1. Who We Are
NodeHelix is operated by PT Trivida Meta Corpora, headquartered in Jakarta, Indonesia ("NodeHelix", "we", "us"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website, dashboard, and cloud hosting services (the "Service").We comply with Indonesia's Law No. 27 of 2022 on Personal Data Protection (UU PDP) and other applicable data protection laws.2. Data We Collect
Account data: name, email address, phone number, business name, billing address, and password (hashed).Payment data: top-up amounts, payment method (virtual account, e-wallet, QRIS), transaction IDs, and proof-of-payment uploads. Card and bank credentials are processed directly by our payment partner and are never stored on our servers.Service usage data: instances deployed, regions, SSH keys, firewall rules, snapshots, bandwidth and resource consumption, and dashboard activity.Technical data: IP address, browser type, device identifiers, request logs, and audit log entries for security and compliance.Support data: messages, attachments, and tickets you submit to our support team.3. How We Use Your Data
To provide and operate the Service, including provisioning instances, processing top-ups, and applying credit deductions.To authenticate you, secure your account, and prevent fraud and abuse.To send transactional emails (e.g. instance created/destroyed notifications, SSH key download links, top-up confirmations).To respond to support requests and improve our products.To comply with legal obligations, including tax, anti-money-laundering, and lawful requests from authorities.4. Legal Basis for Processing
We process your data based on: (a) the performance of our contract with you (Terms of Service); (b) your consent, where required; (c) our legitimate interests in operating, securing, and improving the Service; and (d) compliance with legal obligations.5. Third-Party Service Providers
We share data with the following categories of processors, only as necessary to provide the Service:Cloud infrastructure: Tencent Cloud (instance provisioning, snapshots, monitoring, and backup storage via Tencent COS).Payment processing: Duitku / Xendit and partner banks/e-wallets to process top-ups and verify payments.Email delivery: our configured SMTP provider for transactional emails.These processors are bound by contractual obligations to handle your data securely and only for the purposes we specify.6. International Data Transfers
Some of our infrastructure providers operate data centers outside Indonesia. Where data is transferred internationally, we ensure appropriate safeguards are in place consistent with applicable law.7. Data Retention
We retain personal data for as long as your account is active and as needed to provide the Service. After account closure, we may retain limited data for legal, accounting, fraud-prevention, and audit purposes (typically up to 5 years for financial records, in line with Indonesian tax regulations).Audit logs are retained for security and SOC2-aligned compliance for at least 12 months.8. Your Rights
You have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data, subject to legal retention requirements; (d) object to or restrict certain processing; (e) request data portability; and (f) withdraw consent where processing is based on consent.To exercise these rights, contact support-nodehelix@metatech.id. We will respond within 30 days.9. Security
We implement industry-standard security measures, including TLS encryption in transit, bcrypt password hashing, Fernet encryption for stored SSH private keys, JWT-based session management with refresh rotation, rate limiting on authentication endpoints, and audit logging of state-changing actions.No system is completely secure. You are responsible for keeping your account credentials and SSH private keys confidential.10. Cookies & Tracking
We use strictly necessary cookies for authentication (httpOnly refresh-token cookie) and session management. We do not use third-party advertising or cross-site tracking cookies.11. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notice at least 14 days before they take effect.13. Contact
For privacy-related questions or to exercise your data rights, contact us at support-nodehelix@metatech.id or via the Contact page.