Privacy Policy

1. Introduction

PT. Neurogs Inovasi Teknologi ("we", "us", or "our") is deeply committed to protecting the privacy and security of your personal data. This Privacy Policy outlines how we collect, use, process, and protect your data in compliance with Indonesia's Personal Data Protection Law (UU PDP) No 27/2022, and other applicable regulations. We emphasize technical, organizational, and procedural safeguards to ensure that all personal data collected via our website (https://www.neurogs.tech) is handled securely and transparently. By using our services, you consent to the practices outlined in this policy.

2. Types of Personal Data Collected

In compliance with the PDP, we categorize personal data into two types: General Personal Data and Specific Personal Data. Our data collection methods are designed to limit unnecessary data and ensure that we only collect what is strictly required for our products and services.

• General Personal Data: Full name, email address, phone number, and other identifiers used to identify an individual (e.g., job title).
• Sensitive personal data is not collected unless specifically required — e.g., health information for contractual obligations, or financial data for transactions, governed by additional encryption and access controls.

3. Data Collection Mechanisms

We employ various mechanisms to collect personal data, ensuring compliance with PDP's principles of transparency and minimization.

• Direct Collection: Data submitted voluntarily through forms or interactions on our website.
• Cookies: We currently do not use cookies. Any future use will comply with PDP and applicable international standards, with mechanisms to manage preferences.

4. Legal Basis for Processing

• Explicit Consent: Informed and explicit consent before processing — withdrawable at any time.
• Contractual Necessity: When processing is required to fulfill contractual obligations.
• Legal Obligations: Tax law, regulatory frameworks, and supervisory reporting.

5. Purpose of Data Processing

• Service Provision: Deliver requested services and respond to inquiries.
• Performance Analytics: Analyze service usage trends without identifying individual users.
• Legal Compliance: Comply with applicable laws and standards (PDP, ISO/IEC 27001:2022).

6. Data Security Measures

PT. Neurogs Inovasi Teknologi implements industry-standard data security measures to ensure the confidentiality, integrity, and availability of personal data.

7. Your Rights Under the PDP

• Right to Information
• Right to Access
• Right to Rectification
• Right to Erasure
• Right to Object
• Right to Data Portability

8. International Transfers

International transfers are conducted with appropriate safeguards, ensuring recipient country adequacy or, where necessary, obtaining explicit consent — also aligned with international privacy laws (e.g., GDPR) where applicable.

9. Retention and Deletion

Personal data is retained only as long as necessary, typically up to one year unless extended by legal or contractual obligations. Upon request or expiry, data is securely deleted or anonymized in compliance with PDP standards.

10. Changes to this Policy

We may update this Privacy Policy to reflect legal, business, or technological changes. Significant updates are communicated via the website or email, as required by PDP.

11. Data Protection Officer (DPO)

Pursuant to UU PDP No. 27/2022 (Pasal 53–55), PT. Neurogs Inovasi Teknologi has designated a Data Protection Officer accountable for monitoring compliance, conducting periodic Data Protection Impact Assessments (DPIA), liaising with Kominfo and the future Lembaga PDP, and serving as the primary point of contact for data subjects. The DPO operates independently from commercial functions.

• DPO Email: dpo@neurogs.tech (monitored on business days, response SLA five business days; breach-related correspondence prioritized within 24 hours).
• Postal: PT. Neurogs Inovasi Teknologi — Lt. 19, Menara 165, Cilandak Tim., Jakarta Selatan 12560, Indonesia. Mark envelope: Attn. DPO — Confidential.
• Distinct from info@neurogs.tech (general inquiries) and security@neurogs.tech (vulnerability disclosure).

12. Subprocessors and Third Parties

We engage a small set of vetted subprocessors for hosting, telemetry, and email delivery. Each subprocessor is bound by a Data Processing Agreement (DPA) consistent with UU PDP and, where applicable, GDPR Standard Contractual Clauses. The current subprocessor list is available on request via dpo@neurogs.tech.

13. Children's Data

neurogs.tech is intended for enterprise procurement, technical evaluation, and security operations professionals. We do not knowingly collect personal data from individuals under 18. If we become aware that a child's data has been submitted, we will erase it without undue delay.

14. Automated Decision-Making

We do not subject visitors to fully automated decision-making with legal or similarly significant effects. NOGTUS platform AI reasoning operates on customer telemetry within customer environments and is governed by the customer's own data processing agreement, not this Privacy Policy.

15. Complaints and Regulator

If you believe your data protection rights have been violated, you may lodge a complaint directly with us via dpo@neurogs.tech. You also retain the right to escalate to the relevant supervisory authority (Kominfo and, upon establishment, Lembaga PDP).

16. Effective Date

This Privacy Policy is effective as of 28 April 2026 and supersedes prior versions. Material changes are communicated by website notice and, for active customers, by email at least 14 days before taking effect.

17. Contact

General inquiries: info@neurogs.tech · Data subject rights and DPO matters: dpo@neurogs.tech · Tel: 021-29490466.