Home Privacy Policy

Privacy Policy

PT. REPLI KOMUNIKASI DIGITAL

https://dev.repli.net

Last Updated: March 2026

Compliant with Indonesian Personal Data Protection Law
(UU No. 27 Tahun 2022 tentang Pelindungan Data Pribadi)

Table of Contents

1. Introduction

PT. REPLI KOMUNIKASI DIGITAL ("we," "our," "us," or "Company") operates the Repli platform ("Services"), a centralized communication management system that enables businesses to manage their customer communications across multiple channels including WhatsApp, Facebook Messenger, and Instagram from a single platform. Our website and services are accessible at https://dev.repli.net.

We are committed to protecting the privacy and security of all personal data that we process. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Services. This policy applies to all users of our Services, including:

  • Clients: Companies or organizations that subscribe to and use our Services for their business communications.
  • Agents: Individuals employed or authorized by Clients to respond to customer messages through our platform.
  • End-Users: Customers who communicate with our Clients through WhatsApp, Facebook Messenger, or Instagram via our platform.

This Privacy Policy is compliant with Law No. 27 of 2022 on Personal Data Protection (Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi), hereinafter referred to as the "PDP Law," which is the primary data protection regulation in Indonesia.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

  1. "Personal Data" means any data about an identified or identifiable individual, including but not limited to name, email address, phone number, and any other information that can be used to identify that individual.
  2. "Data Controller" means a person, public body, or organization that determines the purpose and means of processing personal data, either independently or jointly with other parties.
  3. "Data Processor" means a person, public body, or organization that processes personal data on behalf of the Data Controller.
  4. "Processing" means any operation performed on personal data, such as collection, storage, alteration, retrieval, use, disclosure, deletion, or destruction.
  5. "Client Data" means all data provided by or on behalf of the Client to the Services, including account information, agent data, and End-User communications.
  6. "End-User" means individuals who communicate with our Clients through the integrated messaging platforms (WhatsApp, Facebook Messenger, Instagram).
  7. "Agent" means individuals employed or authorized by Clients to manage and respond to customer communications through our platform.
  8. "Consent" means the voluntary, informed, and explicit agreement given by a Data Subject to the processing of their Personal Data.

3. Data We Collect

We collect and process various types of data depending on the nature of your relationship with us. The following sections describe the categories of data we collect and the sources from which we collect such data.

3.1 Client Account Data

When you register for an account or use our Services, we collect the following personal data:

  • Identity Information: Full name, username, and profile details provided during registration.
  • Contact Information: Email address and phone number (including country code for regional identification purposes).
  • Authentication Data: Password and security credentials for account access.
  • Payment Information: Billing details and payment method information for subscription services (note: sensitive payment data such as credit card numbers are processed by third-party payment processors; we do not store complete payment card numbers).
  • Company Information: Business name, company address, and other organizational details.

3.2 Agent Data

For individuals designated as Agents by our Clients, we collect and process the following data:

  • Profile Information: Agent name, display name, profile picture, role designation, and contact details.
  • Performance Metrics: Response time, resolution rate, number of conversations handled, customer satisfaction ratings, and other performance indicators.
  • Activity Logs: Login history, session duration, actions taken within the platform, and timestamps of activities.
  • Communication Records: Messages sent and received through the platform on behalf of the Client.

3.3 End-User Communications Data

When End-Users communicate with our Clients through integrated messaging platforms, we process the following data on behalf of our Clients:

  • Message Content: Text messages, emojis, and other content exchanged between End-Users and Agents.
  • Media Files: Images, videos, audio files, documents, and other attachments shared through the messaging platforms.
  • Platform Metadata: Sender/recipient identifiers, timestamps, message status (sent, delivered, read), and platform-specific data from WhatsApp, Facebook Messenger, or Instagram.
  • Contact Information: Phone numbers (for WhatsApp), profile names, and profile pictures provided by the messaging platforms.

3.4 Social Login Data

When you use Google or Facebook social login to access our Services, we receive the following information from these third-party providers:

  • Google: Name, email address, and profile picture associated with your Google account.
  • Facebook: Name, email address, and profile picture associated with your Facebook account.

