Privacy Policy

PT Curagi Global Informatika ("Curagi", "we", "us", or "our") operates the curagi.io website and provides custom healthcare information systems powered by Big Data, AI, and IoT. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree with the terms, please do not access our website or use our services.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide when you:

• Register for an account on our platform
• Place an order for our healthcare information systems
• Subscribe to our newsletter or marketing communications
• Contact us through our website or email
• Participate in online meetings scheduled through our platform

This information may include your name, email address, phone number, company name, job title, billing address, and payment information.

1.2 Automatically Collected Information

When you visit our website, we may automatically collect certain information about your device and usage patterns, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring website or source
• Device identifiers

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our services and healthcare information systems
• To process your orders, payments, and manage your account
• To communicate with you about your orders, including production updates and meeting schedules
• To send you invoices and process payments through our supported payment providers
• To improve our website, products, and services through analytics
• To send marketing and promotional communications (with your consent)
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations under Indonesian law

3. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, guided by ISO 27001 information security management principles. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Secure password hashing using industry-standard algorithms
• Role-based access controls to limit data access to authorized personnel
• Regular security assessments and vulnerability testing
• Secure hosting infrastructure with firewalls and intrusion detection
• Employee training on data protection and privacy best practices

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

4. Third-Party Services

We use the following third-party services to operate our platform. Each service has its own privacy policy governing the use of your information:

• PayPal — for processing international payments
• Xendit — for processing local Indonesian payments
• SendGrid — for sending transactional and notification emails
• Jitsi Meet — for hosting video meetings and consultations

We only share the minimum amount of personal data necessary for these services to function. We encourage you to review the privacy policies of these third-party providers.

5. Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand user behavior. Cookies are small data files stored on your device when you visit our website.

We use essential cookies for authentication and session management, as well as analytics cookies to help us improve our services. You can manage your cookie preferences through your browser settings. For more details, please visit our Cookie Policy.

6. Your Rights

In accordance with applicable data protection regulations, including Indonesian Law No. 27 of 2022 on Personal Data Protection (UU PDP), you have the following rights:

• Right of Access — request a copy of your personal data that we hold
• Right of Rectification — request correction of inaccurate or incomplete data
• Right of Erasure — request deletion of your personal data, subject to legal obligations
• Right to Restrict Processing — request limitation on how we process your data
• Right to Data Portability — request transfer of your data in a structured format
• Right to Withdraw Consent — withdraw your consent at any time where processing is based on consent

To exercise any of these rights, please contact us at hello@curagi.io. We will respond to your request within 30 days.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. When personal data is no longer needed, we will securely delete or anonymize it.

8. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

9. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a revised "Last Updated" date. We encourage you to review this page periodically.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Company: PT Curagi Global Informatika
• Email: hello@curagi.io
• Website: curagi.io
• Location: Jakarta, Indonesia