Motict collects personal and business data only to the extent necessary to provide its customer experience (CX) platform and related services. We collect information in three ways: data you provide directly when registering or configuring the platform, data generated automatically through your use of our services, and data received from third-party integrations you connect to your account.
When you sign up for Motict, we collect the information needed to create and manage your account, process payments, and deliver the services. Through your use of the platform — including WhatsApp Business API messaging, AI chatbot workflows, omnichannel inbox, and broadcast campaigns — we also process conversation data and usage telemetry on your behalf as a data processor under UU PDP No. 27/2023.
We use the data we collect to operate, maintain, and continuously improve the Motict platform. Our processing activities are grounded in legitimate bases under UU PDP No. 27/2023 and PP No. 71/2019, including the performance of a contract, compliance with legal obligations, and our legitimate business interests where these do not override your rights.
We do not use your data or your end-customers' conversation data for advertising, profiling unrelated to the services, or sale to third parties. AI model training on individual conversation content is not performed without your explicit prior written consent.
Motict does not sell personal data. We share data only with sub-processors who support the delivery of our services, under binding data processing agreements that require them to maintain confidentiality and adequate security standards equivalent to those we apply ourselves.
We may also disclose data when required by law. If Motict receives a valid legal order, subpoena, or regulatory request from an Indonesian authority or a competent foreign authority under an applicable mutual assistance framework, we will comply with the minimum disclosure necessary and will notify the affected account holder unless prohibited from doing so by law.
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and are set to meet the minimum requirements of Indonesian commercial law (generally five years for financial records) and UU PDP No. 27/2023.
When you terminate your Motict subscription, your account data and conversation history are retained for a 30-day grace period during which you may export your data. After this period, your data is deleted from production systems and will be purged from backup media within 90 days of deletion. Aggregated, de-identified analytics data may be retained indefinitely as it cannot be used to identify individuals.
As a data subject under UU PDP No. 27/2023 (effective October 2024), you have enforceable rights over your personal data. As a Motict subscriber (data controller for your end-users' data), you are responsible for enabling and responding to the rights of your own customers; Motict will assist you in this through the data subject request tools in your account settings.
To exercise any of the rights listed below with respect to data that Motict holds about you as an account holder, please submit a request to admin@motict.com. We will respond within 14 working days. We may request proof of identity before fulfilling any request. There is no fee for a reasonable request; we reserve the right to charge a reasonable administrative fee for repetitive or manifestly unfounded requests.
Motict implements technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, or destruction, consistent with the requirements of PP No. 71/2019 and UU PDP No. 27/2023. Our security practices are described in detail on our Security page.
Key measures include TLS 1.2+ encryption for all data in transit, AES-256 encryption for data at rest, role-based access controls, multi-factor authentication requirements, continuous infrastructure monitoring, and a documented incident response plan. In the event of a personal data breach that poses a significant risk to data subjects, we will notify the relevant Indonesian authority within 14 days and affected users as soon as reasonably practicable, in accordance with Article 46 of UU PDP No. 27/2023.
Motict's primary infrastructure is hosted by our cloud infrastructure provider in Singapore (SGP1 datacenter). As an Indonesian business serving customers primarily in Indonesia and Southeast Asia, transfers of personal data outside Indonesia are necessary for the delivery of our services and occur to jurisdictions or with processors that provide an adequate level of protection.
Where personal data originating from Indonesia is transferred to sub-processors in third countries (including the United States, where our analytics and productivity services provider and messaging platform provider operate infrastructure), Motict relies on contractual data protection clauses, binding corporate rules, or equivalent legal mechanisms as permitted under UU PDP No. 27/2023 Chapter V. Singapore, where our primary datacenter is located, maintains a Personal Data Protection Act (PDPA) regime that is broadly compatible with UU PDP obligations.
If you have questions about this Privacy Policy, wish to exercise your rights under UU PDP No. 27/2023, or have a concern about how Motict handles personal data, please contact us. We are committed to resolving privacy inquiries promptly and transparently.
We aim to acknowledge all privacy-related requests within 3 business days and resolve them within 14 business days. For complex requests, we will keep you informed of progress. If you are not satisfied with our response, you have the right to escalate your complaint to Kementerian Komunikasi dan Digital Republik Indonesia (Kominfo).