Your Privacy Matters

KraflabPrivacy Policy

Kraflab.id, operated by Baliola (“we,” “our,” “us”), is committed to protecting your privacy, securing your personal data, and ensuring responsible data management in line with the ISO/IEC 27001 standard for information security and the Indonesian PDP Law. This Privacy Policy explains how we collect, use, store, protect, and share your information.

ISO 27001 Compliant
Indonesian PDP Law

Table of Contents

Our Commitment to Information Security and Data Privacy

- We maintain an Information Security Management System (ISMS), certified and regularly reviewed according to ISO/IEC 27001.

- We process and protect personal data in accordance with the Indonesian PDP Law.

- We regularly train our employees and stakeholders on data protection and information security best practices.

- We conduct risk assessments, audits, and continuous improvements to ensure compliance and reduce data-related risks.

Information We Collect

We collect information necessary to provide and secure our services, including:

- Personal Information:

Name, email address, phone number, identification documents (KTP for individuals, company data for businesses), account credentials.

- Product Information:

Product details, documentation, images, and supporting files submitted for certification.

- Payment Information:

Payment channel, status, transaction details (processed through secure payment gateways, not stored by us).

- Cookies and Tracking Data:

Session cookies and similar technologies to ensure security, improve user experience, and monitor site usage.

How We Use Your Data

Your data is used only for legitimate and disclosed purposes:

- Providing and maintaining our certification services.

- Processing product submissions, verifications, and payments.

- Managing user accounts and ensuring secure authentication.

- Detecting, investigating, and preventing fraud or security incidents.

- Complying with legal and regulatory obligations under ISO 27001 controls and PDP Law.

- Communicating important information, updates, and support.

- Improving our systems through anonymized analytics and feedback.

- We will not use your data for purposes beyond those described here without your explicit consent.

How We Share and Disclose Data

We share your information only when necessary and under strict controls:

- With authorized personnel for service operation, on a “least privilege” basis per ISO 27001.

- With payment providers for transaction processing (we do not store card/bank data).

- With regulatory authorities to meet legal requirements.

- With communities, consumers, or other users only for certification-related information (e.g., creator/product info in the catalog).

- With vetted third-party service providers (cloud, backup, analytics) under signed agreements that require information security and confidentiality.

- We do not sell personal data to any third party.

- All transfers of personal data comply with the Indonesian PDP Law and, if applicable, international data transfer rules. Sensitive information is always protected during transfer and storage.

Data Security and Protection

- We implement ISO 27001:2022 technical and organizational controls, including but not limited to:

~ Role-based access control (RBAC).

~ Segregation of duties and “need-to-know” principles for personnel.

~ Secure development practices and regular penetration testing.

~ Business continuity, disaster recovery, and regular data backups.

- Blockchain immutability: Product certifications are permanently and securely recorded on the Mandala Chain blockchain.

Data Retention and Deletion

- We retain your information as long as your account is active or as needed for legal/regulatory reasons.

- Product certification records are immutable on the blockchain.

- You may request deletion or restriction of your data (except where retention is required by law or certification).

- Data subject requests are handled in accordance with PDP Law and ISO 27001 policies.

User Rights

In accordance with Indonesian PDP Law and ISO 27001:2022 principles, you have the right to:

- Access and obtain a copy of your personal data.

- Correct or update your personal data at any time.

- Request erasure or restriction of your data (except data on blockchain, which cannot be altered).

- Withdraw consent for data processing where applicable.

- Object to certain processing activities.

- Lodge a complaint to us or the competent data protection authority.

- You can exercise these rights by contacting support@baliola.io. We respond promptly in line with regulatory requirements.

Third-Party Links and Services

Our platform may include links to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their privacy policies separately.

Security and Privacy

- Password Hashing - User passwords are never stored in plain text.

- Certification records are stored immutably on the Mandala Chain blockchain.

- Your data is processed in compliance with Indonesian Personal Data Protection (PDP) law.

- For more on data handling, please review our Privacy Policy.

Children’s Privacy

Kraflab is not intended for users under 18 years old. We do not knowingly collect personal information from minors.

International Data Transfers

If your data is transferred outside Indonesia, we ensure adequate protection and comply with PDP Law, including appropriate agreements and safeguards.

Updates to This Policy

We may update this Privacy Policy to remain compliant with ISO 27001:2022, PDP Law, and best industry practices. Any changes will be notified on our platform or via email for significant updates.

Contact Us

- For questions, support, or complaints, please email support@baliola.io.

- By using Kraflab, you acknowledge that you have read, understood, and agreed to these Terms of Service.

Still need help?

Can't find what you're looking for? Our support team is here to help you succeed with Kraflab.

Contact Support
Kraflab Logo