Command Palette

Search for a command to run...

Privacy Policy

Last Updated: October 23, 2025

1. Introduction

Welcome to Nakafa. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect includes:

  • Personal Data: Personally identifiable information, such as your name, email address, and demographic information, that you voluntarily give to us when you register with the platform.
  • Derivative Data: Information our servers automatically collect when you access the platform, such as your IP address, browser type, operating system, access times, and the pages you have viewed directly before and after accessing the platform.

Legal Basis for Processing (GDPR)

For users in the European Union, including Germany, we process your personal data based on:

  • Consent: You have given clear consent for us to process your personal data for specific purposes.
  • Contract: Processing is necessary for a contract you have with us.
  • Legal Obligations: Processing is necessary for us to comply with the law.
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights.

3. Use of Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you to:

  • Create and manage your account.
  • Email you regarding your account or order.
  • Enable user-to-user communications.
  • Monitor and analyze usage and trends to improve your experience with the platform.

4. Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

  • By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
  • Third-Party Service Providers: We may share your information with third parties that perform services for us or on our behalf, including data analysis, hosting services, customer service, and marketing assistance. We use Vercel for infrastructure and Convex for our database.

5. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

6. Your Data Protection Rights

For EU/EEA Users (GDPR Rights)

If you are located in the European Union or European Economic Area, you have the following rights:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
  • Right to Erasure: You have the right to request deletion of your personal data under certain conditions.
  • Right to Restrict Processing: You have the right to request restriction of processing your personal data under certain conditions.
  • Right to Data Portability: You have the right to request transfer of your data to another organization or directly to you.
  • Right to Object: You have the right to object to our processing of your personal data under certain conditions.
  • Right to Withdraw Consent: You have the right to withdraw consent at any time where we relied on consent to process your personal data.

To exercise these rights, please contact us at nakafaai@gmail.com.

For Indonesian Users (PDP Law Rights)

Under Indonesia's Personal Data Protection Law, you have rights including access, correction, and deletion of your personal data. Contact us to exercise these rights.

7. International Data Transfers

Our company is based in Indonesia, but we serve users globally, including in the European Union. When we transfer personal data from the EU to Indonesia or other countries, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Our infrastructure providers (Vercel and Convex) maintain compliance with international data protection standards and provide appropriate security measures for cross-border data transfers.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we will securely delete or anonymize it.

9. Policy for Children

We do not knowingly solicit information from or market to children under the age of 13 (or 16 for EU users). If you become aware of any data we have collected from children under the applicable age, please contact us using the contact information provided below.

10. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at:

PT. Nakafa Tekno Kreatif
Indonesia
Email: nakafaai@gmail.com

For GDPR-related inquiries from EU users, please mark your communication as "GDPR Request" in the subject line.