Last updated: Mei 2026
The data controller for the Delt platform is PT Sarang Nalar Karya (trading as Cognerest), a company registered in the Republic of Indonesia. For privacy-related inquiries, contact us at support@cognerest.com.
When Delt hosts and runs your application on our infrastructure, we act as a data processor for any personal data that your application processes on behalf of your end-users. For your account information and billing data, we act as the data controller. See our Data Processing Agreement for formal processor obligations.
This Privacy Policy is designed to comply with applicable data protection laws in the jurisdictions where we operate, including Indonesia's Personal Data Protection Law (UU PDP, Law No. 27 of 2022), the EU General Data Protection Regulation (GDPR), and Japan's Act on the Protection of Personal Information (APPI). Jurisdiction-specific provisions are detailed in Section 18.
In accordance with UU PDP Article 20, we process your personal data based on the following legal grounds:
We collect the following categories of data:
Payment transactions are processed by Midtrans (for Indonesian customers via QRIS, GoPay, bank transfer) and Paddle (for international customers via credit card, PayPal). Delt does not store, process, or have access to your payment credentials, card numbers, or QRIS tokens. We retain only transaction records: amount, date, order ID, and payment status. Paddle acts as Merchant of Record for international transactions and handles VAT/sales tax compliance.
Your information is used to:
We do not sell your personal data to third parties.
We implement the following security measures:
Application workloads run in the cloud region you select at project creation. Available regions include: ap-southeast-1 (Singapore), us-east-1 (Virginia, United States), eu-central-1 (Frankfurt, Germany — future), ap-northeast-1 (Tokyo, Japan — future). Account data, billing records, and authentication data are stored in Singapore (Supabase) regardless of your chosen deployment region.
We use the following third-party sub-processors to provide the Service:
Under applicable data protection laws (including UU PDP, GDPR, and APPI), you have the following rights:
To exercise any of these rights, contact us at support@cognerest.com. We will respond within 30 days.
In the event of a personal data breach, we will notify affected users and the relevant supervisory authority within 72 hours (3 × 24 hours) of becoming aware of the breach, in accordance with applicable data protection laws. See Section 17 for full breach notification procedures.
The Service is not intended for users under 17 years of age. Users under 17 require parental or guardian consent to use the Service. We do not knowingly collect personal data from children under 17 without such consent. If we become aware that we have collected personal data from a child under 17 without parental consent, we will take steps to delete that information.
We use essential cookies for authentication session management (Supabase auth tokens). We also collect anonymized performance metrics via web-vitals to monitor page load performance.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
Your data may be processed outside your country of residence by our sub-processors. We use the following legal mechanisms to ensure adequate protection for cross-border transfers:
We retain your data only as long as necessary for the purposes described in this policy:
You may request deletion of your personal data at any time by contacting us. We will process deletion requests within 30 days, subject to legal retention obligations.
In the event of a personal data breach, we will notify affected users and the relevant supervisory authority within 72 hours (3 × 24 hours) of becoming aware of the breach. The notification will include: the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach.
If you are located in the EU/EEA, the following additional provisions apply under the General Data Protection Regulation (GDPR):
We process your personal data on the following lawful bases: (a) Contract performance — account data, deployment data, and billing data are processed to provide the Service; (b) Legitimate interest — usage metrics and security logs are processed to maintain platform security and improve the Service; (c) Consent — marketing communications are sent only with your explicit opt-in consent.
In addition to the rights listed in Section 11, you have the right to: lodge a complaint with your local data protection supervisory authority; request restriction of processing; and object to automated decision-making (note: Delt does not engage in automated decision-making or profiling).
For transfers of personal data outside the EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914). Where data is transferred to the United States, we additionally rely on the EU-US Data Privacy Framework where the recipient is certified.
We have not appointed a Data Protection Officer as we do not meet the threshold requirements under GDPR Article 37. We will appoint a DPO when required by law. For privacy inquiries, contact privacy@cognerest.com.
If you are located in Japan, the following additional provisions apply under the Act on the Protection of Personal Information (APPI):
Purpose of use per data category: email address — account authentication and service notifications; display name — personalization of the Service; GitHub account details — source code integration; billing data — payment processing and plan management; usage data — service improvement and security monitoring.
Your data may be stored and processed in Singapore (Supabase) and other countries where our sub-processors operate. Singapore maintains a personal data protection regime (PDPA) recognized as providing adequate protection. We have implemented contractual safeguards with all sub-processors to ensure equivalent data protection standards.
In the event of a qualifying data breach, Delt will report to the Personal Information Protection Commission (PPC) within the required timeframe (3-5 business days). Delt operates as a business operator (個人情報取扱事業者) under APPI with direct obligations for the protection of personal information.
If you are located in Indonesia, the following provisions apply under the Personal Data Protection Law (UU PDP, Law No. 27 of 2022):
We obtain explicit consent for the processing of your personal data at account registration. You may withdraw consent at any time by deleting your account or contacting us. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal.
In the event of a personal data breach, we will notify you and the relevant authority within 72 hours (3 × 24 hours) in accordance with UU PDP requirements. The notification will include the nature of the breach, data affected, and remediation steps taken.
Your rights under UU PDP include: the right to obtain information about the processing of your data, the right to correct inaccurate data, the right to delete your data, the right to withdraw consent, the right to object to automated processing, and the right to data portability. To exercise these rights, contact privacy@cognerest.com.
The Service is not intended for users under 17 years of age. Users under 17 require parental or guardian consent to use the Service. We do not knowingly collect personal data from children under 17 without such consent. If we become aware that we have collected personal data from a child under 17 without parental consent, we will take steps to delete that information.
We use essential cookies for authentication session management (Supabase auth tokens). We also collect anonymized performance metrics via web-vitals to monitor page load performance.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The updated policy will be posted on this page with a revised date.
For privacy-related inquiries, contact us at privacy@cognerest.com.
PT Sarang Nalar Karya (Cognerest)
Republic of Indonesia