The scope of information collected via social login is determined by the permissions you grant to our application through these platforms.

4. How We Use Your Data

We use the personal data we collect for the following purposes, in accordance with the legal bases established under the PDP Law:

4.1 Service Delivery and Operations

We process your personal data to provide, maintain, and improve our Services, including:

  1. Creating and managing user accounts and authentication.
  2. Facilitating communication between Agents and End-Users across integrated messaging platforms.
  3. Storing and managing message content and media files.
  4. Processing payments and managing subscriptions.
  5. Providing technical support and troubleshooting.

4.2 Analytics and Insights

We generate analytics and insights for our Clients to help them understand their communication patterns and improve their customer service:

  1. Conversation analytics: Message volumes, response times, and resolution rates.
  2. Agent performance reports: Individual and team performance metrics.
  3. Customer satisfaction analysis: Feedback and satisfaction ratings from End-Users.
  4. Communication trends: Peak times, common inquiries, and communication patterns.

4.3 Marketing Communications (Future)

In the future, we intend to use collected data for marketing purposes to promote our Services. This will only be done with your explicit prior consent, and you will have the right to opt-out of such communications at any time. We will update this Privacy Policy before implementing any marketing use of personal data.

4.4 Legal and Security Purposes

We may process personal data to comply with legal obligations, protect our rights and the rights of our users, and ensure the security of our Services:

  1. Compliance with applicable laws, regulations, and legal processes.
  2. Detection and prevention of fraud, abuse, and security threats.
  3. Protection of our legal rights and enforcement of our agreements.

5. Our Role in Data Processing

5.1 Data Controller

For the following categories of personal data, we act as the Data Controller under the PDP Law:

  • Client account information and credentials.
  • Agent profile data and performance metrics.
  • Aggregated analytics data used for service improvement.

As a Data Controller, we determine the purposes and means of processing this personal data and are responsible for ensuring compliance with the PDP Law.

5.2 Data Processor

For End-User communications data (messages, media files, and related metadata), we act as a Data Processor on behalf of our Clients, who are the Data Controllers for this data. In this capacity:

  • We process End-User data solely according to the instructions of our Clients.
  • We do not use End-User data for our own purposes without explicit authorization.
  • Clients retain ownership and control over their End-User data.
  • Clients are responsible for ensuring they have appropriate legal bases for processing End-User data.

5.3 Client Responsibilities

As a Client, you acknowledge and agree to the following responsibilities:

  1. You will obtain necessary consents from End-Users and Agents before processing their personal data through our Services.
  2. You will provide appropriate privacy notices to End-Users and Agents regarding the processing of their data.
  3. You will ensure that your use of our Services complies with all applicable data protection laws, including the PDP Law.
  4. You will respond to requests from End-Users and Agents regarding their personal data rights.

6. Data Sharing & Third-Party Services

6.1 Third-Party Service Providers

We use the following third-party service providers to deliver our Services:

ProviderServicePurpose
Meta/FacebookWhatsApp, Messenger, Instagram APISending/receiving messages via integrated platforms
GoogleSocial LoginUser authentication via Google account
FacebookSocial LoginUser authentication via Facebook account
CloudflareR2/S3 StorageStorage of media files (images, videos, documents)
HostingerWeb HostingServer hosting and infrastructure

These third-party providers process data on our behalf and are bound by contractual obligations to protect personal data in accordance with applicable data protection laws. We do not sell your personal data to any third parties.

6.2 No Sale of Personal Data

We do not sell, rent, or trade personal data to any third parties for marketing or any other purposes. We only share personal data as described in this Privacy Policy, including with service providers who assist us in operating our Services and as required by law.

7. Data Storage & Retention

7.1 Data Storage Location

Your data is stored in the following locations:

  • Application and Database: Hosted on Hostinger servers.
  • Media Files (images, videos, documents): Stored in Cloudflare R2 (S3-compatible) storage.
  • Message Content: Processed through Meta/Facebook APIs and stored in our database.

