Skip to main content
Pasal.id

Privacy Policy

Effective date: March 15, 2026

Introduction

Pasal.id ("we") is operated by Ilham Firdausi Putra. This policy explains how we collect, use, and protect your personal data in accordance with Indonesia's Personal Data Protection Law (UU No. 27/2022, "UU PDP").

Data Collected

We collect the following data through OAuth login: name, email address, and profile picture from your OAuth provider (Google). We also store bookmark data (regulations you save) and anonymous article visit tracking cookies (pasal_visited, 30-day expiry).

Purpose of Data Collection

Your data is used for: personalization (bookmarks), platform usage analytics, and service-related communications. We do not sell your data and do not display advertisements.

Legal Basis

Data collection is based on your consent at login (UU PDP Article 20). You may withdraw consent at any time by deleting your account.

Data Subject Rights

You have the right to: access your data (via the /akun page), correct your data (via your OAuth provider), delete all your data (via the delete account button), obtain a copy of your data, and withdraw consent. We commit to responding to your requests within 72 hours.

Data Retention

Data is retained while your account is active. After account deletion, all data is deleted within 30 days. Anonymous cookies expire automatically after 30 days.

Cross-Border Data Transfer

Your data is stored on Supabase (Singapore region). Singapore has the Personal Data Protection Act (PDPA) which provides comparable protection to Indonesia's UU PDP. Transfer is based on your consent at login.

Data Security

Data is encrypted at rest and in transit (TLS). Row Level Security (RLS) is enforced on all database tables to ensure users can only access their own data.

Third Parties

We only share data with OAuth providers (Google) for authentication purposes. No data is sold or shared for advertising purposes.

Cookies

We use: session cookies (httpOnly, for Supabase authentication) and the pasal_visited cookie (httpOnly, anonymous article tracking, 30-day expiry). We do not use third-party tracking cookies.

Data Breach Notification

In the event of a data breach, we will notify you and relevant authorities within 72 hours per UU PDP Article 46.

Contact

For privacy-related inquiries, contact us at privasi@pasal.id.

Language

In case of discrepancy between the Indonesian and English versions, the Indonesian version shall prevail.