Privacy Policy — Syncara Host (Indonesia Law Compliant)

This Privacy Policy establishes the complete and binding terms under which Syncara Host (“we”, “our”, “the Company”) collects, processes, stores, protects, and manages personal data for all digital services offered on our platform.
By purchasing, activating, accessing, or using any Syncara Host service, you acknowledge and agree to every term in this document without exception.

This policy is intentionally extensive to ensure clarity, prevent ambiguity, and comply fully with applicable Indonesian laws and regulations regarding personal data protection and electronic transactions.

1. Introduction

Syncara Host provides hosting and digital infrastructure services, including but not limited to Minecraft server hosting, game hosting, compute nodes, web panel access, billing systems, and ancillary infrastructure (“Services”). This Privacy Policy describes how user information is handled in accordance with:

  • Undang-Undang Perlindungan Data Pribadi (UU PDP No. 27/2022)
  • Undang-Undang Informasi dan Transaksi Elektronik (UU ITE)
  • PP 71/2019 Penyelenggaraan Sistem dan Transaksi Elektronik (PSTE)
  • Peraturan Menkominfo yang relevan

Using our Services signifies full acceptance of this Privacy Policy.

2. Legal Basis for Data Processing

2.1 Consent

You provide explicit consent when submitting personal data, creating an account, or purchasing a service.

2.2 Contractual Necessity

We process personal data as needed to deliver hosting services, support operations, security measures, and billing.

2.3 Legal Obligations

We process data in compliance with Indonesian law, including requirements for tax, security, and electronic system operations.

2.4 Legitimate Interests

We process data for service optimization, system monitoring, fraud prevention, and infrastructure improvement.

3. Categories of Data Collected

3.1 Identity Data

  • Name or display name
  • Email address
  • Phone number (optional)
  • Internal account identifiers
  • Discord username (if linked)

3.2 Billing & Transaction Data

  • Invoice details
  • Tokenized payment information
  • Payment confirmation metadata
  • Anti-fraud logs

We do not store raw credit card numbers, CVV codes, or banking PINs.

3.3 Technical Data

  • IP address (IPv4/IPv6)
  • Browser type and version
  • Operating system
  • Session logs
  • Authentication logs
  • Device and network metadata

3.4 Service Usage Data

  • Server logs
  • Resource usage metrics
  • Crash and event logs
  • Network performance data

3.5 Support Data

  • Ticket messages
  • Email interaction logs
  • Support attachments and reports

4. Principles of Data Handling

We adhere to principles of:

  • Transparency
  • Purpose limitation
  • Data minimization
  • Accuracy and integrity
  • Storage limitation
  • Confidentiality
  • Accountability

5. How Personal Data Is Used

5.1 Service Delivery

  • Server provisioning
  • Performance monitoring
  • Resource allocation
  • Authentication and authorization

5.2 Payment & Billing

  • Invoice creation
  • Refund evaluation
  • Fraud detection
  • Tax reporting and audit compliance

5.3 Security & Abuse Prevention

  • DDoS protection
  • Unauthorized access detection
  • Abuse and incident analysis
  • Account misuse investigation

5.4 Customer Support

  • Ticket handling and follow-up
  • Technical troubleshooting
  • Account verification and recovery

5.5 Service Improvement

  • Infrastructure optimization
  • Feature planning and development
  • Error and downtime reduction

6. Data Storage and Security

6.1 Storage Locations

Data may be stored in secure data centers located in:

  • Indonesia
  • Singapore
  • Germany
  • United States
  • Malaysia

All facilities are selected based on strict security and reliability criteria, including certifications such as ISO 27001 or equivalent.

6.2 Security Measures

We implement, among others:

  • AES-256 encryption for data at rest where applicable
  • TLS/HTTPS for data in transit
  • Firewalls and DDoS protection systems
  • Strict access control and least-privilege principles
  • Regular security patches and updates
  • Continuous monitoring and logging of critical systems

7. Data Sharing and Disclosure

We never sell your personal data to third parties.

Data may be disclosed or shared only when necessary, including:

  • With payment processors for transaction handling
  • With email and notification providers for communication
  • With fraud detection and security partners
  • With governmental or regulatory authorities if required by law
  • With your explicit consent for integrations or third-party services

Each third party receiving data must implement adequate technical and organizational measures to protect that data.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain login sessions and authentication
  • Store user preferences and interface settings
  • Analyze aggregated usage data
  • Enhance security and detect suspicious activities

You may configure your browser to block cookies, but certain features or sections of the Services may function suboptimally or become unavailable.

9. Data Retention

Data retention is managed carefully to balance legal requirements, operational needs, and your privacy rights. Each category of data is retained only for as long as necessary for the purposes described in this Privacy Policy or as required by applicable law.

9.1 Account Data

“Account Data” includes identity information (name, email, phone number if provided), login credentials, internal account identifiers, and configuration details associated with your Syncara Host profile.

We retain Account Data for the duration of your active use of the Services and for a reasonable period afterward, which may include:

  • Time required to handle closing activities such as final invoices, disputes, or chargebacks.
  • Time required to meet legal obligations related to documentation and audit trails.

If you request account deletion:

  • Certain Account Data will be removed from active systems.
  • Data that is no longer required for legal or operational purposes will be erased or anonymized.
  • Some Account Data may continue to exist in backup archives for a limited retention period until the backup is rotated or overwritten.

Account Data is retained in line with the principles of data minimization and storage limitation under UU PDP. We periodically review Account Data to identify information that can be safely deleted or anonymized.

9.2 Billing and Financial Records

“Billing and Financial Records” include invoices, payment confirmations, transaction logs, tax-related documents, and fraud-prevention records linked to financial activity.

These records are retained for at least five (5) years, or longer if required by Indonesian tax, accounting, or financial regulations. The reasons include:

  • Compliance with tax and financial reporting obligations.
  • Support for audits by competent authorities.
  • Evidence in the event of disputes, chargebacks, or legal claims.

Even if you request account deletion, Billing and Financial Records may be retained for the entire legally mandated retention period.
Where possible, data in these records will be limited to what is strictly necessary (e.g., pseudonymized identifiers instead of extensive personal details).

9.3 Technical Logs and Security Data

“Technical Logs and Security Data” include:

  • IP logs
  • Login attempts and authentication events
  • Server performance logs
  • Firewall and security appliance logs
  • DDoS and incident reports

Typical retention periods for such data range between 30 and 180 days, depending on:

  • The operational need to diagnose issues and improve service stability.
  • The security need to detect, analyze, and respond to malicious activities.
  • Legal requirements or orders from law enforcement in specific cases.

When log files are no longer required, they are either:

  • Deleted in full, or
  • Aggregated and anonymized so they can be used for long-term analytics without identifying any individual.

In cases of ongoing investigations related to abuse, fraud, or security incidents, relevant logs may be retained longer until the case is fully resolved or closed.

9.4 Support and Communication Records

“Support and Communication Records” include:

  • Tickets submitted through our support system
  • Email exchanges with our support or legal teams
  • Internal notes relevant to your requests or incidents

These records are typically retained for up to five (5) years from the date of the last interaction. The retention serves to:

  • Provide context for future support requests.
  • Build audit trails for incident handling and dispute resolution.
  • Demonstrate compliance with service and legal obligations.

Where feasible, older support data may be archived and eventually anonymized if detailed personal identifiers are no longer necessary.

9.5 Backups and Disaster Recovery Data

We maintain system backups for disaster recovery and business continuity. These backups may contain snapshots of databases and configuration data, which can include personal data.

Characteristics of backup retention:

  • Backups are stored securely with strict access control.
  • Backup retention periods are predefined (for example, rolling daily, weekly, or monthly backups) and are automatically rotated.
  • When data is deleted or corrected in the primary systems, the older version of that data may still persist in backups until the specific backup instance expires and is overwritten.