7.2 Data Retention Period

Currently, we retain personal data, including messages and media files, for an indefinite period while your account is active. This allows Clients to maintain complete conversation histories and access historical data for analytics purposes.

We plan to implement a defined data retention policy in the future to optimize application performance. When this policy is implemented, we will:

  1. Provide advance notice to all Clients before any changes take effect.
  2. Offer options for Clients to export or archive their data before deletion.
  3. Update this Privacy Policy to reflect the new retention periods.

8. Your Rights Under Indonesian PDP Law

Under Law No. 27 of 2022 on Personal Data Protection (PDP Law), you have the following rights regarding your personal data:

8.1 Right to Access

You have the right to obtain confirmation from us regarding whether we process your personal data, and if so, to access and obtain a copy of that data in a comprehensible format.

8.2 Right to Correction

You have the right to request correction or updating of inaccurate, incomplete, inaccurate, or misleading personal data. We will correct such data within a reasonable timeframe upon verification of your identity.

8.3 Right to Deletion

You have the right to request the deletion of your personal data under certain circumstances, including when the data is no longer necessary for its original purpose, you withdraw consent, or the processing is unlawful. Upon account deletion, we will remove your personal data from our active systems.

8.4 Right to Data Portability

You have the right to request the transfer of your personal data to another data controller in a structured, commonly used, and machine-readable format, where technically feasible.

8.5 Right to Withdraw Consent

Where we process your personal data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

8.6 Right to Object

You have the right to object to the processing of your personal data based on legitimate interests, and we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

8.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@repli.net. We will respond to your request within a reasonable timeframe, typically within 14 business days, in accordance with PDP Law requirements. We may require verification of your identity before processing your request.

9. Data Security

9.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols.
  • Secure storage of passwords using industry-standard hashing algorithms.
  • Access controls limiting data access to authorized personnel only.
  • Regular security monitoring and vulnerability assessments.
  • Secure infrastructure through our hosting provider.

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

9.2 Data Breach Notification

In accordance with Article 46 of the PDP Law, in the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant data protection authority within 3 x 24 hours (72 hours) after becoming aware of the breach. The notification will include:

  • The nature of the breach and categories of data affected.
  • The likely consequences of the breach.
  • The measures we are taking to address the breach.
  • Contact information for further inquiries.

10. Children's Privacy

Our Services are designed for business use and are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. However, as our platform processes communications between Clients and their customers, it is possible that End-Users may include minors.

Clients are responsible for ensuring compliance with applicable laws regarding the collection and processing of personal data from minors in their communications. We encourage Clients to implement appropriate age verification measures where relevant to their business operations.

11. Cookies & Tracking Technologies

Current Status: We currently do not use cookies or other tracking technologies on our platform.

Future Implementation: We plan to implement cookies and similar tracking technologies in the future for marketing purposes. When this occurs, we will:

  • Obtain your explicit consent before placing non-essential cookies on your device.
  • Provide clear information about the purposes of each type of cookie.
  • Allow you to manage your cookie preferences through browser settings and our platform.
  • Update this Privacy Policy with a dedicated Cookie Policy section.

12. International Data Transfers

As our platform integrates with Meta/Facebook APIs (WhatsApp, Facebook Messenger, Instagram), some data may be processed by Meta's servers located outside Indonesia. Meta's data processing practices are governed by their own privacy policies and applicable laws.

For any international transfers of personal data, we ensure appropriate safeguards are in place in accordance with the PDP Law, including standard contractual clauses or other legally recognized mechanisms to ensure an adequate level of protection for your personal data.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will:

  • Update the "Last Updated" date at the top of this policy.
  • Notify you through our Services or via email for significant changes.
  • Provide an opportunity to review the updated policy before changes take effect.

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Company:PT. REPLI KOMUNIKASI DIGITAL
Website:https://dev.repli.net
Email:support@repli.net

For requests related to exercising your data protection rights, please include "Data Rights Request" in the subject line of your email and provide sufficient information to verify your identity.

We are committed to addressing your inquiries and concerns promptly and in compliance with the PDP Law and other applicable regulations.

© 2026 PT. REPLI KOMUNIKASI DIGITAL. All rights reserved.