Introduction & Who We Are
SakuraCloudID Holdings operates Claudie, accessible at claudie.id. This Privacy Policy explains what personal data we collect, why we collect it, how long we retain it, and what rights you have over your data.
We take your privacy seriously. Claudie is built for developers who understand the value and implications of data. We believe in transparency and minimal data collection.
Our strategic partner, the Hong Kong Science and Technology Parks Corporation (HKSTP), does not independently collect your personal data through this website. Any joint programs or initiatives will be governed by separate data protection agreements.
Data We Collect
We collect the following categories of personal data:
| Data Type | What Exactly | Purpose | Retention | Legal Basis |
|---|---|---|---|---|
| Waitlist Data | Full name, email, company, role, interests | Send launch updates, early access invitations | Until launch + 12 months, or until unsubscribe | Consent (UU PDP Pasal 20, GDPR Art. 6(1)(a)) |
| Technical Data | IP address, browser type, OS, referring URL | Security monitoring, analytics, debugging | 90 days rolling | Legitimate Interests (UU PDP Pasal 21) |
| Device Data | Timezone string, user agent string | Localization, support diagnostics | 90 days | Legitimate Interests |
| Communications | Emails to hello@claudie.id / privacy@claudie.id | Respond to inquiries | 3 years | Legitimate Interests / Contract |
| AI Interactions | Code inputs, prompts, outputs (post-launch) | Provide service, safety monitoring | 30 days default (configurable) | Contract (UU PDP Pasal 21) |
Important: We do not use identifiable prompts to train our AI models without your explicit opt-in consent. By default, AI interaction data is used only to provide the service and is automatically purged after the retention period.
How We Collect Data
We collect personal data through three primary methods:
- Directly from you: When you sign up for our waitlist, submit the contact form, or send us an email, you provide your personal data voluntarily.
- Automatically: Our servers collect technical data through server logs. We use privacy-respecting analytics that do not track individuals across websites.
- Through third parties: We use sheet.best and Google Sheets as data processors to store waitlist submissions. These providers act on our behalf under strict data processing agreements.
We do not purchase personal data from data brokers. We only collect data necessary for providing and improving our services.
How We Use Your Data
Your personal data is used for the following purposes:
- To send you waitlist confirmation and product launch updates
- To provide and improve Claudie AI services
- To monitor security and prevent fraud
- To comply with legal obligations
- To generate aggregate, anonymized analytics to understand our audience
We do not use your personal data for advertising targeting. We do not sell your personal data to any third party — ever.
Data Sharing & Third Parties
We share personal data only with the following third parties:
sheet.best / Google Sheets
Role: Data Processor
Data: Waitlist form submissions
Location: USA (Google Cloud infrastructure)
Safeguard: Google's standard contractual clauses apply
Web Hosting / CDN Provider
Role: Data Processor
Data: IP addresses, server logs
Safeguard: Data Processing Agreement in place
HKSTP (Strategic Partner)
Role: Strategic Partner (NOT a data processor for this website)
Data shared: None from this website
Note: Any joint programs will have separate data protection agreements
Legal / Regulatory Authorities
We may disclose your personal data if required by Indonesian law, court order, or equivalent legal process in applicable jurisdictions. We will notify you where legally permitted to do so.
Business Transfer
In the event of a merger, acquisition, or sale of assets involving SakuraCloudID Holdings, your personal data may transfer. You will be notified at least 30 days in advance.
Cookies & Tracking
This website uses minimal cookies:
- Session cookie: Maintains form state during your visit. Expires when you close the browser tab.
- No third-party advertising cookies
- No cross-site tracking
We do not use Google Analytics, Meta Pixel, or similar tracking tools. Future analytics will use privacy-respecting solutions (e.g., Plausible, Umami) that do not use cookies or track personal data.
You can disable cookies in your browser settings. The site will continue to function, though some minor features may be unavailable.
Data Storage & Security
Your personal data is stored in data centers located in Indonesia, Hong Kong, and Singapore (via Google Cloud and our own infrastructure).
We implement the following security measures:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for all data at rest
- Role-based access control with least-privilege principles
- Regular security audits and vulnerability assessments
- Documented incident response plan
In the event of a data breach affecting your personal data, we will notify the relevant authorities within 14 days per UU PDP Pasal 46, and within 72 hours per GDPR Article 33 (for EU users). Affected individuals will be notified without undue delay.
International Data Transfers
Your personal data may be transferred to and processed in countries outside of Indonesia, including:
- USA: Via Google Sheets / sheet.best for waitlist data storage
- Hong Kong: Through our partnership infrastructure with HKSTP
- Singapore: For backup and disaster recovery
These transfers are protected by:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions where applicable
- Equivalent safeguards required by Indonesian law
For users in Hong Kong: transfers comply with PDPO Section 33 (Cross-border Data Flow) requirements.
Your Rights
You have the following rights over your personal data:
To exercise any of these rights, email privacy@claudie.id. We will respond within 30 days as required by UU PDP and GDPR.
Identity verification may be required before processing your request to protect your data security.
Children's Privacy
Claudie is not directed at children under 18 years of age. We do not knowingly collect personal data from minors.
If we discover that we have collected personal data from a child under 18 without parental consent, we will delete that data within 7 days of discovery.
Parents or guardians: If you believe we have collected data from a minor, contact us immediately at privacy@claudie.id so we can take appropriate action.
Data Retention Summary
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Waitlist data | Until launch + 12 months, or until you unsubscribe | Secure deletion |
| Technical logs | 90 days rolling | Automatic purge |
| Email correspondence | 3 years | Manual deletion on request |
| AI interaction data | 30 days default (configurable for enterprise) | Automatic purge |
| Backup copies | Additional 30 days | Automatic purge cycle |
Changes to This Policy
We may update this Privacy Policy as Claudie evolves and our services expand.
- Material changes: We will notify you via email (if you have provided one) and display a 30-day notice banner on the website.
- Minor changes: We will simply update the "Last updated" date at the top of this policy.
Your continued use of claudie.id after the effective date of any changes constitutes acceptance of the new policy. Previous versions are available on request by contacting privacy@claudie.id.
Contact & DPO
Privacy inquiries: privacy@claudie.id
General inquiries: hello@claudie.id
Data Controller: SakuraCloudID Holdings, Jakarta, Indonesia
We aim to respond to all privacy-related inquiries within 14 business days.
For unresolved complaints:
- Indonesia: Kementerian Komunikasi dan Informatika (Kominfo)
- Hong Kong: Office of the Privacy Commissioner for Personal Data (PCPD)
- EU: Your local supervisory authority under GDPR