Privacy Policy

1. Information We Collect

We collect several types of information in order to provide and improve our service:

• Identifiability Data: Name, professional email address, and organization/team affiliation.
• Billing Data: Processed via secure third-party gateways (Midtrans, Stripe). We do not store full payment card details on our local infrastructure.
• Technical Metadata: IP addresses, browser types, and node-level connection metadata required for orchestration and security.
• Communications: Records of support requests, bug reports, and feedback.

2. Cookies & Tracking Technologies

We use essential cookies and similar technologies to maintain session security, remember your preferences, and analyze platform performance. You can manage cookie settings through your browser, but disabling them may limit your access to certain features of the Zexio Dashboard.

3. Use of Data & Processing

In compliance with the Indonesian Personal Data Protection Law (UU PDP)In compliance with Global Data Protection Standards

• Providing and maintaining the Zexio Orchestration Grid.
• Processing transactions via Midtrans, Stripe, or licensed CEX partners.
• Ensuring network security, detecting fraudulent activity, and preventing AUP violations.
• Delivering critical technical notifications and platform updates.

4. Data Sharing & Third Parties

We do not sell your personal data. We only share information with critical infrastructure partners to ensure service delivery:

• Infrastructure: Tier-1 Cloud Infrastructure Providers (including AWS, Google Cloud, and DigitalOcean) for hosting the control plane.
• Financial: Midtrans (local IDR), Stripe (global USD), and licensed Cryptocurrency Exchanges (CEX).
• Connectivity (Default): Cloudflare (default orchestration tunnel). Users may opt to configure their own alternative tunnel providers.
• Legal: When required by court order or to comply with applicable regulatory authorities.

5. Security & Zero Trust Architecture

Zexio utilizes a Zero Trust security model. By default, our orchestration agents facilitate secure communication via Cloudflare, but we support alternative configurations at the user's discretion. We utilize end-to-end encryption for sensitive data.Zexio does not have access to the internal data contents transmitted through your private tunnels.

6. Cryptocurrency & Digital Assets

Zexio supports cryptocurrency as a digital commodity. All crypto payments are settled through licensed partners in compliance with global regulations.

7. Global User Rights

Regardless of your location, Zexio provides you with high-standard rights over your data:

• Access & Rectification: You can view and update your account information via the Dashboard.
• Right to Erasure: You can request the permanent deletion of your account (the "Right to be Forgotten").
• Data Portability: You can request your configuration metadata in a machine-readable format.

8. Data Location & Retention

Our control plane is hosted on global Tier-1 infrastructure primarily located inSingapore and the United States. We retain account data as long as your account is active. Upon termination, personal data is deleted or anonymized within 30 days, except where required for legal or financial audit compliance.

9. Contact & DPO

For data access requests or privacy inquiries, please contact our Data Protection Office at:privacy@zexio.io