Security Policy

Last Updated: October 23, 2025

1. Introduction

This Security Policy outlines the measures we take to protect the security of our platform and your data. At Nakafa, we are committed to ensuring the confidentiality, integrity, and availability of our systems and the information entrusted to us.

2. Data Security

We implement a variety of security measures to maintain the safety of your personal information. These measures include:

Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS. Data at rest is also encrypted to protect it from unauthorized access.
Access Control: Access to personal information is strictly limited to employees who need it to perform their job functions. We use the principle of least privilege to ensure that individuals only have access to the data necessary for their roles.
Secure Infrastructure: Our platform is hosted on Vercel, which provides a secure and resilient infrastructure. Our database is managed by Convex, which offers robust security features to protect your data.

3. Vulnerability Management

We regularly scan our systems for vulnerabilities and apply patches in a timely manner. We also encourage responsible disclosure of security vulnerabilities by security researchers. If you believe you have found a security vulnerability in our platform, please contact us at nakafaai@gmail.com.

4. Incident Response

In the event of a security breach, we have an incident response plan in place to promptly address the issue. Our plan includes steps to contain the breach, assess the impact, and notify affected users as required by law.

5. Employee Training

All our employees receive regular security training to ensure they are aware of the latest threats and best practices for protecting user data. This training covers topics such as phishing, social engineering, and secure coding practices.

6. Compliance

For users in the European Union and European Economic Area, we comply with the General Data Protection Regulation (GDPR). Our security measures are designed to protect your rights under GDPR, including:

Data Protection Impact Assessments for high-risk processing activities
Data Protection by Design and by Default principles
Appropriate technical and organizational measures to ensure data security
Breach notification procedures in compliance with GDPR requirements (within 72 hours)

Indonesian PDP Law Compliance

We comply with Indonesia's Personal Data Protection Law (UU PDP), which includes:

Implementing appropriate security safeguards for personal data
Notifying relevant authorities and affected individuals in case of data breaches
Ensuring data processors meet security requirements
Regular security audits and assessments

7. Data Breach Notification

In accordance with GDPR and Indonesian PDP Law requirements:

EU Users: We will notify the relevant supervisory authority within 72 hours of becoming aware of a data breach, and affected users without undue delay if the breach poses a high risk to their rights and freedoms.
Indonesian Users: We will notify relevant authorities and affected individuals in accordance with Indonesian PDP Law requirements.

8. Policy Updates

We may update this Security Policy from time to time to reflect changes in our security practices or legal requirements. We will notify you of any significant changes by posting the new policy on our platform.

9. Contact Us

If you have any questions or concerns about our Security Policy, please contact us at:

PT. Nakafa Tekno Kreatif
Indonesia
Email: nakafaai@gmail.com

For security vulnerability reports or GDPR-related security inquiries, please mark your communication as "Security" or "GDPR Security" in the subject line.

Command Palette