XerAds

Legal

Privacy Policy

Last updated: April 1, 2025 · Applies to: XerAds Platform by XerAds

Quick summary: We collect the data needed to run the service securely and reliably. We do not sell your data. You have the right to access, update, and request deletion of your data at any time.

1. Data We Collect

We collect the following data to provide, secure, and improve the XerAds Platform service:

  • Account Data: Name, email address, password (encrypted), and profile picture.
  • Usage Data: Features used, pages visited, and activity time to improve the service.
  • Third-Party Integration Data: Access tokens for Google Search Console, Google Analytics 4, WordPress, and social media accounts you connect voluntarily.
  • Social Media Data (Meta/Facebook): When you connect a Facebook/Instagram account, we receive access tokens to post content on your behalf. We store these tokens encrypted and do not use them outside the posting functions you authorize.
  • Payment Data: Transaction information processed by Xendit. We do not store your credit card or bank account details.
  • Technical Data: IP address, browser type, and operating system for security and diagnostic purposes.

2. How We Use Your Data

Your data is used in a limited and targeted way to:

  • Provide and operate the XerAds Platform service
  • Process payments and manage subscriptions
  • Send important service notifications (not unauthorized promotions)
  • Improve platform features and performance
  • Fulfill legal obligations applicable in Indonesia (UU PDP)

We do not sell, rent, or share your personal data with third parties for commercial purposes.

3. Facebook & Instagram Data (Meta)

When you connect a Facebook or Instagram account through the Social Media Studio feature:

  • We request permission to post content on behalf of your Facebook/Instagram page
  • We do not access private messages, friend data, or other information beyond what is required for the posting feature
  • Access tokens are stored encrypted and can be revoked by you at any time through the Settings menu
  • You can request deletion of data related to your Facebook account through the Data Deletion page

4. Data Security

We implement adequate technical and organizational security layers:

  • Encryption of sensitive data (at-rest and in-transit using TLS 1.3)
  • Data access is restricted to authorized personnel only
  • Infrastructure on Google Cloud Platform with enterprise security standards
  • Audit logs for every access to sensitive data

5. Your Rights (UU PDP Indonesia)

In accordance with the Personal Data Protection Law (Law No. 27 of 2022), you have the right to:

  • Access: Request a copy of the personal data we store about you
  • Correction: Update inaccurate data through the Settings menu
  • Deletion: Request deletion of your account and all your data
  • Portability: Request an export of your data in a machine-readable format
  • Withdrawal of Consent: Revoke third-party integration permissions at any time

To submit a request, contact us on the contact page or email privacy@xerads.id.

6. Cookies

We use cookies to maintain login sessions and store your preferences. We do not use cookies for advertising or cross-site tracking. More details are available in the Cookie Policy.

7. Data Retention

We store account data as long as your account is active. After an account is deleted, data will be permanently deleted within 30 days, unless required by law to be stored longer (e.g., transaction data for 5 years in accordance with Indonesian tax regulations).

8. Policy Changes

We will notify you via email or platform notification at least 14 days before significant changes to this policy take effect.

9. Contact Us

For questions about this privacy policy or to submit a data-related request: