Privacy Policy

1. Introduction

PT. Rafiq Space Intelligence ("Company," "we," "us," or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the MeetPal platform (the "Service").

This Privacy Policy is prepared in compliance with Law No. 27 of 2022 on Personal Data Protection (Undang-Undang Pelindungan Data Pribadi / "UU PDP"), Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions (PP PSTE), and other applicable data protection regulations in the Republic of Indonesia.

2. Data Controller

The data controller (pengendali data pribadi) responsible for processing your personal data through the Service is:

PT. Rafiq Space Intelligence
Email: link@rafiqspace.ai
Jakarta, Indonesia

3. Data We Collect

We collect and process the following categories of personal data in connection with the Service:

a. Account Data

Information provided during registration and account management, including your name, email address, profile picture, Organization name, and role within your Organization. This data is obtained through our identity provider (ZITADEL SSO).

b. Meeting Data

Meeting recordings (audio), transcripts generated from recordings, meeting titles, descriptions, participant information, and meeting metadata such as date, time, and duration.

c. Voice & Biometric Data (Specific Personal Data)

Audio recordings and voice embeddings (voiceprints) used for speaker identification and diarization. Under UU PDP, biometric data is classified as specific personal data (data pribadi spesifik) and is subject to enhanced protection. Voice embeddings are mathematical representations of voice characteristics derived from your audio.

d. AI Processing Data

Content generated by our AI features, including meeting summaries, recommendations, analytical insights, and results from knowledge base analysis. This data is derived from your Meeting Data and processed by our AI systems.

e. Usage & Technical Data

Device information, IP address, browser type and version, operating system, access timestamps, pages visited, and usage patterns collected automatically when you access the Service.

f. Calendar Data

If you connect your Google Calendar, we access calendar event details (titles, times, participants, meeting links) to enable scheduling features. Calendar data is encrypted at rest and only accessible within your Organization.

4. How We Use Your Data

We process your personal data for the following purposes:

• Providing the Service: processing recordings, generating transcripts, performing speaker identification, and producing AI-generated meeting insights
• Account management: authenticating users, managing Organization memberships, and enforcing access controls
• Service improvement: analyzing usage patterns to improve features, fix issues, and optimize performance
• Communication: sending service notifications, usage alerts, and important updates about the Service
• Security: detecting and preventing fraud, unauthorized access, and other security threats
• Analytics: providing Organization-level analytics and insights on meeting activity
• Calendar integration: synchronizing events, enabling meeting scheduling, and automating bot deployment
• Legal compliance: fulfilling obligations under UU PDP, UU ITE, and other applicable regulations

5. Legal Basis for Processing

In accordance with Article 20 of UU PDP, we process your personal data based on the following legal grounds:

• Consent: For meeting recordings, voice enrollment for speaker identification, and calendar data access. You may withdraw your consent at any time through the Platform settings, without affecting the lawfulness of processing performed prior to withdrawal.
• Contractual Necessity: Processing necessary for the performance of the Service as agreed in the Terms of Service, including transcription, AI analysis, and account management.
• Legal Obligation: Processing required to comply with applicable Indonesian laws and regulations, including data retention requirements and responding to lawful requests from competent authorities.
• Legitimate Interests: Processing necessary for our legitimate interests, including service security, fraud prevention, and service improvement, provided that such interests are not overridden by your fundamental rights and freedoms.

6. Data Sharing & Disclosure

We may share your personal data with the following categories of recipients:

• Service Providers: Third-party providers that assist in operating the Service, including cloud hosting, AI model providers, and infrastructure services. All service providers are contractually obligated to protect your data and process it only as instructed by us.
• Organization Members: Other members of your Organization may access shared meeting data, transcripts, and AI outputs in accordance with the access permissions configured by your Organization administrators.
• Legal Requirements: We may disclose your data when required by law, regulation, legal process, or governmental request, including requests from Indonesian law enforcement or regulatory authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction, subject to the protections described in this Privacy Policy.

We do not sell your personal data to third parties. We do not share your personal data with third parties for their own marketing purposes.

7. Cross-Border Data Transfers

Your personal data may be transferred to and processed in jurisdictions outside of Indonesia for the purposes of cloud hosting, AI processing, and service delivery. In accordance with Article 56 of UU PDP, we ensure that any cross-border transfer of personal data is made to jurisdictions that provide an equivalent or higher level of personal data protection, or is subject to adequate protective safeguards.

Where transfers are made to jurisdictions without equivalent protections, we implement appropriate contractual safeguards, including standard contractual clauses, to ensure your personal data remains protected in accordance with UU PDP requirements.

8. Data Retention

We retain your personal data for the following periods:

• Account data: retained for the duration of your active Account, and for a reasonable period after Account closure as required by applicable law
• Meeting recordings and transcripts: retained for the duration of your subscription, and deleted upon request or Account termination
• Voice embeddings: retained until the associated speaker profile is deleted or consent is withdrawn by the data subject
• AI-generated content: retained for the same period as the associated meeting data
• Usage and technical data: retained for a limited period necessary for the purposes described in this policy

Upon expiration of the retention period, personal data will be securely deleted or anonymized in accordance with Article 44 of UU PDP. We may retain anonymized data indefinitely for statistical and analytical purposes.

9. Your Rights

Under UU PDP, you have the following rights with respect to your personal data:

• Right of Access: You may request access to and obtain a copy of your personal data that we process.
• Right to Rectification: You may request correction of any inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data, subject to applicable legal retention requirements.
• Right to Restrict Processing: You may request that we restrict the processing of your personal data under certain circumstances.
• Right to Object: You may object to the processing of your personal data, including objecting to automated decision-making that produces legal effects or similarly significant impacts.
• Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.
• Right to Complain: You have the right to file a complaint with the Indonesian Personal Data Protection Agency (Lembaga Pelindungan Data Pribadi) if you believe your rights have been violated.

To exercise any of these rights, please contact us at link@rafiqspace.ai. We will respond to your request in a timely manner in accordance with the timeframes prescribed by UU PDP.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure, including:

• Encryption of data in transit and measures to protect data at rest
• Role-based access controls with authentication managed through our identity provider
• Audit logging of data modification and access activities
• Regular security assessments and vulnerability testing

In the event of a personal data breach, we will notify affected users and the relevant authorities within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 46 of UU PDP. Notification will be delivered via email and will include: a description of the personal data affected, the time and manner in which the breach occurred, and the remedial measures we have taken or plan to take. Breach notifications are handled directly by our data protection team at link@rafiqspace.ai.

11. Cookies & Tracking Technologies

The Service uses the following types of cookies and similar technologies:

• Essential Cookies: Required for authentication, session management, and security. These cookies are necessary for the Service to function and cannot be disabled.
• Functional Cookies: Used to remember your preferences, such as language and theme settings. These cookies enhance your experience but are not strictly necessary.

We do not use third-party advertising or tracking cookies. Your cookie preferences can be managed through your browser settings.

12. Children's Privacy

The Service is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data promptly. If you believe that a child has provided us with personal data, please contact us at link@rafiqspace.ai.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated to you at least thirty (30) days before they take effect, via email or through a prominent notice on the Platform. We encourage you to periodically review this Privacy Policy for any updates.

14. Contact & Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have concerns about our data practices, please contact us:

PT. Rafiq Space Intelligence
Data Protection Officer: link@rafiqspace.ai
General Inquiries: link@rafiqspace.ai
Jakarta, Indonesia