Dalang.io Logo

Dalang.io
← Back to Legal & Procurement

Privacy Policy

Effective 8 May 2026 Last reviewed 8 May 2026 Contracting entity β†’

Dalang.io is committed to protecting personal data we process about you. This policy explains what we collect, why, with whom we share it, where it's stored, and how to exercise the rights granted to you under UU 27/2022 (UU Perlindungan Data Pribadi).

The Personal Data Controller for your data is the Dalang.io legal entity that contracts with you β€” see Legal & Procurement for the entity list and registered addresses.

1. Information We Collect

  • Account information: name, email address, password (hashed), and OAuth identifier when you sign in via Google, GitHub, or magic-link email.
  • Personal information (optional): phone number, company, tax identifier (NPWP), and billing address when you opt to provide them for invoicing.
  • Payment information: billing details required to process subscription or one-off payments. Card numbers are tokenised by our payment processor (Xendit) and never stored on Dalang.io infrastructure.
  • Usage data: IP address, browser type, pages visited, request timestamps, and the IP that accessed each VPS.
  • Technical data: server logs, instance identifiers, and connection metadata related to the cloud services you operate.

2. How We Use Your Information

  • To provide, maintain, and improve our services (VPS hosting, container hosting, deployments, cloud infrastructure).
  • To process transactions, issue faktur pajak, and send transaction-related notifications.
  • To communicate maintenance windows, security alerts, and support replies.
  • To monitor usage patterns and detect, prevent, and address abuse, fraud, or security threats.
  • To meet our legal obligations under Indonesian law (e.g., responding to lawful requests from authorities).

3. Data Storage and Security

  • Data residency: Personal data and customer workloads are stored on Dalang.io infrastructure physically located in Indonesia (Jakarta and Banten data centers). Your data does not leave Indonesia unless you explicitly request a different region.
  • VPS and service data is replicated across cluster nodes for redundancy.
  • Industry-standard security measures (encryption at rest and in transit where applicable, access controls, audit logging) protect against unauthorized access, alteration, or destruction.
  • Retention: we retain personal data only as long as necessary to provide the service or as required by Indonesian law (typically: account data while the account is active, plus 5 years after closure for tax/audit obligations).

4. Information Sharing

We do not sell your personal information. We may share data only in the following circumstances:

  • With payment processors (Xendit) to complete transactions and meet KYC obligations.
  • With infrastructure operators we contract with (e.g., Cloudflare for CDN, DNS, and DDoS protection).
  • When required by law, regulation, court order, or government request that we are legally compelled to comply with.
  • To protect the rights, property, or safety of Dalang.io, our users, or the public.

5. Your Rights Under UU PDP

Under UU 27/2022, you have the right to:

  • Access β€” receive a copy of the personal data we hold about you.
  • Rectify β€” request correction of inaccurate or incomplete data.
  • Erase β€” request deletion of your personal data, subject to retention obligations under Indonesian tax and audit law.
  • Restrict processing β€” request that we limit how we use your data while a dispute is being resolved.
  • Withdraw consent β€” for any processing that relies on your consent (you may close your account at any time; see retention above).
  • Data portability β€” receive your data in a machine-readable format.
  • Object β€” object to processing for direct marketing or based on legitimate interests.

To exercise any of these rights, email [email protected]. We respond within 14 working days. You also have the right to lodge a complaint with the relevant Indonesian supervisory authority.

6. Cookies and Tracking

We use cookies and similar technologies for authentication, language preference, and basic analytics. See our Cookie Policy for the full breakdown and opt-out options.

7. Third-Party Services

Our website may link to third-party sites or integrate with external services. We are not responsible for those parties' privacy practices β€” please review their respective policies.

8. Children's Privacy

Our services are not intended for individuals under 13. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

9. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. The effective and last-reviewed dates at the top of this page reflect the current version. Material changes will be communicated via email to active accounts.

10. Contact & Data Protection Officer

Privacy enquiries: [email protected]. General support: [email protected]. For DPO contact details and the Personal Data Controller per service, see Legal & Procurement.

Questions about this document? Email [email protected].

For the legal entity that contracts with you, see Legal & Procurement.