Last updated: December 21, 2025
PT Casia Solusi Teknologi ("Company", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information when you use the Kamaru mobile application and related services (collectively, the "Service"). We believe in transparency and want you to understand exactly what happens with your data when you use our Service.
This Privacy Policy is prepared in compliance with Indonesian Law No. 27 of 2022 on Personal Data Protection (Undang-Undang Perlindungan Data Pribadi, or "UU PDP"), as well as other applicable data protection regulations. Where applicable, we also respect the rights of users under the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), recognizing that our users may come from various jurisdictions around the world.
We do NOT sell your personal data. Your data is used solely to provide and improve the Service. We have never sold personal data and have no plans to do so in the future. Our business model is based on providing valuable property management tools, not monetizing your personal information.
1. Information We Collect
We collect different types of information depending on how you interact with our Service. Understanding what we collect and why helps you make informed decisions about your use of Kamaru. Below is a comprehensive breakdown of the categories of information we may collect:
1.1 Account Information
When you create an account using Google Sign-In or Apple Sign-In, we collect basic profile information necessary to identify you and provide you with personalized access to the Service. This information is obtained directly from your chosen authentication provider and includes:
- Full Name: Your display name as registered with Google or Apple, used to personalize your experience and identify you within the app
- Email Address: Your primary email address, used for account identification, important service notifications, and customer support communications
- Profile Photo: If available from your Google or Apple account, your profile picture may be displayed within the app to help personalize your experience
- Authentication Identifiers: Unique identifiers provided by Google or Apple that allow us to securely authenticate your identity without storing passwords
We do not have access to your Google or Apple account passwords. Authentication is handled entirely by these third-party providers using industry-standard OAuth protocols, ensuring your credentials remain secure.
1.2 Property and Room Data
As a property management application, Kamaru collects detailed information about the properties you choose to manage through our Service. This information is provided entirely by you and is essential for the core functionality of the application:
- Property Details: Property type (house, apartment, boarding house, villa, etc.), property name, complete address including street address, city, state/province, postal code, and country
- Room Information: For multi-unit properties, we collect room numbers, floor levels, room descriptions, and individual room status
- Financial Information: Rental pricing, payment periods (monthly, yearly, etc.), deposit amounts, and other financial terms you set for your properties
- Property Photos: Images you upload to document and showcase your properties and rooms, which are stored securely in our cloud storage
- Property Notes: Any additional notes or descriptions you add about your properties for your own reference
1.3 Tenant and Person Data
To help you manage your rental relationships, Kamaru allows you to store information about tenants and other persons associated with your properties. This is sensitive information that you are responsible for collecting lawfully from the individuals concerned:
- Personal Identification: Full name, gender, nationality, date of birth, place of birth, and marital status
- Contact Information: Phone numbers, email addresses, and emergency contact details
- Government Identification: ID document type (KTP, SIM, Passport, KITAS, etc.), ID numbers (such as NIK for Indonesian citizens), and ID expiration dates
- Occupation Details: Job title, employer name, and work-related information that may be relevant for tenant screening
- Address Information: Current address and any other address information you choose to record
- Photographs: Face photos for identification purposes, photos of ID documents (KTP, SIM, Passport, etc.), and any additional photos you upload
- Additional Notes: Any other information you choose to record about a person for property management purposes
Important Notice About ID Document Photos: When you upload ID document photos (such as photos of KTP, SIM, or Passport), these images are stored permanently in your Kamaru account for your future reference. They are NOT automatically deleted after AI processing. This allows you to access and verify these documents whenever needed. You are responsible for ensuring you have obtained proper consent from the document owner before photographing and storing their identification documents.
1.4 Lease and Rental Agreement Data
Kamaru helps you track rental agreements and lease information. The lease data you enter includes:
- Lease Terms: Check-in dates, check-out dates, and rental duration
- Financial Terms: Rental amounts, payment frequency, deposit information, and payment history notes
- Lease Status: Whether a lease is active, completed, or terminated
- Associated Parties: Links between tenants, properties, and rooms to create a complete rental record
1.5 Device and Technical Data
To ensure the Service functions properly and to help us diagnose issues when they occur, we may collect certain technical information about your device and how you use the app:
- Device Information: Device type (phone or tablet), device manufacturer and model, operating system type (iOS or Android) and version
- App Information: Kamaru app version number, installation date, and update history
- Performance Data: App crash reports, error logs, and performance metrics that help us identify and fix bugs
- Usage Patterns: General information about which features you use and how frequently, used to improve the Service (we do not track specific content you view or enter)
1.6 Information We Do NOT Collect
To be transparent about our data practices, we want to clearly state what information we do NOT collect:
- Financial Account Information: We do not collect or store your bank account numbers, credit card details, or other financial account credentials
- Precise Location Data: We do not track your real-time GPS location or location history
- Contacts or Address Book: We do not access or upload your phone's contact list
- Call Logs or SMS: We do not access your phone calls, text messages, or communication history
- Browsing History: We do not track websites you visit or your internet browsing behavior
- Microphone or Camera (Background): We only access your camera when you explicitly choose to take or upload a photo; we never access it in the background
- Health or Fitness Data: We do not collect any health, fitness, or biometric data beyond photos you explicitly upload
