DOKUMEN LEGAL

KEBIJAKAN PRIVASI

Terakhir diperbarui: April, 2026

1. About This Privacy Policy

This Privacy Policy explains how PT Immenzo Jaya International (“Immenzo,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects Personal Data in connection with:

immenzo.com and related websites;
Immenzo accounts and administrative portals;
product demonstrations and sales activities;
customer support and business communications; and
the Immenzo document-processing platform and related services.

This Policy should be read together with our Cookie Policy and any applicable customer agreement.

2. Our Role in Processing Personal Data

2.1 When Immenzo Acts as Data Controller

Immenzo acts as a Personal Data Controller when we determine why and how Personal Data is processed, including for:

website operation;
account administration;
sales and customer relationships;
billing and contractual administration;
service security;
direct marketing;
recruitment; and
our own legal and compliance obligations.

2.2 When Immenzo Acts as Data Processor

When a business customer submits documents or other data to the Immenzo platform and determines the purposes of that processing, the customer normally acts as the Data Controller and Immenzo acts as its Data Processor.

In those circumstances:

we process the data according to the customer’s documented instructions;
the applicable customer agreement and documented instructions govern the processing; and
requests concerning Personal Data contained in customer-controlled documents may need to be directed to the relevant customer.

3. Personal Data We Collect

The Personal Data we collect depends on how a person interacts with Immenzo.

3.1 Information Provided Directly

We may collect:

name;
business email address;
telephone number;
company, department, and job title;
account username and authentication information;
billing and transaction information;
communications, enquiries, and support requests;
survey or product feedback;
demonstration and sales-request information; and
information submitted through forms or account settings.

Payment-card information may be processed directly by an authorized payment provider. Immenzo should not claim that it stores full payment-card information unless it actually does so.

3.2 Customer Content

Customer Content may include:

invoices;
purchase orders;
delivery documents;
tax documents;
forms;
certificates;
correspondence;
document images;
extracted fields and line items;
validation results;
transaction data; and
other content submitted by or for a customer.

Customer Content may contain Personal Data relating to the customer’s employees, suppliers, customers, applicants, recipients, or other individuals.

Customers are responsible for ensuring that they have an appropriate legal basis and authority to submit Customer Content to the Services.

3.3 Information Collected Automatically

When a person uses our website or Services, we may collect:

IP address;
browser and device type;
operating system;
language and time-zone settings;
access dates and times;
pages and features viewed;
referral information;
account and session events;
API and system activity;
error and diagnostic records;
security events; and
cookie and consent preferences.

We collect advertising or non-essential analytics information only in accordance with the choices presented through our cookie-consent mechanism.

3.4 Information Received from Other Sources

We may receive information from:

a person’s employer or organization;
authorized customer representatives;
authentication providers;
implementation and integration partners;
payment providers;
service providers;
publicly available professional sources; and
advertising or analytics providers, where permitted.

4. Why We Process Personal Data

We process Personal Data for the purposes and legal bases described below.

Purpose	Typical legal basis
Creating and administering accounts	Performance of a contract or steps requested before entering a contract
Providing document-processing and related Services	Performance of a contract and the customer’s documented instructions
Processing payments and managing subscriptions	Performance of a contract and legal obligations
Providing support and responding to enquiries	Performance of a contract or legitimate interests
Protecting accounts, systems, and users	Legitimate interests and legal obligations
Detecting abuse, fraud, or security incidents	Legitimate interests and legal obligations
Maintaining audit and transaction records	Contractual necessity, legitimate interests, and legal obligations
Improving reliability and product performance	Legitimate interests or consent where required
Sending requested product or service communications	Contractual necessity or legitimate interests
Sending optional promotional communications	Consent or another lawful basis permitted by applicable law
Website analytics	Consent where required
Advertising measurement and targeted advertising	Consent
Complying with legal requests and obligations	Legal obligation
Establishing or defending legal claims	Legitimate interests and applicable legal rights
Conducting a merger, financing, acquisition, or restructuring	Legitimate interests and applicable legal obligations

Where we rely on legitimate interests, we consider the purpose, necessity, impact on individuals, and available safeguards.

