Privacy Notice

Introduction

PT. Digital Meta Solutions ("Digimetalab," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Notice explains how we collect, use, disclose, and safeguard your information when you visit our website (digimetalab.my.id), use our AI automation services, or interact with us through any digital channels. By using our services, you consent to the practices described in this notice. We encourage you to read this document carefully to understand our privacy practices.

Who We Are

Digimetalab is a premier AI Automation Agency based in Bali, Indonesia. We specialize in designing and implementing intelligent automation solutions for businesses worldwide.

• Legal Entity: PT. Digital Meta Solutions
• Operating Name: Digimetalab
• Location: Bali, Indonesia
• Data Protection Contact: privacy@digimetalab.my.id
• Website: digimetalab.my.id

We are the data controller responsible for the personal information collected through our services and website.

Information We Collect

We collect information in several ways to provide and improve our services:

Information You Provide Directly:

• Contact Information: Name, email address, phone number (including WhatsApp), company name, and job title when you reach out to us
• Communication Data: Messages sent through our contact form, chat widget, email, or WhatsApp Business
• Consultation Data: Business information, workflows, and requirements shared during discovery calls and project discussions
• Project Data: Technical specifications, access credentials, and business documents provided for project implementation
• Payment Information: Billing address and payment details processed through secure third-party payment providers

Information Collected Automatically:

• Technical Data: IP address, browser type and version, operating system, device information, and mobile device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, navigation paths, and referring websites
• Location Data: General geographic location based on IP address (country/city level only)
• Cookie Data: Information stored in cookies as described in our cookie policy section

AI Chat Widget & Data Processing

Our website features an AI-powered chat widget to provide instant assistance. Here's how we handle data from AI interactions:

• Conversation Processing: Your messages are sent to our AI providers (Groq/OpenAI) to generate responses
• Data Minimization: We only send necessary message content to AI providers—no personally identifiable information unless you include it
• No Training: Your conversations are NOT used to train AI models by our providers
• Temporary Storage: Chat conversations are stored temporarily for session continuity and may be logged for quality improvement
• Anonymization: We implement data anonymization techniques where possible before AI processing

How We Use Your Information

We process your personal information for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI automation services and fulfill our contractual obligations
• Communication: To respond to inquiries, provide support, and communicate about projects, updates, and service-related matters
• Marketing: To send promotional materials, newsletters, and updates about new services (only with your explicit consent)
• Analytics: To analyze usage patterns, improve website performance, and enhance user experience
• Security: To protect against fraud, unauthorized access, and security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Business Operations: For internal administration, billing, and quality assurance purposes

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: You have given clear consent for processing (e.g., marketing communications, chat interactions)
• Contract: Processing is necessary for the performance of a contract with you (e.g., service delivery)
• Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., improving services, security)
• Legal Obligation: Processing is necessary to comply with legal requirements

Information Sharing & Disclosure

We may share your information with the following categories of recipients:

• AI Service Providers: Groq, OpenAI, and similar providers for AI-powered features (with data minimization practices)
• Cloud Infrastructure: Netlify, Cloudflare, AWS, Google Cloud for hosting and performance
• Analytics Providers: Google Analytics for website usage analysis (anonymized where possible)
• Payment Processors: Secure third-party payment providers for transaction processing
• Professional Advisors: Legal, accounting, and business advisors under confidentiality agreements
• Legal Authorities: When required by law, court order, or to protect our legal rights

International Data Transfers

As we serve clients globally and use international service providers, your data may be transferred to and processed in countries outside of Indonesia, including the United States and European Union. We ensure that such transfers are protected by appropriate safeguards, including:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions for countries with equivalent data protection standards
• Certifications and compliance frameworks (e.g., SOC 2, ISO 27001) of our service providers
• Encryption and security measures during data transfer and storage

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience and gather analytical data. Here's a breakdown of the cookies we use:

• Essential Cookies: Required for basic website functionality, security, and session management. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our site using Google Analytics 4. Data is anonymized and used only for improvement purposes.
• Preference Cookies: Remember your settings like language preferences and chat widget state.
• Performance Cookies: Monitor site performance and identify potential issues for optimization.

Managing Cookies: You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect website functionality. Most browsers allow you to refuse cookies, delete existing cookies, or alert you before a cookie is stored.

Data Security

We implement comprehensive technical and organizational security measures to protect your personal information:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Infrastructure: Secure cloud hosting with SOC 2 certified providers (Netlify, Cloudflare)
• Access Control: Role-based access, multi-factor authentication, and principle of least privilege
• Monitoring: 24/7 security monitoring, intrusion detection, and automated alerting
• Backups: Regular automated backups with encrypted off-site storage
• Updates: Regular security patches and vulnerability assessments
• Training: Regular security awareness training for our team

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We encourage you to use strong passwords and take precautions when sharing sensitive information online.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation on how we process your data
• Right to Portability: Request transfer of your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, please contact us at privacy@digimetalab.my.id. We will respond to your request within 30 days. We may request verification of your identity before processing your request.

Data Retention

We retain personal information only as long as necessary for the purposes outlined in this notice:

• Contact/Inquiry Data: 2 years from last interaction, unless converted to a client
• Client Project Data: 7 years after project completion (legal and tax requirements)
• Chat Conversations: 90 days for quality assurance, then anonymized or deleted
• Analytics Data: 26 months (Google Analytics default retention)
• Marketing Preferences: Until you unsubscribe or withdraw consent
• Legal/Compliance Data: As required by applicable laws (typically 5-10 years)

When retention periods expire, data is securely deleted or anonymized so it can no longer identify you.

Children's Privacy

Our services are designed for businesses and are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@digimetalab.my.id, and we will take steps to delete such information.

Third-Party Links

Our website may contain links to external websites, social media platforms, or third-party services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any external sites you visit. This Privacy Notice applies only to information collected through our website and services.

Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this notice and, where appropriate, provide additional notification (such as email notification or a prominent notice on our website). We encourage you to review this notice periodically to stay informed about how we protect your information.