Privacy Policy
Last Reviewed and Updated: January 14, 2026
Effective Date: January 14, 2026
1. Introduction
PT Orionex Solusi Digital ("Orionex Solutions," "Orionex," "we," "us," "our"), located at Gedung Wirausaha, Jalan H. R. Rasuna Said Kav. C No. 5, Setiabudi, Jakarta Selatan, 12920, Indonesia, values your privacy.
We are committed to protecting your personal information and complying with applicable data protection laws, including Indonesia's Personal Data Protection (PDP) Law (Law No. 27 of 2022), and where applicable, international standards such as the GDPR.
This Privacy Policy describes how we collect, hold, use, and disclose personal information related to visitors of our websites (https://orionex.id) and users of our digital platforms, applications, and services (collectively, the "Services").
2. Information We Collect
We collect information to provide better services to our users.
(a) Information You Provide (Account Data):
- Registration Details: Name, email address, phone number, date of birth, and company/institution details provided during registration.
- Billing Data: Tax ID (NPWP), billing address, and payment information.
- Communications: Feedback, support tickets, survey responses, and inquiries.
- Social Media Login Data: If you choose to register using social media account details (e.g., Google, Facebook, X), we collect information such as your name, email address, and profile picture from that provider.
(b) Information Collected Automatically:
- Log & Usage Data: IP address, browser type, operating system, device identifiers, referring URLs, crash reports, and pages visited.
- Device & Location Data: Information about your device (computer, phone, tablet) and general location data (based on IP address).
- Cookies: We use cookies and similar tracking technologies to manage sessions, remember preferences, and analyze platform traffic.
(c) Client Service Data & Hybrid Deployments:
When you use our applications (such as our Analytics Platforms, LMS, or Web Builders), we process data based on your deployment model:
- Cloud-Based Usage: If you use our fully managed cloud services, we process your uploaded datasets (Business Intelligence, Student Data, or Web Assets) on our infrastructure.
- Hybrid / On-Premise Usage: If you deploy our software on your own infrastructure (e.g., "AutoInsight On-Premise"), certain data must still be transmitted to our cloud environment to function. This includes:
- Licensing & Telemetry: Heartbeat signals to validate software licenses and monitor system health.
- Proprietary Processing: Specific data inputs sent via API to our cloud environment to utilize our proprietary AI models, predictive algorithms, or external integrations.
- Note: While the bulk of your data may reside on your premises, the specific data slices sent to our cloud for processing are subject to this Privacy Policy.
Regarding Client Service Data: You (the User/Client) are the Controller and Orionex is the Processor. We do not own this data; we process it solely to generate the outputs (reports, scores, websites) you request.
(d) Google API Services User Data Policy
Our use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
3. How We Use Your Information & Legal Bases
We process your personal data for specific purposes based on valid legal grounds:
| Purpose | Description | Legal Basis |
|---|---|---|
| Service Delivery | To authenticate users, manage accounts, and provide the core functionality of the apps. | Performance of Contract |
| Automated Processing (AI) | To run inputs through our AI models (cloud or hybrid) to provide insights, generate content, or automate workflows. | Performance of Contract |
| Support | To respond to your inquiries and troubleshoot technical issues. | Legitimate Interests |
| Billing | To process payments, manage subscriptions, and comply with Indonesian tax regulations. | Legal Obligation |
| Improvement | To analyze usage patterns (aggregated/anonymized) to improve platform performance. | Legitimate Interests |
| Security | To detect and prevent fraud, abuse, and security incidents. | Legitimate Interests |
| Marketing | To send promotional communications (you may opt-out at any time). | Consent |
4. Disclosure of Information and Subprocessors
We do not sell your personal information. We may disclose data to trusted third-party service providers ("Subprocessors") solely for the purpose of providing our Services. We verify that these providers have adequate security measures in place.