Where we rely on consent, consent may be withdrawn through the method provided when consent was collected or by contacting us.

5. Artificial Intelligence and Customer Content

Immenzo uses automated systems and artificial-intelligence technologies to provide functions such as:

document classification;
text and field extraction;
line-item extraction;
document comparison;
transaction validation;
exception detection; and
preparation of structured outputs.

Unless separately agreed in writing, Immenzo does not use Customer Content to:

train a general-purpose artificial-intelligence model;
train models made available to unrelated customers;
create advertising profiles; or
develop products unrelated to the contracted Services.

Immenzo may use appropriately aggregated or de-identified operational information to maintain security, measure reliability, diagnose technical issues, and improve system performance, provided the information cannot reasonably identify a customer or individual.

Any third-party AI provider that processes Customer Content on our behalf must be treated as an authorized service provider or Sub-Processor and subject to contractual data-protection restrictions.

Immenzo’s outputs may require human review. Customers remain responsible for decisions made using extracted or generated information, particularly where a decision may have legal, financial, employment, educational, health, or similarly significant consequences.

6. How We Disclose Personal Data

We may disclose Personal Data to:

Service Providers

Providers supporting:

cloud hosting;
data storage;
artificial-intelligence inference;
email delivery;
authentication;
security monitoring;
customer support;
analytics;
payments; and
other technical or business operations.

These providers may process Personal Data only for authorized purposes and subject to appropriate contractual obligations.

Customer-Authorized Recipients

We may transmit data to systems or recipients selected by a customer, including:

ERP systems;
accounting platforms;
warehouse systems;
customer portals;
integration partners; and
other customer-authorized applications.

AppLovin

Where we use AppLovin to advertise Immenzo, AppLovin may receive limited website and advertising information after the necessary consent has been obtained.

The information may include:

IP address;
browser and device information;
campaign and referral information;
website interaction events;
timestamps; and
consent or privacy-choice signals.

We do not intentionally provide AppLovin with Customer Content, uploaded documents, health information, financial-account information, government identifiers, communication contents, or other sensitive Personal Data.

Legal and Regulatory Recipients

We may disclose Personal Data where reasonably necessary to:

comply with applicable law;
respond to a legally valid request;
protect users, Immenzo, or other persons;
investigate fraud or security incidents; or
establish, exercise, or defend legal claims.

Corporate Transactions

Personal Data may be disclosed to professional advisers, investors, lenders, or prospective transaction parties in connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality and data-protection safeguards.

Aggregated or De-Identified Information

We may disclose information that has been aggregated or de-identified so that it cannot reasonably identify an individual.

We do not sell Personal Data for monetary payment.

7. Cookies and Advertising Technologies

We use cookies and similar technologies to:

operate and secure the website;
remember user choices;
understand website performance; and
measure advertising campaigns.

Strictly necessary technologies may operate without optional consent where permitted.

Analytics and advertising technologies are activated only in accordance with the choices presented through our cookie-consent mechanism.

Users can review or change their choices through the consent options presented on our website.

Further information is available in our Cookie Policy.

8. International Data Transfers and Processing Locations

The locations used to process Personal Data depend on the applicable Service, customer agreement, and service providers.

Where an Order Form or service specification includes an Indonesia-only processing commitment, we will process the relevant data according to that commitment.

Otherwise, Personal Data may be processed in Indonesia and in other countries in which Immenzo or its authorized service providers operate.

Before transferring Personal Data outside Indonesia, we apply a transfer mechanism permitted under applicable law, which may include:

confirming an equivalent or higher level of data protection;
implementing adequate and legally binding safeguards; or
obtaining consent where legally required and no other permitted safeguard is available.

Additional information about customer-specific processing locations and Sub-Processors may be provided in the applicable agreement or Sub-Processor list.

9. Data Retention

We retain Personal Data only for as long as reasonably necessary for the relevant purpose, contractual requirement, security need, or legal obligation.

