Privacy Policy

Last updated: January 23, 2026

At Gapaian ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Resume Builder and Cover Letter creation services (collectively, the "Services"). By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Introduction and Scope

This Privacy Policy applies to all information collected through our website, mobile applications, and any other services provided by Gapaian. It describes our practices regarding the collection, use, and disclosure of information when you:

  • Visit our website or use our mobile applications
  • Create an account or register for our Services
  • Use our Resume Builder to create, edit, or manage your resume
  • Use our Cover Letter creation tools and services
  • Use our Career Dashboard to analyze career readiness and receive gap analysis assessments
  • Interact with our customer support team
  • Subscribe to our newsletters or marketing communications
  • Participate in surveys, contests, or promotional activities

This Privacy Policy does not apply to information collected by third-party websites, services, or applications that may be linked to or accessible from our Services. We encourage you to review the privacy policies of any third-party services you access.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you use our Services:

Account Information:

  • Full name, email address, and password
  • Phone number (optional)
  • Profile picture or avatar (if uploaded)
  • Account preferences and settings

Resume and Cover Letter Content:

  • Personal information (name, address, phone number, email, LinkedIn profile, personal website)
  • Professional summary and objective statements
  • Work experience, including job titles, employers, dates of employment, responsibilities, and achievements
  • Educational background, including institutions, degrees, certifications, and dates
  • Skills, competencies, and technical proficiencies
  • Languages spoken and proficiency levels
  • Professional references and contact information
  • Portfolio links, publications, awards, and honors
  • Cover letter content, including recipient information, job application details, and personalized messaging
  • Resume templates selected and formatting preferences
  • Document versions, edit history, and revision timestamps

Career Dashboard Data:

  • Target role selections and seniority preferences
  • Career readiness assessment results and gap analysis scores
  • Skill, experience, and education data used for role-matching analysis
  • AI-generated recommendations and development action plans

Payment Information:

  • Billing address and payment method details (processed through secure third-party payment processors)
  • Transaction history and subscription information
  • Invoice and receipt data

Communication Data:

  • Customer support inquiries, feedback, and correspondence
  • Survey responses and feedback forms
  • Contest entries and promotional participation

2.2 Information Automatically Collected

When you access or use our Services, we automatically collect certain information about your device and usage patterns:

Device and Technical Information:

  • IP address and approximate geographic location
  • Device type, model, and operating system
  • Browser type, version, and language settings
  • Screen resolution and display settings
  • Mobile device identifiers (UDID, IDFA, Android ID)
  • Hardware and software characteristics

Usage Information:

  • Pages visited, features accessed, and time spent on each page
  • Clickstream data and navigation patterns
  • Search queries and filters used
  • Resume and cover letter creation, editing, and export activities
  • Template selections and customization choices
  • Error logs and crash reports
  • Performance metrics and loading times

Cookies and Tracking Technologies:

  • Session cookies and persistent cookies
  • Local storage and session storage data
  • Pixel tags, web beacons, and similar tracking technologies
  • Analytics data and user behavior tracking

2.3 Information from Third Parties

We may receive information about you from third-party sources:

  • Social Media Platforms: If you connect your account with social media services (e.g., LinkedIn, Google), we may receive profile information, connections, and other data you authorize
  • Authentication Services: When you sign in using third-party authentication providers, we may receive basic profile information
  • Payment Processors: We receive transaction confirmations and payment status from our payment processing partners
  • Analytics Providers: We may receive aggregated analytics data from third-party analytics services
  • Public Records: We may supplement your information with publicly available data for verification purposes

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision and Operation

  • Create, maintain, and manage your user account
  • Process and store your resume and cover letter content
  • Enable resume and cover letter creation, editing, formatting, and export functionality
  • Provide access to resume templates and design options
  • Save and sync your documents across devices
  • Maintain document version history and revision tracking
  • Process payments and manage subscriptions
  • Authenticate your identity and secure your account

3.2 AI Enhancement and Personalization

  • Analyze your resume and cover letter content to provide AI-powered suggestions and improvements
  • Generate personalized recommendations for content optimization, formatting, and ATS compatibility
  • Provide real-time writing assistance, grammar checking, and style recommendations
  • Suggest relevant skills, keywords, and phrases based on job descriptions and industry standards
  • Analyze your profile against general role requirements to generate career readiness scores, skill gap assessments, and development recommendations through the Career Dashboard
  • Customize your experience based on your preferences, usage patterns, and career goals
  • Train and improve our AI models using anonymized and aggregated data (your personal information is not used to identify you in model training)

3.3 Communication and Customer Support

  • Respond to your inquiries, requests, and support tickets
  • Send service-related notifications, including account updates, security alerts, and feature announcements
  • Provide technical support and troubleshooting assistance
  • Access your account information and usage data when necessary to diagnose and resolve issues you are experiencing with our Services
  • Send administrative information, such as changes to our terms, conditions, and policies
  • Deliver transactional emails, including receipts, confirmations, and subscription renewals

3.4 Marketing and Promotional Activities

  • Send you marketing communications, newsletters, and promotional offers (with your consent where required)
  • Personalize marketing messages based on your interests and usage patterns
  • Conduct surveys, contests, and promotional campaigns
  • Display targeted advertisements and content recommendations
  • Measure the effectiveness of our marketing campaigns

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or adjusting your preferences in your account settings.

3.5 Service Improvement and Analytics

  • Analyze usage patterns and user behavior to improve our Services
  • Conduct research and development to enhance features and functionality
  • Monitor and analyze system performance, errors, and technical issues
  • Generate aggregated, anonymized statistics and insights
  • Test new features, designs, and user interfaces

3.6 Legal Compliance and Protection

  • Comply with applicable laws, regulations, and legal obligations
  • Respond to legal requests, court orders, and government inquiries
  • Enforce our Terms of Service and other agreements
  • Detect, prevent, and address fraud, abuse, security threats, and unauthorized access
  • Protect the rights, property, and safety of Gapaian, our users, and third parties
  • Investigate and resolve disputes and complaints

4. AI Processing and Machine Learning

Our Resume Builder and Cover Letter services utilize advanced artificial intelligence and machine learning technologies to enhance your documents and provide personalized recommendations. This section explains how we use AI in our Services:

4.1 AI-Powered Features

  • Content Analysis: Our AI analyzes your resume and cover letter content to identify areas for improvement, suggest better wording, and optimize for ATS (Applicant Tracking System) compatibility
  • Writing Assistance: AI-powered tools provide real-time grammar checking, style suggestions, and content recommendations to help you create professional, impactful documents
  • Keyword Optimization: AI suggests relevant keywords and phrases based on job descriptions and industry standards to improve your resume's visibility to employers
  • Formatting Recommendations: AI analyzes your content and suggests optimal formatting, layout, and design choices to maximize readability and professional appearance
  • Career Gap Analysis: AI evaluates your profile against generalized role requirements to produce career readiness scores, identify skill and experience gaps, and suggest development actions. These assessments are based on general industry data and do not reflect the specific hiring criteria of any individual employer
  • Personalization: AI learns from your preferences and usage patterns to provide increasingly personalized recommendations and suggestions

4.2 Data Processing for AI

When you use our AI-powered features, your resume and cover letter content may be processed by our AI systems:

  • Your content is processed in real-time to generate suggestions and recommendations
  • We may use anonymized, aggregated data to train and improve our AI models
  • Your personal information (name, email, etc.) is not used to identify you in AI model training
  • We implement technical safeguards to protect your data during AI processing
  • AI-generated suggestions are recommendations only—you maintain full control and can accept, modify, or reject any suggestions

4.3 Third-Party AI Services

We use third-party AI service providers to power certain features. Our current AI service providers include:

  • OpenAI: Powers content generation, writing assistance, and recommendation features
  • Anthropic: Powers conversational AI and content analysis features

When we use third-party AI services:

