Privacy Policy
Effective: May 20, 2026
This policy explains what data esaFiskaly collects from you, what we use it for, where it lives, and what controls you have — short, no jargon.
1. What we collect
We only collect what's necessary to run the accounting, tax, and POS services you actually use. The data falls into four groups:
- Account identity: full name, email, password (hashed with Argon2id; we never see your plaintext password).
- Tenant (business) data: legal name, NPWP, business type, PKP/UMKM status, fiscal year-end.
- Operational data: invoices, journals, bukti potong, faktur pajak, payroll, POS transactions, and tax filings you create.
- Technical metadata: last-login timestamp, audit log for every POST/PUT/PATCH/DELETE request (body up to 64 KiB), IP & user-agent.
2. Where it lives
Tenant data sits in a PostgreSQL database with Row-Level Security FORCEd on every tenant-scoped table. There is no superuser / table-owner bypass — including for esaFiskaly super-admins.
Backups are encrypted at rest. Production access is restricted to the engineering team's infrastructure and MFA-protected.
3. Who can access your data
- You and the members of your tenant — with permissions scoped by role (OWNER/ADMIN/ACCOUNTANT/AUDITOR/VIEWER/CONSULTANT).
- External consultants ONLY when you add them as a membership on your tenant.
- The esaFiskaly team only for incident debugging with your consent, and every action is recorded in the audit log.
- esaFiskaly super-admins never query tenant operational data directly; admin routes only touch platform tables (tenants, users, memberships, subscriptions).
4. Retention & deletion
While the subscription is active — or in the expired-but-data-preserved state — your tenant data is retained indefinitely so you can still log in to read reports and export.
Account & tenant deletion requests: reach us via the contact channel below. We verify identity, then process deletion within 30 business days, keeping only the financial records Indonesian tax regulation requires us to preserve.
5. Cookies & analytics
We use session cookies for authentication (JWT access + refresh). No third-party tracking cookies inside the dashboard.
On the public marketing surface we may use privacy-friendly analytics. We do not sell your data to advertisers.
6. Third-party sub-processors
To run the service we rely on a small set of sub-processors (hosting, transactional email, payments). The current list is available on request.
Every sub-processor is bound by confidentiality and safeguards equivalent to this policy.
7. Your rights under UU PDP
- The right to access and correct your personal data.
- The right to deletion and data portability.
- The right to withdraw consent at any time.
- The right to lodge a complaint with the relevant supervisory authority.
8. Policy changes
This policy may be updated. Material changes will be emailed to tenant owners (OWNER role) at least 14 days before they take effect.
Privacy questions or data access / deletion requests? Reach our team through the support page, or email your tenant owner.
