our AI providers.

Xendit (Payments)

Payment transactions are processed by Xendit. We do not store your credit card or bank account information.

Infrastructure

Service is hosted on servers in Indonesia. Encrypted data backups are stored with high security standards.

Data Retention & Deletion

Conversation data is stored for 12 months for analytics and audit purposes. After account deletion, all data will be permanently deleted within 30 days. Anonymized aggregate statistics may be retained indefinitely. Financial transaction records are retained for 5 years as required by Indonesian tax regulations.

Security Breach Notification

In the event of a data breach that materially affects your personal data, we will notify affected users within 30 calendar days of confirming the breach, consistent with applicable Indonesian law. Notification will be sent to the registered email address on your account and posted as a dashboard alert.

Your Rights

• Access: request a copy of all data we hold about you
• Correction: fix inaccurate data
• Deletion: request deletion of your account and all associated data
• Portability: export your data in CSV or JSON format within 15 business days of request

Security

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Employee access to customer data is restricted and audited. We conduct regular security testing.

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — such as new data collection practices or new third-party sharing — we will notify you at least 30 days in advance via email and a dashboard banner. Continued use of the service after the effective date constitutes acceptance of the updated policy.

Contact Us

For privacy questions or data requests, contact us at:

• Email: privacy@kelolabiz.com
• WhatsApp: wa.me/6282391226304

→ Delete My Data