Retention considerations include:

the duration of the customer relationship;
the customer’s configured retention settings;
contractual deletion instructions;
legal and accounting requirements;
limitation periods;
security and fraud-prevention needs;
backup cycles; and
pending disputes or investigations.

Typical retention categories should be documented internally and, where appropriate, disclosed as follows:

Data category	Retention approach
Customer Content	According to the customer agreement and configured retention period
Account information	For the account term and a limited period afterwards
Billing and contractual records	For the period required by applicable accounting, tax, and legal rules
Support communications	For the period needed to resolve and document the request
Security and access logs	For a defined period appropriate to security and audit needs
Marketing information	Until consent is withdrawn, the person opts out, or the information is no longer required
Cookie consent records	For the period needed to demonstrate and respect the person’s choices

When retention is no longer necessary, Personal Data is deleted, destroyed, anonymized, or isolated from ordinary use in accordance with applicable requirements.

10. Security

We use technical and organizational measures designed to protect Personal Data against unauthorized access, disclosure, alteration, loss, destruction, or unlawful processing.

These measures may include, where implemented and appropriate:

encryption in transit and at rest;
authentication controls;
role-based and least-privilege access;
logging and monitoring;
logical separation of customer environments;
vulnerability and patch management;
backup and recovery procedures;
incident-response procedures;
employee confidentiality requirements;
privacy and security training; and
risk-based review of service providers.

No system is completely secure. We therefore continually assess and improve safeguards according to the nature and risk of the processing.

Specific security commitments are governed by the applicable customer agreement, security addendum, or service specification.

11. Personal Data Rights

Subject to applicable law and permitted exceptions, an individual may have the right to:

receive information about Immenzo’s identity, processing purposes, legal basis, and accountability;
obtain confirmation of whether Personal Data is being processed;
access and obtain a copy of Personal Data;
correct or update inaccurate Personal Data;
request deletion or destruction of Personal Data;
withdraw previously provided consent;
request suspension or restriction of processing;
object to certain automated decisions that produce legal or similarly significant effects;
receive eligible Personal Data in a commonly used, machine-readable format;
transmit eligible Personal Data to another controller where technically possible; and
seek compensation or other remedies where permitted by law.

Rights may be subject to identity verification, legal restrictions, security considerations, the rights of other persons, and applicable retention obligations.

To submit a request, email:

[email protected]

Subject line:

Immenzo Privacy Rights Request

Please include enough information for us to identify the relevant relationship and verify the request.

Customer-Controlled Data

Where Immenzo processes Personal Data solely on behalf of a customer, we may refer the request to that customer or assist the customer in responding.

The customer remains responsible for determining whether and how the request should be fulfilled.

12. Marketing Communications

A person may stop receiving promotional emails by:

using the unsubscribe link in the message; or
contacting us at [email protected].

A person may continue to receive non-promotional communications necessary for:

account administration;
security;
transactions;
changes to contracted Services; or
fulfillment of legal obligations.

13. Children

Immenzo’s website and Services are intended for businesses and professional users and are not directed to children.

We do not knowingly collect Personal Data directly from children through our website for advertising purposes.

We do not initialize or use AppLovin advertising technologies in connection with users known to be children or digital properties directed exclusively toward children.

Where a customer lawfully submits children’s Personal Data through the Services, that processing must be specifically authorized under the customer agreement and subject to the safeguards required by applicable law.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in:

our Services;
processing activities;
service providers;
legal obligations; or
security and privacy practices.

The latest revision date will appear at the top of the Policy.

Where a change materially affects how Personal Data is processed, we will provide appropriate notice.

Where processing depends on consent and the information relevant to that consent materially changes, we will request renewed consent where required.

15. Contact Information

Questions, privacy requests, or complaints may be sent to:

PT Immenzo Jaya International Email: [email protected] Support: [email protected] Address: [Complete registered or correspondence address]

If Immenzo has formally appointed a person responsible for the personal-data-protection function:

Privacy and Data Protection Contact Email: [email protected]

Where required, this Privacy Policy should also be made available in Bahasa Indonesia. The Bahasa Indonesia and English versions should communicate materially equivalent information.