Our Current Subprocessors:
| Subprocessor | Entity Name / Parent | Purpose of Processing | Location |
|---|---|---|---|
| Google Cloud Platform (GCP) | Google LLC | Cloud Infrastructure, Hosting, & Storage | Jakarta (JKT) & Singapore |
| Aiven | Aiven Ltd | Managed SQL Database (PostgreSQL) | Asia & Oceania |
| MongoDB Atlas | MongoDB, Inc. | Managed NoSQL Database | Jakarta (JKT) & Singapore |
| Vercel | Vercel Inc. | Static Site Hosting (Frontend/Landing Pages) | Singapore / Global |
| GreenCloud | 365 Group LLC | VPS & Supplementary Infrastructure | Singapore / Global |
| Whplus | Whplus Technology | VPS & Supplementary Infrastructure | Jakarta (JKT) |
| SMTP2Go | Sand Dune Mail Ltd | Transactional Email Delivery Service | EU & New Zealand |
| Dewaweb | PT Dewaweb | Domain Name Registration Services | Jakarta (JKT) |
| Cloudflare | Cloudflare, Inc. | CDN, DNS, & Web Security (DDoS Protection) | Global (Anycast) / USA |
| OpenAI | OpenAI, LLC | Artificial Intelligence (LLM) Processing | USA / Global |
| Gemini | Google LLC | Artificial Intelligence (LLM) Processing | USA / Global |
Note regarding AI: When you use AI-powered features within our Services (including On-Premise features that utilize cloud APIs), specific data inputs may be sent to OpenAI or Google Gemini for processing. These providers process data in accordance with their enterprise privacy commitments and our data processing agreements.
We may also share information during Business Transfers (mergers/acquisitions) or to comply with Legal Obligations (court orders/law enforcement).
5. International Data Transfers
Our primary servers are located in Jakarta, Indonesia and Singapore.
However, even for On-Premise deployments located in Indonesia, if you utilize features powered by global AI providers (e.g., OpenAI/Gemini), necessary data inputs may be processed in the United States or other jurisdictions. We ensure these transfers are protected in accordance with the Indonesian PDP Law and applicable international standards.
6. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy.
- Account Data: Retained for the duration of your active account plus a reasonable grace period (up to 2 years for inactive accounts).
- Financial Records: Retained for at least 10 years as required by Indonesian Tax Law.
- Client Service Data: Deleted upon contract termination or specific user request, subject to a standard 30-day backup retention window.
7. Security Measures & Shared Responsibility
We employ reasonable administrative, technical, and physical security measures to protect your data, including:
- Encryption of data in transit (TLS/SSL) and at rest.
- Strict access controls and authentication (MFA where available).
- Regular security assessments and monitoring.
Shared Responsibility Model: For On-Premise deployments, you acknowledge that you are responsible for the security of your physical infrastructure, operating system, and network environment. Orionex is responsible for the security of the software code and our own cloud services that your deployment connects to.
8. Your Rights
Depending on your location and applicable laws (including Indonesian PDP Law, GDPR, and CCPA), you may have the following rights:
- Right to Access: Request details about the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data (subject to legal retention obligations).
- Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis.
- Right to Portability: Request a copy of your data in a structured, commonly used format.
- Right to Opt-Out: You may opt-out of marketing communications or targeted advertising.
To exercise these rights, please contact us at legal@orionex.id with the subject line [PRIVACY REQUEST].
9. Do Not Track & Global Privacy Control
Global Privacy Control (GPC): We recognize and honor GPC signals. If you use a browser or extension that supports GPC, we will treat this as a valid request to opt out of the sharing of your personal information for targeted advertising purposes.
Do Not Track (DNT): Aside from GPC, we do not currently respond to DNT browser signals as there is no uniform standard.
10. Information from Minors & Educational Data
We do not knowingly collect personal data directly from children under 18 years of age unless it is provided by an Educational Institution (Client) that has obtained necessary parental consents.
If you are an Educational Institution using NexLMS or similar tools, you warrant that you have the authority to share student data with us for processing. If we learn that we have collected personal data from a minor without proper institutional or parental consent, we will delete that information.
11. US State Privacy Rights (California, etc.)
If you are a resident of certain US states (e.g., California, Colorado, Virginia), you have specific rights regarding your personal information:
- We do not sell your personal information.
- We may share personal information (Identifiers, Geolocation) with service providers for business purposes as listed in Section 4.
- You have the right to request: (1) The categories of personal information we collected; (2) The sources from which the information was collected; (3) The business or commercial purpose for collecting it; and (4) The specific pieces of personal information we hold about you.
12. Changes to This Policy
We may update this Privacy Policy periodically. The "Last Reviewed and Updated" date at the top indicates the latest revision. We will post any changes on this page.
13. Contact Us
If you have questions, concerns, or complaints about this Policy or our data handling practices, please contact our Grievance / Data Protection Officer:
PT Orionex Solusi Digital
Email: legal@orionex.id
Phone: 081226749611
Post: Attention: Legal Department / Data Protection Officer Gedung Wirausaha, Jalan H. R. Rasuna Said Kav. C No. 5, Setiabudi, Jakarta Selatan, 12920, Indonesia.