  • We only share the minimum necessary data required for the AI service to function
  • Third-party AI providers are contractually obligated to protect your data and use it solely for providing the requested service
  • We do not allow third-party AI providers to use your data for their own purposes or to train their own models
  • Your data is processed in accordance with this Privacy Policy and applicable data protection laws

This list of AI service providers may be updated from time to time. We will update this Privacy Policy to reflect any changes.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or resume data. We may share your information only in the following circumstances:

5.1 Service Providers and Business Partners

We may share your information with trusted third-party service providers who assist us in operating our platform and providing our Services:

  • Cloud Hosting Providers: We use cloud infrastructure providers to store and process your data securely
  • Payment Processors: We share payment information with secure payment processing services to handle transactions
  • Email Service Providers: We use email services to send you communications and notifications
  • Analytics Providers: We use analytics services to understand how our Services are used and improve user experience
  • Customer Support Tools: We may use third-party tools to provide customer support and manage inquiries
  • AI Service Providers: We may use third-party AI services to power certain features (as described in Section 4.3)

All service providers are contractually obligated to protect your data, use it solely for the purposes we specify, and comply with applicable data protection laws.

5.2 Legal Requirements and Law Enforcement

We may disclose your information if required or permitted by law:

  • To comply with applicable laws, regulations, court orders, or legal processes
  • To respond to government requests, subpoenas, or warrants
  • To enforce our Terms of Service, Privacy Policy, or other agreements
  • To protect the rights, property, or safety of Gapaian, our users, or third parties
  • To investigate, prevent, or take action regarding illegal activities, fraud, or security threats

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets:

  • Your information may be transferred as part of the business transaction
  • We will notify you of any such transfer and any changes to the ownership or use of your information
  • The acquiring entity will be required to honor this Privacy Policy or provide you with notice of any changes

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing. For example, if you choose to share your resume publicly or with specific employers through our platform, we will share it as you direct.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This may include statistical data about resume trends, usage patterns, or industry insights for research, marketing, or business purposes. We also analyze aggregated data to measure and drive our social impact forward, helping us understand how our Services are making career and financial literacy more accessible and enabling us to continuously improve our mission of transforming lives through education and opportunity.

6. Data Storage and Security

We implement comprehensive security measures to protect your personal and professional information:

6.1 Security Measures

  • Encryption: All data is encrypted in transit using TLS/SSL protocols and encrypted at rest using industry-standard encryption algorithms (AES-256)
  • Access Controls: We implement strict access controls, authentication requirements, and role-based permissions to ensure only authorized personnel can access your data
  • Secure Infrastructure: Our services are hosted on secure, enterprise-grade cloud infrastructure with regular security audits and compliance certifications
  • Network Security: We use firewalls, intrusion detection systems, and other network security measures to protect against unauthorized access
  • Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration testing
  • Employee Training: Our employees receive regular security training and are bound by strict confidentiality agreements
  • Incident Response: We maintain an incident response plan to quickly address and mitigate any security breaches

6.2 Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. The following table outlines our data retention periods:

Data TypeRetention Period
Account information (name, email)Duration of account + 30 days after deletion
Resumes and cover lettersDuration of account + 30 days after deletion
Payment and transaction records7 years (legal/tax requirements)
Support communications3 years after last interaction
Usage logs and analytics2 years (anonymized after 90 days)
Marketing preferencesUntil consent withdrawn + 30 days
Backup data90 days after primary data deletion

Legal Requirements: We may retain certain information for longer periods if required by law, regulation, or to resolve disputes. You can request deletion of your data at any time through your account settings or by contacting us directly.

