Privacy Policy
This policy explains how Embrace ID collects, uses, stores, and protects personal data when you use our website, consulting services, software development services, and WhatsApp Business API communication.
Last updated: June 21, 2026
1. Introduction
Embrace ID is the service brand of PT Evee Bytecode Indonesia, a software house based in Tangerang, Banten, Indonesia. We build custom software for business clients, including ERP, e-commerce, web applications, mobile applications, AI solutions, and WhatsApp Business API integrations.
We respect your privacy and are committed to processing personal data in a limited, transparent, secure, and purpose-based manner. This policy applies to visitors of embrace.id, prospective clients, active clients, partners, and other parties who communicate with us regarding our services.
2. Data We Collect
We only collect data needed to understand your needs, prepare proposals, run projects, provide support, and improve our services. This data may include your name, email address, phone number, company name, job title or role, and information you send through contact forms, email, meetings, or WhatsApp.
For software projects, we may also receive project details such as business requirements, workflows, sample documents, credentials you provide in a limited manner for integrations, communication notes, and testing feedback. For the website, we use Google Analytics 4 to collect general analytics data such as visited pages, device, browser, approximate country or city, traffic source, and aggregate interactions.
If communication is conducted through the WhatsApp Business API, we may process phone numbers, visible profile names, message content, attachments you send, message delivery status, and conversation metadata required for the service. We do not request sensitive data unless it is genuinely required for a project and has been agreed in writing.
3. How We Use Your Data
We use your data to respond to inquiries, schedule consultations, prepare proposals, create cost and timeline estimates, perform contracts, develop software, conduct testing, provide support, and deliver project updates. Data is also used for internal administration such as project records, invoicing, requirements documentation, and client relationship management.
We may use website analytics data to understand content performance, improve user experience, measure campaign effectiveness, and maintain website security. We do not use personal data to sell your profile to third parties, and we do not share your data for third-party advertising purposes.
4. Legal Basis
For data subjects in Indonesia, personal data processing is carried out in accordance with Law Number 27 of 2022 on Personal Data Protection, including based on consent, performance of an agreement, compliance with legal obligations, and/or legitimate interests balanced against data subject rights. We seek to apply the principles of purpose limitation, data minimization, accuracy, security, and accountability.
For international clients, including those from the European Union or European Economic Area, we also consider the legal bases under GDPR Article 6. These bases may include consent, performance of a contract, legal obligation, and legitimate interests in providing software services, business communication, system security, and project management.
5. WhatsApp Business API
We use the WhatsApp Business API for client communication and may build messaging solutions based on the WhatsApp Business Platform for clients. In this context, phone numbers, message content, attachments, and conversation metadata may be processed through Meta platforms or authorized providers used to send, receive, store, or route messages.
WhatsApp data is processed for service delivery, support, project notifications, consultation follow-up, system integration, or agreed operational needs. We follow Meta data handling requirements, including using data according to the purpose of the business conversation and limiting access to personnel who need it.
If we develop WhatsApp solutions for a client, the roles and responsibilities of data controller or processor will be regulated in the project contract or relevant data processing document. The client is responsible for ensuring the legal basis, notices, and end-user consent for the messaging use cases they operate.
6. Data Storage & Security
Data may be stored in Indonesia and/or on cloud servers used for website hosting, project management, communication, development, and deployment. Storage locations may depend on infrastructure providers, client requirements, and agreed project configurations.
We apply reasonable security measures, including encryption in transit, access restrictions based on work needs, credential management, repository controls, and separation of development environments where relevant. No electronic transmission or storage method is completely risk-free, but we work to reduce the risk of unauthorized access, loss, misuse, or alteration of data.
7. Data Sharing
We do not sell your personal data. We also do not share personal data with third parties for their own marketing purposes.
Data may be shared in a limited way with cloud infrastructure or hosting providers, Meta or the WhatsApp Business Platform for WhatsApp API communication, analytics tools such as Google Analytics, operational service providers that help us run projects, or government and law enforcement authorities if required by applicable law. Any sharing is done according to service needs, contracts, legal obligations, or lawful client instructions.
8. Data Retention
We retain data for as long as necessary for the collection purpose, project duration, support period, administrative interests, and applicable legal periods. Project records, contracts, invoices, and important communications may be retained longer if needed for audits, compliance, dispute resolution, or proof of service performance.
After data is no longer required, we will delete, anonymize, or restrict access to it according to technical feasibility and legal obligations. For data we process as a processor on behalf of a client, retention will follow the client instructions and project agreement.
9. Your Rights
Under applicable law, you may have the right to request access to personal data, correct inaccurate data, delete data, restrict processing, export or receive a copy of data, object to certain processing, and withdraw consent where processing depends on consent. Exercising rights may depend on the requester identity, data context, our role as controller or processor, and applicable legal obligations.
To exercise your rights, contact us at [email protected]. We may ask for additional information to verify your identity or authority before processing the request.
10. Data Deletion
You may request deletion of personal data by emailing [email protected] with the subject “Data Deletion Request”. Please include your name, related email address or WhatsApp number, the context of your relationship with us, and the data you want deleted.
We will review the request and delete eligible data, unless certain data still needs to be retained for contracts, legal obligations, dispute resolution, security, or other legitimate interests. If data is processed on behalf of a client, we may direct the request to the client as the data controller.
11. Cookies
Our website uses essential cookies or similar technologies needed for the website to function properly, maintain language preferences, and support basic security. We also use Google Analytics 4 to understand website usage in aggregate and help improve content and user experience.
Our analytics configuration is intended for general measurement and not to directly identify you. You can configure your browser to reject or delete cookies, but some parts of the website may not work optimally.
12. Third-Party Services
In operating the website and services, we may use third-party services such as Meta or the WhatsApp Business Platform, Google Analytics, cloud hosting providers, email services, project management tools, code repositories, and deployment services. These providers may process data according to their own privacy policies, service terms, and data processing agreements.
We choose providers based on operational needs, security, reliability, and service suitability. However, the use of certain third-party services may also depend on client requests or approvals in a project.
13. Children’s Privacy
Our services are intended for businesses, organizations, and professionals, not for individuals under 18 years old. We do not knowingly collect personal data from children.
If you believe that a child under 18 has provided personal data to us without appropriate permission, contact [email protected]. We will review the information and take reasonable steps to delete it if necessary.
14. Changes to This Policy
We may update this policy from time to time to reflect changes in services, technology, regulations, or operational practices. The latest version will be displayed on this page with the relevant updated date.
If changes are material, we may provide additional notice through the website, email, project contracts, or other appropriate communication channels. You are encouraged to check this page periodically.
15. Contact
If you have questions about this privacy policy, data processing, or data subject rights requests, contact us by email at [email protected]. Please explain the context of your request so we can handle it appropriately.
Controller or contact party: PT Evee Bytecode Indonesia, Embrace ID, Tangerang, Banten, Indonesia.