Privacy Policy

This Privacy Policy describes how LookBali ("we", "us", or "our") collects, uses, and discloses your personal information when you visit lookbali.com (the "Site") or use our QRIS payment infrastructure services (the "Services"). We are committed to maintaining the highest standards of data protection and transparency, adhering to the principles of banking-grade security and international data privacy regulations.

1. Scope of Data Collection

We collect and process personal data to provide a seamless payment infrastructure experience. This data includes:

A. Information You Provide

• Personal Identifiers: Your full name, email address, and business details provided during registration.
• Merchant Configuration: Your unique static QRIS string, merchant name, and custom branding settings.
• Authentication Data: Cryptographically hashed passwords and API access tokens.

B. Information Collected from Payments

• Payer Metadata: Names and notes submitted by customers during the payment proof upload process.
• Transactional Proofs: Images of payment receipts uploaded to our secure servers.
• Verification Data: IP addresses and timestamps associated with every QR generation and proof submission.

2. Legal Basis for Processing

We process your data under the following legal foundations:

• Contractual Necessity: To fulfill our obligation to provide payment generation services.
• Legitimate Interest: For fraud prevention, security monitoring, and platform optimization.
• Legal Compliance: To adhere to Indonesian financial regulations and anti-money laundering (AML) standards.

3. Data Protection & Encryption

We implement a "Security-First" architecture:

• Database Isolation: User data is strictly isolated to prevent cross-account leaks.
• Parameterized Queries: We utilize PDO prepared statements for 100% protection against SQL injection.
• Anonymized Logs: API logs are periodically anonymized to protect user behavior patterns.

4. Data Sharing and Disclosure

LookBali does NOT sell your personal data to third parties. We only disclose information in the following circumstances:

• Service Providers: To cloud infrastructure providers (e.g., database and hosting) who assist in operating our Services.
• Law Enforcement: When required by a valid legal subpoena or to comply with Indonesian financial oversight authorities.
• Safety and Protection: To protect the rights, property, or safety of LookBali, our users, or the public.

5. Data Retention Policy

We maintain a rigorous data retention schedule:

• Public QR Data: Automatically marked as expired after 24 hours. Full deletion occurs after a grace period for audit purposes.
• Payment Proofs: Retained for a period required for merchant reconciliation, typically 90 days, unless requested otherwise by the merchant.
• Account Data: Retained for the duration of the account's existence and for 1 year following closure to satisfy regulatory audit requirements.

6. Cookies and Tracking Technologies

We use essential cookies to maintain your login session and security settings. We do not use third-party tracking pixels or advertising cookies that compromise your browsing privacy.

7. International Data Transfers

While LookBali is based in Indonesia, our cloud infrastructure may process data across globally distributed servers to ensure maximum uptime. We ensure that all such transfers comply with standard contractual clauses for data protection.

8. Your Rights & Choices

Under LookBali's privacy framework, you have the following rights:

• Right to Access: Request a copy of all data we hold about you.
• Right to Rectification: Correct any inaccurate or incomplete information.
• Right to Erasure: Request the deletion of your account and associated data.
• API Revocation: Regenerate your API key at any time to invalidate old access tokens.

9. Contact Our Data Protection Team

For any privacy-related inquiries or to exercise your data rights, please contact our Data Protection Officer:

Email: dpo@lookbali.com
Legal Office: LookBali Infrastructure, Bali, Indonesia