Bahasa Indonesia

Legal

Kebijakan Privasi

Terakhir diperbarui: 15 Mei 2026 · scale.co.id

Scale (PT SKI, "kami") berkomitmen untuk melindungi privasi setiap pengguna platform kami — baik Merchant maupun Pembeli. Kebijakan Privasi ini menjelaskan data apa yang kami kumpulkan, bagaimana kami menggunakannya, dengan siapa data dibagikan, dan hak-hak Anda terkait data pribadi Anda. Dengan menggunakan layanan Scale, Anda menyetujui praktik yang dijelaskan dalam kebijakan ini.

Data yang Kami Kumpulkan

A. Data Merchant

Data	Keterangan
Nama lengkap	Identitas pemilik akun Merchant
Alamat email	Login, notifikasi, komunikasi platform
Password (terenkripsi)	Disimpan dalam bentuk hash bcrypt, tidak pernah plaintext
Nomor WhatsApp	Jika diberikan, untuk keperluan dukungan
Slug/URL toko	Identitas unik halaman Merchant
Custom domain	Jika Merchant mendaftarkan domain kustom
Xendit Account ID	ID sub-akun Xendit Merchant untuk pemrosesan pembayaran
Konten platform	Teks produk, gambar, video, file, konfigurasi checkout & landing page

B. Data Pembeli (dikumpulkan saat checkout)

Data	Keterangan
Nama lengkap	Identitas Pembeli untuk transaksi
Alamat email	Pengiriman konfirmasi pembayaran & akses member
Nomor WhatsApp	Komunikasi tindak lanjut oleh Merchant
Password (terenkripsi)	Akun member area, disimpan dalam hash bcrypt
Data transaksi	Jumlah pembayaran, metode pembayaran, status, timestamp
Invoice ID Xendit	Referensi pembayaran eksternal

C. Data Teknis (dikumpulkan otomatis)

Data	Keterangan
Session ID	Untuk tracking funnel (checkout_view, payment_view, upsell_view)
Timestamp akses	Untuk analitik dan audit trail
IP Address	Ditangkap oleh server untuk keamanan (tidak disimpan secara eksplisit di DB)

Bagaimana Kami Menggunakan Data

Operasional Layanan

Memproses transaksi, mengaktifkan akun Merchant, memberikan akses member area kepada Pembeli, mengirimkan email konfirmasi dan akses konten.

Komunikasi

Mengirim email notifikasi sistem (konfirmasi pembayaran, aktivasi akun, perubahan layanan), dan email follow-up sequence yang dikonfigurasi oleh Merchant kepada Pembeli mereka.

Analitik Platform

Data funnel events (checkout_view, payment_view, upsell_view) digunakan untuk menghitung statistik dashboard Merchant (revenue, conversion rate, AOV, customer journey). Data ini tidak dibagikan kepada pihak ketiga untuk tujuan iklan.

Keamanan & Antifraud

Memantau aktivitas mencurigakan, mencegah akses tidak sah, dan melindungi integritas platform.

Kepatuhan Hukum

Menyimpan data transaksi sesuai ketentuan hukum perpajakan dan keuangan Indonesia yang berlaku.

Berbagi Data dengan Pihak Ketiga

Kami tidak menjual data pribadi pengguna kepada pihak ketiga manapun. Data dibagikan hanya kepada penyedia layanan berikut dalam rangka operasional platform:

Pihak Ketiga	Data yang Dibagikan	Tujuan
Xendit	Nama, email Pembeli, jumlah transaksi	Pemrosesan pembayaran & onboarding Merchant
Bunny.net	File & video konten Merchant	Hosting & streaming video/file digital
Amazon SES (AWS)	Nama, email penerima, isi email	Pengiriman email transaksional & notifikasi
Meta (Facebook) CAPI	Data event pembelian (hashed email, nilai transaksi)	Pengukuran iklan — hanya jika Merchant mengaktifkan Facebook Pixel & CAPI

Setiap penyedia layanan di atas terikat perjanjian kerahasiaan dan diharuskan menggunakan data hanya untuk tujuan yang disebutkan. Untuk data Meta CAPI, pengiriman dilakukan hanya atas konfigurasi Merchant dan berdasarkan persetujuan implisit Pembeli saat bertransaksi di halaman checkout Merchant.