Backups are not used for routine access or processing of personal data; they are only accessed for recovery in the event of system failure, data corruption, or major incidents.

9.6 Data Deletion and Anonymization Procedures

When data reaches the end of its retention period or when you exercise your rights (such as the right to erasure), we apply one or more of the following actions:

  • Permanent Deletion: Data is securely removed from active databases and, where feasible, from internal systems.
  • Anonymization: Personal identifiers are irreversibly removed or transformed so that the data can no longer be linked to a specific individual. This allows us to retain statistical or operational information without compromising privacy.
  • Restriction of Access: In cases where immediate deletion is not possible or legally allowed, access to the data is tightly restricted and data is flagged for deletion at the earliest lawful opportunity.

All deletion and anonymization processes are designed to comply with UU PDP and related regulations, ensuring that data is not retained longer than necessary for its lawful purposes.

10. User Rights Under Indonesian Law

Under UU PDP and other applicable regulations, you have the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of data, subject to legal retention obligations.
  • Request restriction of certain processing activities.
  • Withdraw consent for processing that is based solely on consent.
  • Request export of your data in a structured format, where technically feasible.
  • Submit complaints to the relevant regulatory authority (such as Kominfo) if you believe your data has been misused.

We will respond to such requests within a reasonable period, in accordance with the procedures set by law.

11. Children’s Privacy

Syncara Host does not knowingly collect personal data from children under 13 years of age.
If we discover that data from a child under 13 has been collected without verifiable parental consent, we will take steps to delete it promptly.

Users under 18 should obtain permission from a parent or legal guardian before using the Services.

12. International Data Transfers

Your personal data may be transferred to or stored in countries outside Indonesia. In such cases, we ensure that:

  • The destination entity provides an adequate level of data protection.
  • Appropriate contractual safeguards are in place.
  • Data transfers comply with UU PDP and cross-border data provisions.
  • Encryption and security standards are maintained consistently.

13. Third-Party Integrations

We integrate with third parties to support service delivery, such as:

  • Payment gateways and financial service providers
  • Email and notification platforms
  • Fraud detection and risk management tools
  • Status and uptime monitoring services

Each third party processes data under its own privacy policy and legal responsibilities. However, we require that these partners:

  • Implement strong data protection controls
  • Use data only for the specific purposes agreed with Syncara Host
  • Comply with applicable data protection laws

14. Policy Updates

We may revise this Privacy Policy periodically to reflect changes in:

  • Laws and regulations
  • Our services, infrastructure, or business model
  • Security practices and technology

When significant changes occur, we will notify users through one or more of the following:

  • Email notifications
  • Notices on our website
  • Announcements in the user dashboard

Continued use of the Services after changes become effective indicates acceptance of the updated Privacy Policy.

15. Final Provisions

This Privacy Policy is governed by Indonesian law.
Any dispute arising from or related to this Policy or the processing of personal data by Syncara Host will be resolved through:

  1. Internal complaint handling;
  2. Mediation or alternative dispute resolution where appropriate;
  3. The competent courts of the Republic of Indonesia, if necessary.

16. Data Security and Incident Handling

Syncara Host maintains a comprehensive security program designed to safeguard personal data using industry-standard administrative, technical, and physical protections.

If a security incident occurs despite the implementation of appropriate and reasonable safeguards:

  1. We will investigate the nature and scope of the incident.
  2. We will take immediate steps to contain and mitigate any ongoing risk.
  3. We will notify affected users in accordance with Indonesian law and regulatory guidance.
  4. We will cooperate with competent authorities when lawfully required.

Liability related to security incidents is assessed according to Indonesian legal standards and based on whether Syncara Host has fulfilled its regulatory obligations and implemented appropriate security controls.

17. Acceptance

By using Syncara Host, you confirm that you have read, understood, and agreed to this Privacy Policy in full.

18. Contact Information

Email: syncara.host@gmail.com Website: https://syncara.host
Country: Indonesia