Privacy Policy

Effective Date: 2 January 2024

Last Updated: 3 January 2025

At Jutsoo, protecting your business and data is our top priority. This Privacy Policy describes how we collect, use, store, and secure personal and business data in compliance with Indonesia’s Personal Data Protection (PDP) Law, ISO 27001 standards, and global data protection frameworks. It is designed to meet the expectations of enterprise clients seeking robust data governance, confidentiality, and security.

1. Scope and Applicability

This Privacy Policy applies to all data processed by Jutsoo in connection with the delivery of our treasury management solutions and associated services to enterprise clients. It governs data interactions through our platform, APIs, and associated technologies.

2. Types of Data We Collect

Business Data: Company name, registration details, business identifiers; names and roles of authorized personnel; business contact details (e.g., email addresses, phone numbers).
Financial Data: Bank account information, payment records, transaction history; integration data from third-party financial platforms.
Technical and Usage Data: Device identifiers, IP addresses, operating systems, browser types; usage logs, API calls, and system interactions.
Authentication Data: User credentials (encrypted) and authentication logs; Multi-factor authentication (MFA) tokens.

We do not process sensitive personal data unless required by law or explicitly agreed upon.

3. Data Collection Methods

Direct Provision by Clients: During account registration, implementation, or service inquiries.
Automated Data Collection: Through cookies, server logs, and platform analytics to enhance service quality and security.
Third-Party Integrations: From authorized platforms and partners, with client consent or instruction.

4. Purpose and Legal Basis for Processing

Service Delivery: To enable secure access to financial tools and APIs; to facilitate platform performance, reporting, and analytics.
Regulatory Compliance: To meet legal, tax, or anti-money laundering obligations.
Security and Risk Management: To monitor and prevent unauthorized access, fraud, or malicious activity.
Optimization and Innovation: To enhance platform features and functionality through aggregated insights.

The legal basis for processing includes contractual necessity, regulatory compliance, and legitimate business interests, as defined under applicable laws.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Enhance Functionality: Ensure smooth navigation and operation of our platform.
Personalize User Experience: Tailor content and interactions to client preferences.
Conduct Analytics: Collect aggregated data to improve system performance and reliability.
Strengthen Security: Identify potential security risks and unauthorized access attempts.

Types of Cookies Used

Essential Cookies: Required for the operation of our platform (e.g., login authentication).
Performance Cookies: Analyze platform performance and usage patterns.
Functional Cookies: Store preferences for a seamless user experience.

Managing Cookies: You can manage or disable cookies through your browser settings. Disabling certain cookies may impact platform functionality and user experience.

6. Data Retention Policy

We adhere to industry-leading retention practices to minimize data storage duration:

Transactional data is retained for as long as necessary for service delivery and regulatory compliance.
Business data is archived or anonymized after the conclusion of client engagements, as legally permitted.

Upon client request or agreement termination, we will securely delete or anonymize all associated data unless otherwise mandated by law.

7. Enterprise-Grade Data Security

Jutsoo upholds ISO 27001-certified processes to ensure the highest standards of data security:

Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Access Control: Role-based access and Multi-Factor Authentication (MFA) ensure only authorized personnel can access sensitive data.
Incident Management: Proactive monitoring and defined incident response protocols protect against breaches.
Regular Audits: Ongoing internal and third-party audits verify system integrity and compliance.

8. Enterprise Client Rights

In alignment with the PDP Law and global standards, enterprise clients and their authorized users have the right to:

Access and Portability: Obtain a copy of processed data in a structured format.
Correction and Rectification: Request corrections to inaccurate or outdated data.
Deletion: Request secure deletion of data when no longer necessary.
Processing Restriction: Limit specific data processing activities.
Consent Management: Manage or withdraw consent for discretionary data uses.

To exercise these rights, contact our Data Protection Officer at privacy@jutsoo.com.

9. Data Sharing and International Transfers

Trusted Third-Party Service Providers

We engage vetted third-party providers (e.g., cloud services, analytics, payment processors) under strict confidentiality agreements.

Cross-Border Transfers

Where international data transfers are necessary, we:

Verify adequacy of data protection standards in recipient jurisdictions.
Implement data transfer agreements in line with PDP Law and global frameworks.

10. Incident Response and Breach Notification

We maintain robust incident response plans to address data breaches promptly:

Notification to affected clients and regulatory authorities occurs within 72 hours, as mandated by law.
Detailed root cause analysis and remediation plans are provided to clients post-incident.

11. Policy Updates

Jutsoo reviews and updates this Privacy Policy periodically to reflect operational changes, technological advancements, and legal developments. Clients will be notified of significant updates via our platform or email.

12. Contact Information

For inquiries regarding this Privacy Policy or data protection matters, contact us at:

Data Protection Officer: privacy@jutsoo.com
General Inquiries: legal@jutsoo.com