Penyimpanan & Keamanan Data

Lokasi Server

Data disimpan di server VPS yang berlokasi di Indonesia dan/atau wilayah yang ditentukan oleh penyedia cloud kami.

Enkripsi Password

Seluruh password (Merchant dan Pembeli) disimpan menggunakan algoritma hash bcrypt. Kami tidak menyimpan password dalam bentuk plaintext.

Keamanan Akses

Akses ke dashboard Merchant dilindungi oleh autentikasi sesi. Akses member area Pembeli menggunakan sesi yang terisolasi per Merchant. Webhook Xendit diverifikasi menggunakan token rahasia.

Retensi Data

Data transaksi disimpan selama diperlukan untuk keperluan akuntansi dan kepatuhan hukum (minimal 5 tahun). Data akun Merchant yang dinonaktifkan dapat dihapus setelah 90 hari sejak penonaktifan atas permintaan Merchant.

Cookie & Penyimpanan Lokal

Session Cookie

Kami menggunakan cookie sesi (ckit_session) untuk mempertahankan status login Merchant dan Pembeli. Cookie ini bersifat session-only dan dihapus saat browser ditutup.

localStorage Browser

Halaman checkout menggunakan localStorage browser untuk menyimpan status countdown timer. Data ini tersimpan hanya di perangkat Pembeli dan tidak dikirim ke server kami.

Cookie Pihak Ketiga

Jika Merchant mengaktifkan Facebook Pixel, script pixel dari Meta akan berjalan di halaman checkout Merchant dan dapat menetapkan cookie Meta di browser Pembeli, tunduk pada kebijakan privasi Meta.

Hak Pengguna atas Data Pribadi

Sesuai dengan prinsip perlindungan data, Anda memiliki hak berikut:

Hak Akses: Meminta salinan data pribadi Anda yang kami simpan.
Hak Koreksi: Meminta perbaikan data yang tidak akurat atau tidak lengkap.
Hak Penghapusan: Meminta penghapusan data pribadi Anda, sejauh tidak bertentangan dengan kewajiban hukum kami.
Hak Portabilitas: Meminta data Anda dalam format yang dapat dibaca mesin.
Hak Keberatan: Mengajukan keberatan atas pemrosesan data untuk tujuan tertentu.

Untuk menggunakan hak-hak di atas, kirimkan permintaan ke cs@scale.co.id. Kami akan merespons dalam 14 hari kerja.

Data Anak-anak

Layanan Scale tidak ditujukan kepada individu di bawah usia 18 tahun. Kami tidak dengan sengaja mengumpulkan data pribadi dari anak-anak. Jika Anda mengetahui bahwa anak di bawah umur telah memberikan data pribadi kepada kami, silakan hubungi kami segera agar kami dapat menghapus data tersebut.

Perubahan Kebijakan Privasi

Kami dapat memperbarui Kebijakan Privasi ini dari waktu ke waktu. Perubahan material akan dinotifikasikan melalui email yang terdaftar setidaknya 7 hari sebelum berlaku. Tanggal pembaruan terakhir selalu tercantum di bagian atas halaman ini.

Kontak Privasi

Untuk pertanyaan, permintaan, atau keberatan terkait data pribadi Anda:

Emailcs@scale.co.id

WhatsApp081290543335

AlamatAirmadidi RT 001 RW 009, Kel. Airmadidi Atas, Kec. Airmadidi, Kab. Minahasa Utara, 95371, Sulawesi Utara — Indonesia

English

Legal

Privacy Policy

Last updated: May 15, 2026 · scale.co.id

Scale (PT SKI, "we" / "us") is committed to protecting the privacy of every user of our platform — both Merchants and Buyers. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your personal data. By using Scale's services, you consent to the practices described in this policy.

