Privacy Policy
Last Updated: February 2026
Introduction
This Privacy Policy describes how Dewata Tech ("we," "us," or "our"), operating the Bali Domains website (balidomains.com), collects, uses, stores, and protects your personal data. As the Data Controller, Dewata Tech is responsible for your personal data in accordance with Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi (UU PDP) and other applicable Indonesian regulations. In this policy, "personal data" refers to any information that identifies or can be used to identify you as an individual, whether directly or indirectly.
Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds as provided under UU PDP: (a) Consent: Where you have given explicit consent for specific processing purposes, such as subscribing to updates or using the AI chat assistant. (b) Contractual Necessity: Where processing is necessary for the performance of a contract, such as processing domain purchase transactions. (c) Legitimate Interest: Where processing is necessary for our legitimate business interests, such as improving our services and ensuring website security, provided these interests do not override your rights. (d) Legal Obligation: Where processing is required to comply with applicable laws and regulations, such as tax reporting and fraud prevention.
Information We Collect
We collect the following categories of personal data: (a) Identity Data: your name, nationality, and proof of identity when required for domain transfer verification. (b) Contact Data: your email address, phone number, WhatsApp number, and mailing address. (c) Transaction Data: domain purchase details, payment references, escrow transaction IDs, and registrar account information. (d) Technical Data: IP address, browser type and version, operating system, device information, referring URLs, and access timestamps. (e) Communication Data: records of correspondence via email, WhatsApp, contact forms, and AI chat interactions. (f) Usage Data: pages visited, features used, click patterns, session duration, and language/theme preferences.
AI Chat Data
Our AI chat assistant (Dewata AI) is powered by third-party artificial intelligence services, currently OpenAI. When you use the AI chat feature: (a) your chat messages are transmitted in real time to OpenAI's servers for processing and response generation, (b) chat conversations are not permanently stored by us; they exist only for the duration of your browsing session, (c) we implement rate limiting (a maximum number of requests per time period per user) to prevent abuse, (d) we apply input validation and content filtering to protect against misuse, and (e) OpenAI may process your data in accordance with their own privacy policy, which may involve data processing on servers located in the United States. We do not use AI chat data for marketing, profiling, or any purpose beyond providing real-time conversational assistance.
How We Use Your Information
We use your personal data for the following purposes: (a) to process and facilitate domain purchase inquiries and transactions, (b) to communicate with you about your inquiries, purchases, and account matters, (c) to provide AI-powered chat assistance for domain-related questions, (d) to process payments and transfers through our escrow service provider, (e) to verify your identity and authority where required for domain transfers, (f) to improve, maintain, and optimize our website and services, (g) to analyze usage patterns and website performance through anonymized analytics, (h) to ensure the security of our website and prevent fraud or abuse, (i) to comply with legal obligations and respond to lawful requests from authorities, and (j) to send you updates about our domain portfolio, but only when you have explicitly opted in. We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on you.
Information Sharing
We do not sell, rent, or trade your personal data for advertising or marketing purposes. We may share your personal data with the following categories of recipients, only to the extent necessary: (a) GoDaddy / Escrow.com: to process secure domain purchase transactions and escrow payments. (b) OpenAI: to provide AI chat assistant functionality; only chat message content is transmitted. (c) Domain Registrars: to facilitate domain name transfers to your account. (d) Analytics Providers: anonymized and aggregated usage data for website performance analysis. (e) Legal and Regulatory Authorities: when required by law, court order, or government regulation. (f) Professional Advisors: legal, tax, or accounting advisors under obligations of confidentiality. We require all third-party recipients to protect your data in accordance with applicable law and our contractual requirements.
International Data Transfers
Some of our service providers operate outside of Indonesia. Specifically: (a) AI chat data is processed by OpenAI on servers located in the United States. (b) Escrow transaction data is processed internationally through GoDaddy's escrow service. (c) Website analytics data may be processed on servers outside of Indonesia. Where your personal data is transferred internationally, we ensure that appropriate safeguards are in place in compliance with UU PDP, including contractual data protection provisions with our service providers. By using our services, you acknowledge that some of your data may be transferred to and processed in countries outside of Indonesia.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our specific retention periods are: (a) Domain inquiry data: retained for three (3) years from the date of last interaction, to support follow-up communications and potential future transactions. (b) Transaction records: retained for seven (7) years to comply with Indonesian tax and commercial law requirements. (c) AI chat conversations: retained only for the duration of your browsing session; not permanently stored. (d) Website analytics data: retained in anonymized form for up to twenty-six (26) months. (e) Communication records (email, WhatsApp): retained for three (3) years from the date of last interaction. After the applicable retention period expires, your personal data will be securely deleted or anonymized.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: (a) HTTPS encryption (TLS) for all data transmitted between your browser and our website, (b) rate limiting and input validation on all forms and the AI chat interface to prevent abuse, (c) access controls restricting personal data access to authorized personnel only, (d) regular security reviews of our website and infrastructure, and (e) secure data handling practices with all third-party service providers. While we strive to protect your personal data, no method of internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.
