Back to home

Privacy Policy

Effective: 28 April 2026

This Privacy Policy explains how dokumenhalal.com collects, uses, and protects your Personal Data in line with Indonesia's Law No. 27 of 2022 on Personal Data Protection (UU PDP). By using our service, you agree to the practices described here.

1. Data We Collect

We collect: (a) account identity (name, email, hashed password, optional phone number); (b) SME data (business name, NIB, NPWP, address, KBLI, owner name, ingredient list, supplier halal certificates); (c) technical data (IP address, user-agent, encrypted activity logs); (d) communications (transactional and support email). We do not collect sensitive religious or biometric data.

2. Purposes of Processing

Personal Data is processed to: (a) provide SJPH document generation; (b) authenticate and secure your account; (c) communicate service and regulatory updates; (d) meet legal obligations including audits and lawful requests from BPJPH or authorities; (e) improve the service via aggregate, non-identifying analytics.

3. Legal Basis for Processing

Processing is based on Article 20 of UU PDP: (a) your explicit consent at sign-up; (b) performance of the service contract; (c) compliance with our legal obligations as Data Controller; and (d) our legitimate interest in protecting the service from misuse.

4. Sharing with Third Parties

We do not sell your Personal Data. We share data only with: (a) infrastructure providers (Contabo VPS, Cloudflare, Resend for email, Backblaze B2 for backups) bound by confidentiality; (b) AI providers that process anonymized prompts for document generation; (c) lawful authorities pursuant to a valid request. These third parties act as Data Processors under Article 51 of UU PDP.

5. Data Retention

Active account data is kept while your account is active. After account termination, core Personal Data is deleted within 90 days, except data we must keep for legal compliance (audit logs, tax invoices) which is retained per legal minimums — typically 5 years for tax documents and 10 years for audit logs.

6. Your Rights as a Data Subject

Under Articles 5–13 of UU PDP, you have the right to: (a) access your Personal Data; (b) update or correct inaccurate data; (c) withdraw consent and terminate your account; (d) request deletion (right to be forgotten); (e) request data portability in a machine-readable format; (f) object to processing for specific purposes; (g) lodge a complaint with the Personal Data Protection Authority. Send requests to [email protected] — we respond within 14 working days.

7. Data Security

We apply technical and organisational controls aligned with the ISO/IEC 27001:2022 Annex A baseline: TLS 1.3 in transit, at-rest encryption on storage, argon2id password hashing, role-based access control, tamper-evident audit logs, encrypted off-site backups, and periodic restore drills.

8. Cookies and Tracking

We use essential cookies for session authentication and security. We use privacy-first analytics (Plausible) that do not identify individuals. We do not use third-party advertising trackers.

9. Children

The service is intended for business operators aged 18 or older or who are otherwise legally competent. We do not knowingly collect data from children under 18. If you believe we have stored a child's data without parental consent, contact us for removal.

10. Policy Changes

We may update this Privacy Policy. For material changes, we provide at least 30 days' prior notice via email or in-app notice. The latest effective date is shown at the top of this page.

Data Protection Officer (DPO) contact: [email protected] — or [email protected] for general privacy questions.

dokumenhalal.com is an independent private service that helps businesses prepare Halal Product Assurance System (SJPH) documents. We are not part of and not affiliated with BPJPH, the Ministry of Religious Affairs of Indonesia, LPH, or MUI. Halal certificates are issued only by BPJPH through SiHalal at ptsp.halal.go.id.

Contact via WhatsApp