6.3 Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will:

  • Investigate the breach immediately and take steps to contain and remediate it
  • Notify affected users and relevant authorities as required by applicable law, including:
    • Indonesian data protection authority (when established and operational) within 72 hours for Indonesian users, as required by UU PDP
    • Relevant data protection authorities in other jurisdictions where required (e.g., within 72 hours for GDPR-covered users)
  • Provide information about the nature of the breach, the data affected, and steps we are taking to address it
  • Offer guidance on steps you can take to protect yourself

6.4 Your Role in Security

While we implement robust security measures, you also play an important role in protecting your information:

  • Use a strong, unique password for your account
  • Enable two-factor authentication if available
  • Do not share your account credentials with others
  • Log out of your account when using shared or public devices
  • Notify us immediately if you suspect unauthorized access to your account

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with control over your data:

7.1 Access and Portability

  • Right to Access: You can access and review your personal information and resume data at any time through your account dashboard
  • Right to Data Portability: You can export your resume and cover letter data in various formats (PDF, DOCX, TXT, JSON) at any time
  • Request a Copy: You can request a complete copy of all personal information we hold about you by contacting us

7.2 Correction and Update

  • Right to Rectification: You can update, modify, or correct your information directly in your account settings or by contacting us
  • Edit Your Documents: You have full control to edit, modify, or delete any content in your resumes and cover letters

7.3 Deletion

  • Right to Erasure: You can request deletion of your account and all associated data at any time
  • Account Deletion: You can delete your account through your account settings, which will initiate the deletion of your personal information
  • Partial Deletion: You can delete individual resumes, cover letters, or other content without deleting your entire account
  • Legal Exceptions: We may retain certain information if required by law or for legitimate business purposes (e.g., transaction records)

7.4 Processing Restrictions and Objections

  • Right to Restrict Processing: You can request that we limit how we process your information in certain circumstances
  • Right to Object: You can object to certain types of processing, such as direct marketing or automated decision-making
  • Opt-Out of Marketing: You can opt out of marketing communications by clicking unsubscribe links in emails or adjusting preferences in your account

7.5 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. While we use AI to provide suggestions and recommendations, all final decisions about your resume and cover letter content remain with you.

7.6 Exercising Your Rights

To exercise any of these rights, you can:

  • Use the self-service options available in your account settings
  • Contact us at admin@gapaian.com with your request
  • Include sufficient information to verify your identity and process your request

We will respond to your request within 30 days (or as required by applicable law, including within 14 days for urgent requests under Indonesian law). If we need additional time or information to process your request, we will notify you and provide a reason for the delay.

8. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

8.1 Legal Basis for Processing

We process your personal information based on the following legal bases:

  • Contract Performance: To provide our Services and fulfill our contractual obligations to you
  • Legitimate Interests: To improve our Services, prevent fraud, and ensure security (where our interests do not override your rights)
  • Consent: When you have given explicit consent for specific processing activities (e.g., marketing communications)
  • Legal Obligations: To comply with applicable laws and regulations

8.2 Your GDPR Rights

In addition to the rights described in Section 7, you have the following GDPR-specific rights:

  • Right to Withdraw Consent: You can withdraw your consent at any time where processing is based on consent
  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority if you believe we have violated your rights
  • Right to Restrict Processing: You can request that we restrict processing in certain circumstances (e.g., while you contest the accuracy of your data)

8.3 Data Transfers

When we transfer your personal information outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with GDPR requirements.

9. CCPA Rights (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Your California Privacy Rights

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
  • Right to Correct: You have the right to request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

9.2 We Do Not Sell Your Personal Information

Gapaian does not sell your personal information to third parties, and we have not sold personal information in the preceding 12 months. We also do not share your personal information for cross-context behavioral advertising purposes as defined under the CPRA.

9.3 Exercising Your CCPA Rights

To exercise your rights under the CCPA, you may:

  • Email us at admin@gapaian.com with your request
  • Use the account settings in your dashboard to access, correct, or delete your information

We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf by providing written authorization. We will respond to verifiable consumer requests within 45 days, or notify you if we need additional time (up to 90 days total).

