Legal

Privacy Policy

Effective Date: 19 June 2026
Last Updated: 19 June 2026

1. Introduction

PT Trisaka Arsa Caraka, operating as ARSA Technology (“ARSA,” “we,” “us,” or “our”), is an Artificial Intelligence and Internet of Things (AI & IoT) technology company headquartered in Indonesia. We are committed to protecting the privacy and personal data of our users, clients, partners, and any individuals whose data is processed through our products and services. This Privacy Policy explains how we collect, use, store, protect, and share information when you:

Visit our website at arsa.technology
Use our products, including AI Video Analytics Software, AI Box Series, Face Recognition API, Face Recognition SDK, and Self-Check Health Kiosk
Communicate or engage with us through any channel

By using our website or services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Who This Policy Applies To

Visitors who browse arsa.technology
Clients and partners who procure or integrate ARSA’s software, APIs, or hardware systems
End users whose biometric, behavioral, or health data may be processed through ARSA-powered systems deployed by our clients
Developers who access ARSA’s APIs via cloud platforms such as RapidAPI

When ARSA acts as a technology provider to enterprise or government clients, those clients are responsible as the data controller. ARSA acts as a data processor in such contexts.

3. Information We Collect

3.1 Information You Provide Directly

Contact & inquiry data: Name, email address, phone/WhatsApp number, company or organization name, and message content submitted via our website contact form
Business & partnership information: Company details, project requirements, and other information shared during consultations

3.2 Information Collected Automatically

IP address and general geographic location
Browser type, device type, and operating system
Pages visited, time spent, and navigation behavior
Referral sources and session identifiers (via cookies and similar technologies)

3.3 Biometric and AI-Processed Data (via ARSA Products)

Facial images and biometric templates (via Face Recognition API, SDK, and AI Box systems)
Liveness detection data (active and passive liveness checks)
Video footage from CCTV or IP cameras analyzed by ARSA Video Analytics
Health metrics such as blood pressure, blood oxygen levels, and heart rate (via Self-Check Health Kiosk)
Behavioral data such as crowd density, dwell time, queue length, and movement patterns

This data is processed on behalf of our enterprise and government clients. ARSA does not independently collect or retain this data unless explicitly required to provide a contracted service.

3.4 API and Developer Data

API usage logs and query metadata
Sample images or test data submitted via API calls
Account and billing information managed through third-party platforms (e.g., RapidAPI)

4. How We Use Your Information

To respond to inquiries, quotation requests, and support tickets
To deliver, maintain, and improve our products and services
To process and fulfill API and SDK integration requests
To send relevant technical updates, product announcements, or service notifications
To conduct internal analytics and improve our website and user experience
To comply with applicable laws, regulations, and contractual obligations
To detect, prevent, and respond to fraud, security incidents, or misuse of our services

We do not use personal data for unsolicited marketing without your prior consent.

5. Legal Basis for Processing

Consent: Where you have provided explicit consent
Contractual necessity: To fulfill our obligations under service agreements with clients
Legitimate interests: To improve our services, ensure security, and conduct business operations
Legal obligation: To comply with applicable laws and regulatory requirements

We process personal data in accordance with Undang-Undang No. 27 Tahun 2022 tentang Pelindungan Data Pribadi (UU PDP) and, where applicable, international data protection frameworks.

6. Biometric Data and Sensitive Personal Data

On-premise deployments: Biometric data processed through on-premise SDK or AI Box systems remains within the client’s own infrastructure. ARSA does not receive, transmit, or store this data.
Cloud API: Facial images submitted to ARSA’s cloud-based Face Recognition API are processed in real time. We retain such data only as minimally as required and do not build persistent identity databases without explicit client agreement.
Health kiosk data: Health metrics collected via the Self-Check Health Kiosk are processed under strict confidentiality agreements with the deploying institution.

Where ARSA acts as a data processor for clients, those clients are responsible for obtaining appropriate consent from individuals whose biometric data is processed.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

Service providers and technology partners supporting our infrastructure, bound by data processing agreements
API platform providers (e.g., RapidAPI) for access management and billing
Government or regulatory authorities when required by law or court order
Business partners or system integrators involved in joint project delivery, under confidentiality agreements
Successors in the event of a merger, acquisition, or asset transfer

8. Data Retention

Contact form submissions: Retained for a maximum of 2 years or until your inquiry is resolved
API usage logs: Typically not longer than 12 months
Biometric data (cloud API): Processed transiently; not retained beyond the immediate session unless required
Client contract data: Retained for the contract duration and up to 5 years thereafter

9. Data Security

Encryption in transit (TLS/HTTPS) and, where applicable, at rest
Role-based access control (RBAC) for internal systems
Secure authentication protocols
Regular security assessments and vulnerability management
Strict internal data access policies

For sensitive deployments, we offer fully on-premise options so data never leaves your organization’s infrastructure.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to store and/or access device information, including browsing behavior and unique identifiers. When you first visit arsa.technology, you will see a cookie consent banner (“Manage Consent”) allowing you to:

Accept all cookies
Deny non-essential cookies
View preferences to customize which categories of cookies you allow

Not consenting or withdrawing consent may adversely affect certain features. You may change preferences anytime. We do not use cookies to process biometric or health data.

11. Third-Party Links and Integrations

Our website or services may contain links to third-party platforms (such as LinkedIn, RapidAPI, or WhatsApp). ARSA is not responsible for their privacy practices. We encourage you to review their respective privacy policies.

12. International Data Transfers

ARSA Technology is headquartered in Indonesia. If you access our services from outside Indonesia, your data may be transferred to and processed in Indonesia. We take appropriate steps to ensure compliance with applicable data protection regulations.

13. Your Rights as a Data Subject

Access the personal data we hold about you
Correct inaccurate or incomplete personal data
Request deletion of your personal data, subject to legal obligations
Object to or restrict certain processing activities
Withdraw consent at any time, without affecting prior processing
Data portability where technically feasible

To exercise any of these rights, contact us (Section 15). We will respond within 14 business days.

14. Children’s Privacy

Our products and services are intended for enterprise and institutional clients and are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor’s data has been collected, please contact us immediately.

15. Contact Us

PT Trisaka Arsa Caraka (ARSA Technology)
Email: privacy@arsa.technology
WhatsApp: +62 851-6862-3493

16. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be indicated by the “Last Updated” date at the top of this page. For significant changes, we will provide more prominent notice. We encourage you to review this policy periodically.