C
Catalis
Sign In Get Started
Back to Home

Privacy Policy

Effective date: March 4, 2026  ·  Last updated: March 4, 2026

This Privacy Policy explains how Catalis ("we", "us", "our") collects, uses, stores, and protects information when you use the Catalis platform and its products — including Lumen (ISP & network management) and Cospace (coworking space management). By using the Service, you agree to the practices described here.

1. Information We Collect

We collect the following categories of data:

Account & Identity Data

Name, email address, and password when you register. Business name and contact details for account setup.

Billing & Payment Data

Subscription plan, invoice history, and payment records (amounts, dates, status). We do not store raw card numbers — payments are processed through certified payment gateways.

Operational Data

Data you enter into the platform: customer records, contracts, invoices, network configurations, check-in logs, and time-pass usage — depending on the product you use.

Usage & Technical Data

IP address, browser type, device information, pages visited, and actions taken within the platform. Used for security monitoring and improving the Service.

2. How We Use Your Information

  • Providing the Service — account management, subscription billing, feature access, and technical support.
  • Communications — transactional emails (invoices, payment receipts, account notifications). We do not send marketing emails without your consent.
  • Security & Fraud Prevention — detecting and preventing unauthorised access or abuse.
  • Product Improvement — aggregated, anonymised analytics to understand how the platform is used and improve features.
  • Legal Compliance — fulfilling obligations under applicable Indonesian law.

3. Tenant Data Isolation

Catalis is a multi-tenant platform. Each account's data is strictly isolated using Row-Level Security (RLS) at the database level. No tenant can access another tenant's data. Our staff can only access tenant data when explicitly required for support purposes, and only with the account holder's knowledge.

4. Data Sharing & Third Parties

We do not sell or rent your data. We may share data with trusted third-party service providers only to the extent necessary to operate the Platform:

  • Supabase — cloud database and authentication infrastructure.
  • Payment Gateways — for processing subscription payments.
  • Messaging Providers — for WhatsApp/SMS notifications if enabled for your workspace.

All third-party providers are contractually bound to protect your data and use it only for the purposes we specify.

We may also disclose data when required by law, court order, or governmental authority.

5. Data Retention

We retain your data for as long as your account is active. Upon account termination:

  • Your data is retained for 30 days after termination, allowing you to request an export.
  • After 30 days, all personal and operational data is permanently deleted from our systems.
  • Billing records may be retained longer where required by Indonesian tax and financial regulations.

6. Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit.
  • Encryption at rest for database storage.
  • Row-Level Security (RLS) enforcing strict tenant isolation at the database layer.
  • Regular security audits and dependency updates.

No system is 100% secure. If you discover a vulnerability, please report it responsibly to [email protected].

7. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your data (subject to legal retention requirements).
  • Export — request a portable copy of your data before account closure.

To exercise any of these rights, contact us at [email protected]. We will respond within 14 business days.

8. Cookies

Catalis uses only essential session cookies required for authentication and platform functionality. We do not use tracking, advertising, or analytics cookies. You cannot opt out of essential cookies without losing access to the platform.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.

10. Governing Law

This Privacy Policy is governed by the laws of the Republic of Indonesia, including the Personal Data Protection Law (UU PDP No. 27 Tahun 2022). Any disputes shall be subject to the exclusive jurisdiction of the courts in Indonesia.

Questions about your privacy?

Contact our data team at [email protected]. We're committed to being transparent about how we handle your data.

Also see our Terms & Conditions.