Cookies and Tracking
Our website uses the following types of cookies: (a) Essential Cookies: required for basic website functionality, including language preference and theme selection. These cannot be disabled as they are necessary for the site to function. (b) Analytics Cookies: used to collect anonymized information about how visitors use our website, including pages visited and navigation patterns, to help us improve our services. (c) Preference Cookies: used to remember your settings and choices, such as your preferred language (English or Indonesian) and display theme (light or dark). We do not use advertising or tracking cookies, and we do not participate in third-party advertising networks. The AI chat assistant does not set or read cookies. You can manage cookie settings through your browser preferences. Disabling essential cookies may affect website functionality.
Children's Privacy
Our website and services are not directed at individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a person under eighteen, we will take immediate steps to delete that data from our records. If you believe that a child has provided us with personal data, please contact us immediately using the details in the Contact section below.
Your Rights
Under UU PDP and applicable Indonesian law, you have the following rights regarding your personal data: (a) Right to Information: the right to be informed about the collection and processing of your personal data. (b) Right of Access: the right to obtain a copy of your personal data that we hold. (c) Right to Rectification: the right to request correction of inaccurate or incomplete personal data. (d) Right to Erasure: the right to request deletion of your personal data, subject to legal retention obligations. (e) Right to Restrict Processing: the right to request restriction of processing of your personal data under certain circumstances. (f) Right to Data Portability: the right to receive your personal data in a structured, commonly used format. (g) Right to Object: the right to object to processing of your personal data based on legitimate interests. (h) Right to Withdraw Consent: the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal. To exercise any of these rights, contact us at contact@balidomains.com. We will acknowledge your request within three (3) times twenty-four (3x24) hours and fulfill it within fourteen (14) business days.
Indonesia's PDP Law (UU PDP)
In accordance with Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi (UU PDP), Dewata Tech serves as the Data Controller (Pengendali Data Pribadi) for all personal data processed through the Bali Domains website. We are committed to: (a) processing personal data lawfully, fairly, and transparently, (b) collecting personal data only for specified, explicit, and legitimate purposes, (c) ensuring personal data is accurate, complete, and kept up-to-date, (d) retaining personal data only for as long as necessary, and (e) implementing appropriate technical and organizational security measures to protect personal data.
Data Breach Notification
In the event of a personal data breach that affects your data, we will: (a) notify you within seventy-two (72) hours of becoming aware of the breach, as required by UU PDP, (b) provide you with details of the nature of the breach, the categories of data affected, and the approximate number of individuals impacted, (c) describe the likely consequences of the breach and the measures we have taken or propose to take to address it, and (d) notify the relevant Indonesian data protection authority as required by law. We maintain incident response procedures to detect, investigate, and respond to personal data breaches promptly.
Automated Decision-Making
The AI chat assistant on our website provides automated informational responses to your inquiries. However, this does not constitute automated decision-making that produces legal effects or similarly significant effects on you. No purchase decisions, pricing determinations, or service eligibility assessments are made solely by automated means. A human alternative is always available — you can contact us directly via email or WhatsApp for any inquiry or transaction.
Third-Party Links
Our website may contain links to third-party websites, including but not limited to GoDaddy, domain registrars, and other service providers. These links are provided for your convenience and information only. We do not endorse, control, or assume responsibility for the content, privacy policies, or practices of any third-party websites. We encourage you to review the privacy policy of every website you visit. Your interactions with third-party websites are governed solely by the terms and privacy policies of those websites.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make changes, we will update the "Last Updated" date at the top of this page. For material changes that significantly affect how we process your personal data, we will provide prominent notice on our website at least fourteen (14) days before the changes take effect. Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
Contact
For questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our Data Controller: Dewata Tech, Bali, Indonesia. Email: contact@balidomains.com. WhatsApp: +62 851 7975 5016. We will acknowledge all privacy-related inquiries within three (3) times twenty-four (3x24) hours. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant Indonesian data protection authority.