App Privacy Policy

This App Privacy Policy is provided by Irvan Fauziansyah / Goswa Studio ("we", "us", or "our"), based in Indonesia. It describes how we collect, use, store, share, and protect information when you use our applications and services that offer sign-in through third-party providers or connect to third-party APIs.

This policy applies to apps and services that use OAuth or API integrations such as Google, Meta (Facebook, Instagram, Threads), GitHub, and similar providers. It does not apply to apps that do not connect to third-party accounts or APIs; those apps are covered by their own specific privacy policies (for example, Kalkulator Diskon).

By using these services, you agree to the practices described in this policy. If you do not agree, please do not use the service or connect your third-party accounts.

When you sign in or connect an account using a third-party provider, we may receive information that you choose to share with us, which typically includes:

• Your name and email address
• A unique identifier assigned by the provider
• Profile picture URL, if made available by the provider
• Basic account metadata required to authenticate you

We do not request or store passwords for any third-party account.

We may also collect information automatically when you use our services:

• IP address and device/browser type
• Operating system and app version
• Usage data and crash/error logs
• Date/time stamps of interactions

This automatic data is used only for service operation, security, analytics, and troubleshooting.

Our services may allow you to authenticate or import data using the following providers and similar integrations:

• Google: used for Google Sign-In, Google Workspace APIs, YouTube Data API, Google Drive API, Google Calendar API, and other Google API access. Data received is limited to what you authorize during the OAuth consent screen. Google Privacy Policy
• Meta (Facebook, Instagram, Threads, WhatsApp): used for social login and Meta APIs, including pages, posts, messaging, ads, and business account integrations. We only request permissions necessary for the feature you are using. Meta Privacy Policy
• GitHub: used for GitHub authentication and API access, such as repositories, issues, pull requests, commits, actions, and profile information. GitHub Privacy Statement
• X (Twitter): used for X login and X API access, including tweets, direct messages, media, lists, and account information. X Privacy Policy
• LinkedIn: used for LinkedIn authentication and API access, including profile data, connections, posts, company pages, and messaging. LinkedIn Privacy Policy
• Apple (Sign in with Apple): used for authentication via Apple ID. Apple may share your name and email (or a private relay email) with us. Apple Privacy Policy
• Microsoft / Azure AD: used for Microsoft authentication and Microsoft Graph API access, including Outlook, OneDrive, Teams, and Entra ID directory data. Microsoft Privacy Statement
• Slack: used for Slack API access, including workspace information, channels, messages, and user profiles. Slack Privacy Policy
• Discord: used for Discord authentication and bot/API access, including servers, channels, messages, and user profiles. Discord Privacy Policy
• Stripe: used for payment processing and billing data. Payment information is handled directly by Stripe and is not stored on our servers. Stripe Privacy Policy
• TikTok: used for TikTok login and TikTok API access, including profile data, videos, comments, and account analytics. TikTok Privacy Policy
• Snapchat: used for Snapchat login and Snap Kit / API access, including profile, bitmoji, and content sharing. Snap Privacy Policy
• Other providers: additional OAuth or API providers may be added over time. We only request the minimum scopes required, and this list will be updated when new providers are added.

Each provider's own privacy policy governs the data they collect and share. We encourage you to review those policies before connecting an account.

We use the information we receive only for the purposes you authorize, such as:

• Authenticating you and keeping your session secure
• Displaying your profile within the app and storing only what is necessary
• Fetching or synchronizing data needed for the app's features
• Communicating important service updates
• Improving performance, reliability, and security

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Our legal basis for processing your personal data depends on the activity:

• Performance of a contract: providing the service you signed in to use
• Consent: optional connections and features you explicitly authorize
• Legitimate interests: security, fraud prevention, and service improvement
• Legal obligation: when required by applicable law

Your information may be transferred to, stored, and processed in countries other than your own, including Indonesia and the United States, where our service providers or OAuth providers operate. When we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, where required by law.

We do not sell or share your personal information for cross-context behavioral advertising. We only share data in the following situations:

• With the OAuth/API provider you connected, as required to perform the integration
• With trusted service providers who help us operate the service (hosting, analytics, error tracking) under strict confidentiality. Examples include Google Cloud Platform, Sentry, and Google Analytics/Firebase, depending on the app.
• When required by law or to protect our rights, property, safety, or users' safety
• In connection with a business transfer, such as a merger or acquisition, with notice to you where required

We retain your information only as long as necessary to provide the service or as required by law. Access tokens and refresh tokens obtained through OAuth are stored securely, encrypted at rest and in transit, and only kept for as long as needed to synchronize data on your behalf.

You can revoke our access at any time by disconnecting the integration in the app or through the third-party provider's account settings (for example, Google Account permissions, Meta Apps and Websites, or GitHub Authorized OAuth Apps). Revoking access stops future data synchronization but may not delete data we already received.

We use industry-standard security measures to protect your information, including HTTPS-encrypted connections and secure access token storage. However, no method of transmission or storage is completely secure.

Depending on your location, you may have the right to:

• Access, update, or delete your personal information
• Receive a portable copy of your data
• Object to or restrict certain processing activities
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority in your country

To exercise these rights, contact us at [email protected]. Where available, you can also manage or delete your account directly within the app.

California residents (CCPA/CPRA): We do not sell or share your personal information for cross-context behavioral advertising. If you are a California resident and have questions about your rights, contact us at the email above.

Our services are not directed to children under the age of 13 (or the minimum age required in your country to consent to data processing). We do not knowingly collect personal information from children under that age. If you believe we have collected such information, please contact us so we can delete it.

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date, and where appropriate we will notify you through the app or by email. These changes are effective immediately after they are posted, unless otherwise stated. We encourage you to review this policy periodically.

This Privacy Policy is governed by the laws of Indonesia, without regard to conflict of law principles. Any disputes arising under this policy will be resolved in the courts of Indonesia, unless required otherwise by applicable consumer protection law in your jurisdiction.