Privacy Policy
How we handle the data you share with us — written for procurement and security reviewers, not lawyers. Aligned with Indonesia's Personal Data Protection Law (UU 27/2022) and OJK SE 21/2023 on IT risk for financial-sector providers.
Last updated: April 2026
1. Who we are
Straventa (PT Straventa Teknologi Indonesia) operates this website at straventa.com. For data we collect through this website — contact and demo requests, newsletter sign-ups, and basic analytics — we act as the data controller. For data processed on behalf of customers through our products (FDS, KYC, AML, Reconciliation, POS, Marketplace, Payment Gateway), we act as a processor under a separate Data Processing Addendum (DPA) made part of the customer agreement.
2. What we collect on this website
When you fill in a contact or demo form we collect the fields you submit (name, work email, company, role, country, transaction-volume bucket, deployment preference, and the message you write). We do not require national ID, KTP, NPWP, or any other identifier issued by an Indonesian authority on this site. We use first-party cookies and aggregated analytics to understand which pages convert; we do not sell or share this data with advertising networks.
3. Why we use it
Marketing-site data is used only to respond to your inquiry, schedule a demo, send pre-sale information you request, and improve the site. We do not use marketing data for credit decisions, fraud scoring, or any product-side processing. If you become a customer, processing under our products is governed by the DPA, not this Policy.
4. Where data is stored
Marketing-site data is stored in Indonesia at our primary data center in Jakarta, with encrypted off-site backups inside Indonesian sovereign borders. Customer data processed by our products honours the customer's chosen deployment — SaaS (Indonesia region) or on-premise inside the customer's own environment.
5. How long we keep it
We keep contact and demo submissions for up to 24 months after our last interaction, unless you ask us to delete them sooner. Anonymised aggregate analytics may be kept longer.
6. Your rights under UU PDP 27/2022
You have the right to access, correct, restrict, port, or delete your personal data, and to withdraw consent at any time. Send a written request to the contact below; we respond within 14 working days. You may also lodge a complaint with the Personal Data Protection Authority of Indonesia.
7. Sub-processors
We use a small number of vendors to operate the website (hosting, analytics, email delivery, calendar scheduling). The current list is published on our /security page and updated when it changes.
8. Security
All traffic to and from straventa.com is encrypted in transit (TLS 1.2 or higher). Marketing data is encrypted at rest (AES-256). Access to production systems is role-based, audited, and protected by hardware MFA. See /security for the full posture.
9. Changes
We may update this Policy as our practices or applicable law change. Material changes will be notified at the top of this page and, where appropriate, by email to people who have given us their address.
Data Protection Officer
For access, correction, deletion, or any privacy question, write to our DPO. We respond in writing within 14 working days, in Bahasa Indonesia or English.
[email protected]Looking for our security posture instead? See /security.
Have a procurement or compliance question?
Join fintechs and banks across Indonesia who trust Straventa for their compliance and risk operations.