# Privacy Policy
Effective Date: 15 May 2025
1. Data Controller & Contact Details
Controller: PT Salam Sehat Indonesia
Address: Jl. H.Mursid No.45A, RT.4/RW.3, Jagakarsa, Kec. Jagakarsa, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12550
DPO Email: [email protected]
General Privacy Inquiries & DSARs: [email protected]
## 2. Scope & Applicability
This Policy applies to all personal data obtained via Meta’s platform APIs (including Facebook Sign-In, Graph API, Marketing API) and any in-app or web interactions where Meta credentials or data are used.
## 3. Legal Basis & GDPR Disclosures
In accordance with GDPR Article 13, we provide the following information:
Purposes of Processing
– User authentication and account management
– Personalization of content and recommendations
– Analytics, performance monitoring, and fraud prevention
Legal Bases
– **Consent** (Art. 6(1)(a) GDPR) for optional features (e.g., marketing communications)
– **Legitimate interests** (Art. 6(1)(f) GDPR) for platform security and core services
**Recipients / Categories of Recipients**
– Internal teams (engineering, support)
– Authorized service providers (analytics, cloud hosting)
International Transfers
Data may be transferred to Meta’s and our servers in the United States under the EU–U.S. Data Privacy Framework or Standard Contractual Clauses.
4. Categories of Data Collected
Via Meta’s Graph and Marketing APIs, we may collect:
1. User Profile Information: id, name, email, profile picture (`/me?fields=id,name,email,picture`)
2. Friends & Connections: friend IDs and names for social features
3. User Content & Activity: posts, likes, comments for personalization and analytics
4. Device & Usage Data: device identifiers, OS version, session timestamps for security
5. Data Subject Rights
Under GDPR Articles 15–22, you have the right to:
– Access your personal data
– Rectify inaccuracies
– Erase (“right to be forgotten”)
– Restrict or object to processing
– Port your data
– Withdraw consent at any time
How to exercise these rights:
Submit a request via email to [email protected] or through our DSAR portal. We will acknowledge your request within 7 days and respond within 30 days.
6. Third-Party Sharing & Data Minimization
We share Meta-derived data only with:
– Analytics providers for measuring app performance
– Cloud hosting & security vendors for data storage and protection
We enforce a strict data-minimization policy: only the minimum fields necessary for each purpose are collected and shared.
7. Data Retention
Data Category : Retention Period
Authentication & access logs : 12 months
User content & analytics : 24 months
Support & DSAR records : 36 months
After the retention period expires, data are securely deleted or irreversibly anonymized.
8. Security Measures
We implement industry-standard safeguards, including:
– AES-256 encryption at rest
– TLS 1.2+ for data in transit
– Role-based access controls and regular audits
– Incident response and breach-notification procedures
9. Policy Updates & Versioning
We may update this Policy to reflect changes in law or processing practices. The “Effective Date” at the top will be revised accordingly, and prior versions will be archived at truedetox.id.
10. Contact Information
For any questions or concerns regarding this Policy or our processing activities, please contact:
Email: [email protected]
Address: PT Salam Sehat Indonesia, Jl. H.Mursid No.45A, RT.4/RW.3, Jagakarsa, Kec. Jagakarsa, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12550