9.4 Categories of Personal Information

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: Name, email address, account name, IP address
  • Personal Information (Cal. Civ. Code § 1798.80): Name, address, telephone number, education, employment history
  • Internet or Network Activity: Browsing history, search history, interaction with our Services
  • Professional or Employment Information: Job history, qualifications, skills (as provided in resumes)
  • Inferences: Preferences and characteristics derived from your use of our Services

10. LGPD Rights (Brazilian Users)

If you are located in Brazil, you have specific rights under the Lei Geral de Proteção de Dados (LGPD):

10.1 Your LGPD Rights

Under the LGPD, you have the following rights regarding your personal data:

  • Confirmation and Access: You can request confirmation of whether we process your personal data and access to such data
  • Correction: You can request correction of incomplete, inaccurate, or outdated personal data
  • Anonymization, Blocking, or Deletion: You can request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD
  • Portability: You can request portability of your personal data to another service provider
  • Deletion: You can request deletion of personal data processed with your consent
  • Information on Sharing: You can request information about public and private entities with whom we have shared your data
  • Consent Information: You can request information about the possibility and consequences of not providing consent
  • Revocation of Consent: You can revoke your consent at any time
  • Opposition: You can oppose data processing activities that do not require consent if done in violation of the LGPD
  • Review of Automated Decisions: You can request review of decisions made solely based on automated processing of your personal data

10.2 Legal Basis for Processing

We process your personal data based on the following legal grounds under the LGPD:

  • Consent: When you have given explicit consent for specific processing activities
  • Contract Performance: When processing is necessary to fulfill our contractual obligations
  • Legitimate Interests: For our legitimate business interests, provided they do not override your rights and freedoms
  • Legal Obligations: When we are required to process data to comply with legal obligations

10.3 Exercising Your LGPD Rights

To exercise your rights under the LGPD, please contact our Data Protection Officer at admin@gapaian.com. We will respond to your request within 15 days, as required by the LGPD. You also have the right to file a complaint with the Brazilian National Data Protection Authority (ANPD).

11. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect and store information about your use of our Services:

11.1 Types of Cookies We Use

Essential Cookies:

These cookies are necessary for our Services to function and cannot be disabled. They include:

  • Authentication and session management cookies
  • Security and fraud prevention cookies
  • Load balancing and performance cookies

Functional Cookies:

These cookies enhance functionality and personalization:

  • Preference and settings cookies
  • Language and region selection cookies
  • User interface customization cookies

Analytics Cookies:

These cookies help us understand how our Services are used:

  • Usage statistics and analytics cookies
  • Performance monitoring cookies
  • Error tracking cookies

Advertising Cookies:

These cookies are used to deliver relevant advertisements:

  • Targeting and retargeting cookies
  • Ad performance measurement cookies

11.2 Cookie Consent

When you first visit our website, we will ask for your consent to use non-essential cookies through our cookie consent banner. You can choose to accept all cookies, reject non-essential cookies, or customize your preferences. Essential cookies that are necessary for the basic functioning of our Services do not require consent and cannot be disabled. You can change your cookie preferences at any time through our cookie settings.

11.3 Managing Cookies

You can control cookies through:

  • Our Cookie Settings: Use our cookie consent banner or cookie settings to manage your preferences
  • Browser Settings: Most browsers allow you to refuse or accept cookies, delete existing cookies, or set preferences for certain websites
  • Account Settings: You can manage your cookie preferences through your account settings (where available)
  • Opt-Out Tools: You can use industry opt-out tools, such as the Digital Advertising Alliance's opt-out page or the Network Advertising Initiative's opt-out page

Note: Disabling certain cookies may limit your ability to use some features of our Services or affect your user experience.

11.4 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Currently, there is no standard for how DNT signals should be interpreted. We do not currently respond to DNT signals, but we respect your privacy choices through other mechanisms described in this Privacy Policy.

12. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not owned or controlled by Gapaian. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access.

We are not responsible for the privacy practices, content, or security of third-party websites or services. Your interactions with third-party services are subject to their respective terms and privacy policies.

13. Children's Privacy

Our Services are not intended for individuals under the age of 13 (or the applicable age of consent in your jurisdiction, such as 16 in the EEA). We do not knowingly collect personal information from children under the age of 13.

