Privacy Policy

How we handle your data.

Last updated: 4 July 2026

This Privacy Policy (the "Policy") describes how SEO Fixindo Technology (the "Provider", "we", "us") obtains, collects, processes, analyses, stores, updates, displays, discloses, erases, and protects your personal data (the "User", "you") in connection with your use of the services at seo.fixindo.id (the "Services"). This Policy is drafted with reference to Indonesia's Personal Data Protection Law (Law No. 27 of 2022, together with its implementing regulations, the "PDP Law") and forms an integral part of the Terms of Service. By accessing and using the Services, you acknowledge that you have read, understood, and consented to the processing of personal data as set out in this Policy.

1. Roles of the Parties

In processing personal data under this Policy, the Provider acts as the Data Controller, being the party that determines the purposes of, and controls, the processing of personal data. Where the Provider engages third-party service providers to process personal data on its behalf and in accordance with its instructions, those third parties act as Data Processors.

You warrant that any personal data you submit to the Provider is true, accurate, and current, and that you have lawful authority to submit it, including where such data comprises information relating to other individuals.

2. Categories of Personal Data We Process

Account data. Your name (where provided) and the email address you register, together with your password stored as a one-way encrypted value (bcrypt hash). The Provider does not store, and cannot recover, your password in its original form.

Service usage data. The domains you register and all resulting audit output, including search-engine optimisation scores, Core Web Vitals, backlink quality, technical findings, and remediation recommendations.

Transaction data. Records of wallet top-ups and subscriptions comprising amount and status. Payments are effected through a manual QRIS mechanism; the Provider stores no card numbers, banking credentials, or payment-instrument information whatsoever.

Technical data. A session cookie (httpOnly) necessary to maintain your signed-in state, together with reasonable server logs for security, abuse prevention, and reliability of the Services.

3. Lawful Basis and Purposes of Processing

The Provider processes your personal data on one or more lawful bases, namely: (i) the consent you provide; (ii) performance of a contract with you; (iii) compliance with the Provider's legal obligations; and/or (iv) legitimate interests, provided these do not override your rights and interests as a Data Subject.

Processing is carried out to operate and display audits, retain history, and administer your account, wallet, and subscription; to send essential Service-related emails; to maintain system security; and to comply with applicable laws and regulations.

4. Google Search Console Data

Where you voluntarily connect your Google account, the Provider requests read-only access to your Google Search Console data (the webmasters.readonly scope) via Google's OAuth protocol. Granting such access is optional and entirely within your control.

That data is used solely to display your site's search performance (including clicks, impressions, average position, and top queries and pages) within your own report. The Provider does not disclose, sell, or use such data for any other purpose, and does not use it to train artificial-intelligence models.

You may disconnect at any time via the dashboard, whereupon the associated access token is deleted. The Provider's use of information received from Google APIs is subject to and complies with the Google API Services User Data Policy, including the Limited Use requirements.

5. Disclosure to Third-Party Processors

To deliver the Services, the Provider may disclose personal data, to the extent necessary, to third-party service providers acting as Processors, namely: Google (PageSpeed Insights and Search Console) for performance measurement and search data; OpenRouter for AI-assisted fix drafting (the Provider transmits only issue context, not your personal data); Resend for transactional email delivery; and Neon for database hosting.

Each Processor is bound by its respective data-processing terms and may process personal data only in accordance with the Provider's instructions and the stated purposes. The Provider does not sell your personal data to any party.

6. Data Retention and Security

The Provider applies reasonable technical and organisational measures to protect your personal data, including password encryption (bcrypt), sessions based on httpOnly cookies together with signed tokens (JWT), and transmission over an encrypted protocol (HTTPS).

Personal data is retained while your account remains active or for as long as necessary to fulfil the purposes of processing and legal obligations. You may request deletion of your account and associated data at any time, and the Provider will act upon such request in accordance with applicable law.

7. Your Rights as a Data Subject

Under the PDP Law, you are entitled, among other things, to obtain information about the processing of your data; to access and obtain a copy of your personal data; to update or rectify inaccurate data; to withdraw consent; to end processing, erase, and/or destroy your personal data; and to object to decisions based solely on automated processing.

You may exercise these rights by emailing info@fixindo.id. The Provider may first verify your identity before acting on your request.

8. Cookies, Age Restriction, and Data Transfers

The Services use cookies that are essential to the functioning of authentication and sessions; the Provider does not use cookies for cross-site tracking for advertising purposes.

The Services are not directed at individuals below the age of majority under applicable law. Where processing involves third parties located outside Indonesia, the Provider will ensure an adequate level of protection as required by the PDP Law.

9. Changes to this Policy and Contact

The Provider may update this Policy from time to time. Material changes will be notified via the Services or by email. The "last updated" date at the top of this document always reflects the current version, and your continued use of the Services after changes take effect constitutes your acceptance of them.

For questions, requests, or complaints regarding the protection of personal data, please contact us at info@fixindo.id.