Privacy Policy
Privacy Policy
Last updated: March 18, 2026 · dibuatin-ai.com
dibuatinAI is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights as a user.
1
Information We Collect
We collect the following categories of information when you use dibuatinAI:
- Account data: Full name, email address, and password stored as an encrypted bcrypt hash. For Google OAuth users, we receive your name, email, and profile photo from Google.
- Technical data: IP address, device type, browser, OS, and activity logs for security and diagnostics.
- Usage data: PRD content you generate, prompts you enter, generation counts, and access times.
- Payment data: Transaction information processed via iPaymu. We do not store credit card numbers or other sensitive financial data.
2
How We Use Your Information
The information we collect is used for the following purposes:
- Service operations: Authenticating your identity, managing login sessions, and displaying relevant PRD content.
- PRD generation: Your prompts are sent to Claude AI (Anthropic) to generate PRD documents. Prompts are not used to train AI models.
- Email verification: Sending registration confirmation and password recovery emails.
- Payment processing: Verifying your subscription status via iPaymu.
- Service communications: Sending important notifications regarding service changes or account security.
- Product improvement: Analyzing usage patterns in aggregate (without personal identification) to improve platform features and performance.
3
Sharing Information with Third Parties
We are committed to not selling, renting, or distributing your personal data to third parties for commercial purposes. Your information is only shared with:
- Anthropic (Claude AI): Your PRD prompt is sent to Anthropic's Claude API for document generation processing. Anthropic does not use prompts to train models.
- iPaymu: Payment transaction data is shared with iPaymu as the payment gateway to process and verify your payments.
- Legal obligations: We may disclose your data if required by Indonesian law or a court order.
Our commitment: Your personal data is never sold to advertisers, data brokers, or any third party for marketing purposes.
4
Data Security
We implement reasonable technical and organizational security measures to protect your data:
- HTTPS/SSL: All communication between your browser and our servers is encrypted using HTTPS/TLS.
- Password encryption: Passwords are stored using the irreversible bcrypt hashing algorithm.
- Indonesian servers: User data is stored on server infrastructure located in Indonesia.
- Limited access: Only authorized personnel have access to the production database, with strict authentication protocols.
5
Cookies & Local Storage
dibuatinAI uses cookies and local storage for functional purposes: session cookies to maintain your login session, CSRF tokens for form security, and theme preferences (dark/light) stored in your browser's localStorage. We do not use tracking or advertising cookies.
6
Data Retention
We retain your personal data for as long as your account remains active. If you request account deletion, your personal data will be deleted within 30 business days, except for data required to be retained by law. Transaction logs are retained for 5 years in accordance with applicable accounting and tax regulations.
7
User Rights
As a dibuatinAI user, you have the following rights regarding your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right of correction: You may request correction of inaccurate or incomplete data.
- Right of erasure: You may request deletion of your account and all personal data.
- Right of restriction: You may request restriction of data processing under certain conditions.
- Right of portability: You may request an export of your PRD data in a readable format.
8
Payments
Payment transactions for Pro and Premium plans are processed entirely through iPaymu, a payment gateway registered and supervised by Bank Indonesia. We do not store credit/debit card numbers, bank account numbers, PINs, or other sensitive financial data. All sensitive payment data is processed directly by iPaymu's certified infrastructure.
9
Policy Changes
We reserve the right to update this Privacy Policy at any time. For material changes, we will notify you via your registered email at least 14 days before the change takes effect. Continued use of the service after changes take effect constitutes your acceptance of the updated policy.
10
Contact Us
If you have questions, concerns, or requests regarding this privacy policy or your personal data, please contact us via:
Kami akan berusaha merespons setiap permintaan dalam 14 hari kerja.