Data We Collect

A. Merchant Data

Data	Details
Full name	Identity of the Merchant account holder
Email address	Login, notifications, platform communications
Password (encrypted)	Stored as a bcrypt hash — never in plaintext
WhatsApp number	If provided, for support purposes
Store slug/URL	Unique identifier for the Merchant's storefront
Custom domain	If the Merchant registers a custom domain
Xendit Account ID	Merchant's Xendit sub-account ID for payment processing
Platform content	Product text, images, videos, files, checkout & landing page configurations

B. Buyer Data (collected at checkout)

Data	Details
Full name	Buyer identity for the transaction
Email address	Delivery of payment confirmation & member access
WhatsApp number	Follow-up communication by the Merchant
Password (encrypted)	Member area account, stored as bcrypt hash
Transaction data	Payment amount, payment method, status, timestamp
Xendit Invoice ID	External payment reference

C. Technical Data (automatically collected)

Data	Details
Session ID	For funnel tracking (checkout_view, payment_view, upsell_view)
Access timestamps	For analytics and audit trail
IP Address	Captured by the server for security purposes (not explicitly stored in the database)

How We Use Your Data

Service Operations

Processing transactions, activating Merchant accounts, granting Buyers access to member areas, and sending confirmation and content access emails.

Communications

Sending system notification emails (payment confirmation, account activation, service changes) and follow-up email sequences configured by Merchants to their Buyers.

Platform Analytics

Funnel event data (checkout_view, payment_view, upsell_view) is used to calculate Merchant dashboard statistics (revenue, conversion rate, AOV, customer journey). This data is not shared with third parties for advertising purposes.

Security & Anti-Fraud

Monitoring suspicious activity, preventing unauthorized access, and protecting the integrity of the platform.

Legal Compliance

Retaining transaction data in accordance with applicable Indonesian tax and financial regulations.

Sharing Data with Third Parties

We do not sell user personal data to any third party. Data is shared only with the following service providers in the course of operating the platform:

Third Party	Data Shared	Purpose
Xendit	Buyer name, email, transaction amount	Payment processing & Merchant onboarding
Bunny.net	Merchant content files & videos	Hosting & streaming of digital video/files
Amazon SES (AWS)	Recipient name, email, email body	Transactional email & notification delivery
Meta (Facebook) CAPI	Purchase event data (hashed email, transaction value)	Ad measurement — only if Merchant enables Facebook Pixel & CAPI

Each service provider above is bound by confidentiality agreements and is required to use data only for the stated purposes. For Meta CAPI data, transmission occurs only upon Merchant configuration and based on the Buyer's implicit consent when transacting on the Merchant's checkout page.

Data Storage & Security

Server Location

Data is stored on VPS servers located in Indonesia and/or regions determined by our cloud provider.

Password Encryption

All passwords (Merchant and Buyer) are stored using the bcrypt hashing algorithm. We do not store passwords in plaintext.

Access Security

Merchant dashboard access is protected by session authentication. Buyer member area access uses sessions isolated per Merchant. Xendit webhooks are verified using a secret token.

Data Retention

Transaction data is retained as long as required for accounting and legal compliance purposes (minimum 5 years). Data from deactivated Merchant accounts may be deleted 90 days after deactivation upon Merchant request.

Cookies & Local Storage

Session Cookie

We use a session cookie (ckit_session) to maintain the login state of Merchants and Buyers. This cookie is session-only and is deleted when the browser is closed.

Browser localStorage

Checkout pages use the browser's localStorage to store countdown timer state. This data is stored only on the Buyer's device and is not sent to our servers.

Third-Party Cookies

If a Merchant enables Facebook Pixel, Meta's pixel script will run on the Merchant's checkout page and may set Meta cookies in the Buyer's browser, subject to Meta's own privacy policy.

Your Rights Over Personal Data

In accordance with data protection principles, you have the following rights:

Right of Access: Request a copy of the personal data we hold about you.
Right of Rectification: Request correction of inaccurate or incomplete data.
Right of Erasure: Request deletion of your personal data, to the extent it does not conflict with our legal obligations.
Right of Portability: Request your data in a machine-readable format.
Right to Object: Object to processing of your data for specific purposes.

To exercise any of these rights, send your request to cs@scale.co.id. We will respond within 14 business days.

Children's Privacy

Scale's services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a minor has provided personal data to us, please contact us immediately so we can delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via the registered email address at least 7 days before taking effect. The date of the most recent update is always displayed at the top of this page.

Privacy Contact

For questions, requests, or objections regarding your personal data:

Emailcs@scale.co.id

WhatsApp081290543335

AddressAirmadidi RT 001 RW 009, Kel. Airmadidi Atas, Kec. Airmadidi, Kab. Minahasa Utara, 95371, North Sulawesi — Indonesia