Privacy Policy

1. Introduction

PT Boxity Central Indonesia ("KlindrOS", "we", "us", or "our") operates the KlindrOS Marketing Intelligence Operating System, including the web application at cirrus-hub.net and the KlindrOS mobile application (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service.

By accessing or using KlindrOS, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Organization name and industry
• Password (stored as a salted hash, never in plain text)
• Role and permissions within your organization

2.2 Marketing Data

To provide our marketing intelligence services, we process:

• Campaign performance metrics from connected advertising platforms
• Social media engagement data and listening signals
• Customer profile data (CDP) provided by your organization
• Event tracking data from your websites and applications
• Creative assets and content you upload to the platform

2.3 Usage Data

We automatically collect:

• Log data (IP address, browser type, pages visited, timestamps)
• Device information (operating system, device model, screen resolution)
• Feature usage patterns and interaction data
• API request logs for system monitoring and security

2.4 Third-Party Platform Data

When you connect external platforms (Meta, Google, TikTok, LinkedIn, YouTube), we access data through their APIs according to their respective terms of service. We only access data you explicitly authorize.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Service
• Generate marketing intelligence reports, KScore calculations, and AI-powered insights
• Process and analyze campaign performance across connected platforms
• Provide customer data platform (CDP) services including identity resolution and segmentation
• Send notifications, alerts, and scheduled reports you configure
• Monitor system health, detect fraud, and ensure security
• Provide customer support and respond to inquiries
• Comply with legal obligations

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.2+
• Sensitive credentials are encrypted at rest using AES-256
• Passwords are hashed using bcrypt with a cost factor of 12
• JWT-based authentication with 15-minute access tokens and 7-day refresh tokens
• Multi-tenant data isolation with organization-level access controls
• Role-based access control (RBAC) with 5 permission levels
• Audit logging of all data access and modifications
• Regular security assessments aligned with SOC 2 Type I criteria

Your data is stored on secure servers. We retain your data for as long as your account is active or as needed to provide our services. You may request deletion of your data at any time.

5. Data Sharing

We do not sell your personal data. We may share data with:

• Service providers: Infrastructure hosting, email delivery, and analytics services that assist in operating our platform
• Connected platforms: When you authorize data sync with advertising or social media platforms
• AI service providers: We use OpenAI and Anthropic APIs for AI-powered features. Data sent to these services is processed according to their respective data processing agreements
• Legal requirements: When required by law, regulation, or legal process
• Business transfers: In connection with a merger, acquisition, or sale of assets

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data
• Portability: Request export of your data in a machine-readable format
• Restriction: Request limitation of data processing
• Objection: Object to data processing based on legitimate interests

KlindrOS provides GDPR-compliant data export and deletion capabilities accessible from Settings > Security > Compliance in the platform. To exercise your rights, contact us at privacy@cirrus-hub.net.

7. Cookies and Tracking

KlindrOS uses essential cookies for authentication and session management. We use localStorage to store your access token and user preferences. We do not use third-party advertising cookies or tracking pixels on our platform.

8. Children's Privacy

KlindrOS is a business-to-business (B2B) enterprise platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: