Privacy Policy

01 Information We Collect

We collect the following categories of information when you access or use our services:

02 How We Use Information

We use your information for the following purposes:

• Deliver, operate, and improve our AI SaaS platforms and services
• Authenticate your identity and manage your account access
• Process payments and manage subscription billing
• Provide technical support, respond to inquiries, and resolve issues
• Send service notifications, product updates, and security alerts
• Analyze platform performance and improve AI model accuracy through internal research
• Comply with applicable laws, regulations, and legal obligations
• Detect, prevent, and respond to fraud, abuse, or security threats

We do not sell your personal data to third parties for marketing purposes.

03 Data Sharing & Disclosure

We may share your data only in the following limited circumstances:

• Service providers: Trusted vendors who assist in delivering our services (cloud infrastructure, payment processing, support tools), bound by data processing agreements
• Microsoft: If you access our services via Microsoft Azure Marketplace, limited account and subscription data is shared with Microsoft as required for marketplace transactions
• Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity
• Legal compliance: When required by law, court order, or government authority in Indonesia or other applicable jurisdictions

We do not share customer-uploaded content (streams, datasets, images) with any third party without explicit written consent.

04 Data Security

We implement enterprise-grade security measures to protect your data:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and multi-factor authentication
• Regular security audits, penetration testing, and vulnerability assessments
• Isolated customer environments to prevent cross-tenant data exposure
• Incident response procedures with breach notification protocols

While we employ industry best practices, no system is 100% secure. Please report any suspected security issues to security@tarrasmart.com.

05 Data Retention

We retain your data for as long as necessary to provide services and comply with legal obligations:

• Account data: Retained for the duration of your subscription plus 90 days after termination
• Customer content: Retained per your configured data lifecycle policy or deleted within 30 days of account closure
• Usage logs: Retained for up to 12 months for security and performance analysis
• Billing records: Retained for 7 years as required by Indonesian tax and accounting regulations

You may request earlier deletion of your data by contacting privacy@tarrasmart.com.

06 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your data for certain purposes
• Restriction: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, contact privacy@tarrasmart.com. We will respond within 30 days.

07 International Data Transfers

Tarrasmart is headquartered in Jakarta, Indonesia and operates services across 6+ countries. Your data may be processed in countries outside your home jurisdiction, including countries where our cloud infrastructure partners operate (AWS, GCP, Azure regions).

When transferring data internationally, we ensure appropriate safeguards are in place, including data processing agreements and standard contractual clauses consistent with applicable data protection laws.

08 Cookies & Tracking Technologies

Our web platforms use cookies and similar technologies for the following purposes:

• Essential cookies: Required for platform authentication and session management
• Analytics cookies: Help us understand how users interact with our platform
• Preference cookies: Remember your settings and configuration preferences

You can control cookie settings through your browser. Disabling certain cookies may impact platform functionality.

09 Third-Party Services

Our platforms may integrate with or link to third-party services. This policy does not cover third-party practices. We recommend reviewing the privacy policies of any third-party services you use alongside our platform, including:

• Microsoft Azure & Microsoft Marketplace
• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Payment processors and billing providers

10 Children's Privacy

Our services are designed for enterprise and business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at privacy@tarrasmart.com.

11 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered account holders
• Displaying an in-platform notification for significant changes

Continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

12 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: