Privacy Policy

1. Scope & controller

The data controller for the Services is PT Kerja Handal Nusantara (“Fasgrade”, “we”, “us”, or “our”). This policy applies globally to anyone who uses Fasgrade, including participants taking assessments, reviewers, employers, and account administrators.

For users located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar regulations, we process your data in line with applicable laws including the GDPR, UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and Indonesia's Personal Data Protection Law (UU PDP No. 27/2022).

2. Data we collect

2.1 Information you provide

• Account data name, email, password (hashed), profile picture, organization, and role.
• Assessment data responses, recordings (if you opt in), uploaded files, scores, written reflections, and feedback.
• Communications messages you send to support, surveys you complete, or comments you submit.
• Billing for paying customers: billing name, address, tax ID, and limited payment metadata. Card numbers are processed by our PCI-compliant payment partners and are never stored on Fasgrade servers.

2.2 Information collected automatically

• Device & browser information (model, OS, browser, screen size, language).
• IP address, coarse location derived from IP, and time zone.
• Usage logs (pages visited, features used, click streams, timestamps).
• Cookies and similar technologies see section 9.

2.3 Information from third parties

• Authentication providers (Google, Microsoft, Apple) when you sign in via SSO we receive only the fields required by the chosen scope.
• Employer/organization administrators who invite you to take an assessment.
• Payment processors for transaction status and fraud signals.

3. How we use your data

• Provide, operate, and improve the Services and the Fasgrade assessment experience.
• Score assessments, generate insights, and produce reports for participants and reviewers.
• Authenticate users, prevent fraud, and maintain platform security.
• Process payments, manage subscriptions, and issue receipts.
• Communicate transactional messages (security, account, billing). Marketing emails are sent only with your opt-in and you can unsubscribe anytime.
• Conduct analytics and research to improve product quality, in aggregated or pseudonymized form whenever possible.
• Comply with legal obligations and respond to lawful requests from authorities.

4. Legal bases for processing (EEA/UK)

• Performance of a contract to deliver the Services you requested.
• Consent for optional cookies, marketing, and certain sensitive processing. You can withdraw consent at any time.
• Legal obligation to comply with applicable laws.
• Legitimate interests to keep the platform secure, prevent abuse, and improve product quality, balanced against your rights.

5. How we share data

We do not sell your personal data. We share data only as described below:

• Your organization if you take an assessment via an employer or institution, your results and progress are shared with their authorized administrators and reviewers.
• Service providers cloud infrastructure (e.g., Google Cloud, AWS, Azure), email/SMS delivery, customer support tools, analytics, and payment processors, bound by data-processing agreements.
• AI sub-processors for AI-assisted scoring, summaries, and recommendations. Inputs are minimized and are not used to train public foundation models.
• Legal & safety when required by law, court order, or to protect rights, property, and safety of users or third parties.
• Business transfers in connection with a merger, acquisition, or sale of assets, with notice to affected users.

6. International data transfers

Fasgrade is operated from Indonesia and uses cloud regions that may include Singapore, the United States, and the European Union. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and equivalent mechanisms for cross-border transfers.

7. Data retention

We retain personal data for as long as your account is active or as needed to provide the Services. After account deletion, we delete or anonymize personal data within 90 days, except where longer retention is required by law (e.g., tax/accounting records) or necessary to resolve disputes and enforce our agreements.

8. Security

• Encryption in transit (TLS 1.2+) and at rest for sensitive fields.
• Role-based access control and principle of least privilege.
• Audit logging, intrusion monitoring, and routine vulnerability scanning.
• Mandatory security training for all employees and contractors.
• Independent penetration tests performed periodically.

No method of transmission or storage is 100% secure. In the unlikely event of a security incident materially affecting you, we will notify you and the competent authorities without undue delay, in accordance with applicable law.

9. Cookies & tracking

Fasgrade uses cookies, local storage, and similar technologies for essential platform functions and with your consent for analytics and product personalization. You can manage your preferences at any time via the cookie banner or your browser settings.

• Strictly necessary required for login, security, and core features. Cannot be disabled.
• Functional store language, theme, and UI preferences.
• Analytics help us understand aggregate usage (e.g., Google Analytics). Optional.
• Marketing used for personalized advertising on partner platforms. Off by default; opt-in only.

10. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or incomplete data;
• Request deletion of your data ("right to be forgotten");
• Restrict or object to certain processing;
• Withdraw consent at any time;
• Request portability of your data in a machine-readable format;
• Opt out of automated decision-making, including profiling, that produces significant effects on you;
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at business@fasgrade.com. We will respond within 30 days (or sooner where required by law).

11. Children's privacy

Fasgrade is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. AI-assisted features

Some Fasgrade features use artificial intelligence to score responses, generate summaries, or recommend next steps. We minimize the data sent to AI sub-processors, contractually prohibit them from using your data to train public foundation models, and provide a human-review path for any decision that produces significant effects on you. You can request human review of any AI-generated score by contacting our team.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notice or email at least 7 days before they take effect. Continued use of the Services after the effective date constitutes acceptance.