For users in Indonesia: Under Indonesian law, individuals under 17 years of age are considered children. If you are under 17, you must have your parent's or guardian's consent to use our Services. We may require verification of parental consent before processing personal data of users under 17.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at admin@gapaian.com. If we become aware that we have collected personal information from a child under 13 (or under 17 in Indonesia) without verifiable parental consent, we will take steps to delete such information from our systems as quickly as possible.

If you are between the ages of 13 and 18 (or between 13 and 17 in Indonesia, or the applicable age of majority in your jurisdiction), you represent that you have your parent's or guardian's permission to use our Services and to provide us with your information.

14. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Indonesia, the United States, and other countries where our servers and service providers are located. These countries may have data protection laws that differ from those in your country.

When we transfer your information internationally, we take appropriate measures to ensure that your data receives adequate protection in accordance with this Privacy Policy and applicable data protection laws, including:

  • Standard Contractual Clauses approved by relevant data protection authorities (including European Commission Standard Contractual Clauses for transfers from the EEA)
  • Compliance with Indonesian data protection requirements for cross-border data transfers
  • Certification schemes and codes of conduct recognized by relevant authorities
  • Other legally recognized safeguards for international data transfers

For Indonesian users: Under UU PDP, we may transfer your personal data outside Indonesia only if the receiving country has an adequate level of data protection or if we implement appropriate safeguards. By using our Services, you consent to such transfers with the understanding that we will implement necessary safeguards to protect your data.

For users in other jurisdictions, by using our Services, you consent to the transfer of your information to countries outside your country of residence, including Indonesia and the United States, where our servers and service providers may be located.

15. Marketing Communications

With your consent (where required by law), we may send you marketing communications about our Services, including:

  • Product updates and new features
  • Promotional offers and discounts
  • Newsletters and educational content
  • Career tips and industry insights
  • Event invitations and webinars

You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Adjusting your email preferences in your account settings
  • Contacting us at admin@gapaian.com

Even if you opt out of marketing communications, we may still send you service-related, transactional, or administrative messages (e.g., account updates, security alerts, payment confirmations) that are necessary for the operation of our Services.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last updated" date
  • Sending you an email notification (if you have an account with us)
  • Displaying a prominent notice on our website or in our Services
  • For significant changes, we may provide additional notice or obtain your consent as required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you do not agree with any changes to this Privacy Policy, you may stop using our Services and request deletion of your account and data as described in Section 7.

17. Governing Law and Dispute Resolution

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Indonesia, including but not limited to Law No. 27 of 2022 on Personal Data Protection (UU PDP), without regard to its conflict of law provisions.

Any disputes arising out of or relating to this Privacy Policy or our data practices will be resolved through binding arbitration in accordance with the Arbitration Rules of the Singapore International Arbitration Centre (SIAC), except where prohibited by law. The arbitration shall be conducted in Singapore in the English language by a single arbitrator appointed in accordance with the SIAC Rules. The award rendered by the arbitrator shall be final and binding, and judgment on the award may be entered in any court having jurisdiction thereof.

Enforcement: Indonesia is a signatory to the 1958 New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards. As such, SIAC arbitral awards are enforceable in Indonesia, subject to the provisions of the New York Convention and Indonesian law.

Alternatively, and only if arbitration is not available or is prohibited by applicable law, disputes may be resolved in the competent courts of Jakarta, Indonesia, which shall have exclusive jurisdiction.

If any provision of this Privacy Policy is found to be unenforceable or invalid under applicable law, that provision will be limited or eliminated to the minimum extent necessary so that this Privacy Policy shall otherwise remain in full force and effect and enforceable.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Gapaian

Data Protection Officer (DPO): admin@gapaian.com

General Inquiries: admin@gapaian.com

Our physical address can be found in the footer of our website.

We will respond to your inquiry as soon as possible and in accordance with applicable data protection laws. For privacy-related requests, please include sufficient information to verify your identity and process your request.

Response Times: We aim to respond to all privacy inquiries within 30 days. For requests under specific regulations (GDPR, CCPA, LGPD), we will respond within the timeframes required by applicable law.