- Social Media Activity: Beyond basic profile information from Google/Apple Sign-In, we do not access your social media posts, friends lists, or activity
2. How We Use Your Information
We use the information we collect for specific, legitimate purposes related to providing and improving the Service. We are committed to using your data only in ways that you would reasonably expect and that are described in this Privacy Policy. Our primary uses of your information include:
2.1 Providing the Service
- Account Management: Creating and maintaining your user account, authenticating your identity, and personalizing your experience
- Core Functionality: Enabling you to create, view, edit, and manage your properties, rooms, tenants, and leases
- Data Synchronization: Syncing your data across devices so you can access your information from any device where you're logged in
- Photo Storage: Storing and displaying property photos, tenant photos, and ID document photos that you upload
- AI-Powered Features: Processing ID documents through our AI system to extract text and auto-fill forms, saving you time and reducing data entry errors
2.2 Communication
- Service Notifications: Sending important updates about your account, the Service, or changes to our Terms or Privacy Policy
- Transactional Emails: Sending confirmation emails when you perform certain actions, such as creating an account or deleting your account
- Customer Support: Responding to your questions, requests, and feedback when you contact us
2.3 Improvement and Development
- Service Improvement: Analyzing usage patterns to understand how users interact with the app and identify areas for improvement
- Bug Fixing: Using error logs and crash reports to identify, diagnose, and fix technical issues
- Feature Development: Understanding user needs to develop new features and enhance existing functionality
2.4 Security and Legal
- Security: Protecting against unauthorized access, fraud, and other malicious activity
- Legal Compliance: Complying with applicable laws, regulations, and legal processes
- Rights Protection: Protecting our rights, privacy, safety, or property, and that of our users and the public
3. AI-Powered Processing
Our Service incorporates artificial intelligence technology to enhance your experience and save you time when entering tenant information. We believe in being transparent about how this technology works and what it means for your data. Here is a detailed explanation of our AI-powered ID scanning feature:
3.1 How AI ID Scanning Works
When you use the "Scan ID" feature in Kamaru, the following process occurs:
- Image Capture: You take a photo of an identification document (such as a KTP, SIM, or Passport) using your device's camera or select an existing photo from your gallery
- Secure Transmission: The image is securely transmitted to Google Gemini AI's servers using encrypted connections (HTTPS/TLS)
- AI Processing: Google's AI analyzes the image to identify and extract text fields such as name, ID number, date of birth, address, and other relevant information
- Data Return: The extracted text is returned to the Kamaru app and used to auto-fill the person's information form
- Storage: The original ID photo is stored in your Kamaru account (in Supabase storage) for your future reference
3.2 AI Processing Details
| Aspect | Details |
| AI Provider | Google Gemini AI (Google Cloud) |
| Processing Location | Google Cloud infrastructure (various global regions) |
| Temporary Processing | Images are processed in memory and NOT permanently stored by Google |
| Data Retention by AI | Google does not retain the images after processing is complete |
| Your Storage | The original ID photo IS stored in your Kamaru account for your reference |
| Encryption | All data transmitted to and from Google AI is encrypted using TLS |
3.3 AI Accuracy and Limitations
Accuracy Disclaimer: AI-extracted data may contain errors or inaccuracies. The accuracy of text extraction depends on various factors including image quality, document condition, lighting, and the specific document format. You should ALWAYS verify and correct the extracted information before saving it. Kamaru and PT Casia Solusi Teknologi are not responsible for any errors in AI-extracted data or any consequences arising from reliance on such data without verification.
3.4 Opting Out of AI Features
Use of the AI-powered ID scanning feature is entirely optional. You can always choose to manually enter tenant information instead of using the Scan ID feature. If you choose not to use AI scanning, you can simply skip the scan step and enter all information manually.
4. Data Storage and Security
We take the security of your personal data very seriously. We have implemented comprehensive technical and organizational measures designed to protect your information from unauthorized access, loss, misuse, alteration, or destruction. Below is a detailed overview of our security practices:
4.1 Infrastructure Security
- Cloud Infrastructure: Your data is stored on Supabase, which runs on Amazon Web Services (AWS) infrastructure. AWS data centers implement industry-leading physical and environmental security controls
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS (Transport Layer Security), preventing interception during transmission
- Encryption at Rest: All data stored in our databases and file storage is encrypted using AES-256 encryption, one of the strongest encryption standards available
- Regular Security Updates: Our infrastructure components are regularly updated with the latest security patches
4.2 Access Control
- Row-Level Security (RLS): Our database implements row-level security policies that ensure you can only access your own data. This means that even in the unlikely event of a software bug, one user cannot access another user's data
- Authentication: We use secure OAuth 2.0 authentication through Google and Apple, eliminating the need for us to store passwords
- Limited Access: Access to production systems and data is strictly limited to essential personnel who require it for their job functions
4.3 Photo Security
- Secure Storage: All photos (property photos, tenant photos, ID document photos) are stored in Supabase Storage with access controls
- Private URLs: Photo URLs are signed and time-limited, preventing unauthorized access even if a URL is shared
- User Isolation: Each user's photos are stored in isolated storage buckets, ensuring separation between users' data
4.4 Sensitive Personal Data
Notice: Under UU PDP (Indonesian Personal Data Protection Law), certain categories of data are classified as "sensitive personal data" (Data Pribadi yang Bersifat Spesifik) requiring explicit consent and additional protection measures.
The following categories of sensitive personal data may be processed through our Service:
| Data Type | Classification | Purpose | Protection Measures |
| National ID Numbers (NIK from KTP) | Sensitive - Government Identifier | Tenant identification and verification | Encrypted storage, access-controlled |
| Religious Information | Sensitive - Religious Belief | Extracted from Indonesian ID (optional field) | Encrypted storage, user-controlled |
| Face Photos | Sensitive - Biometric Data | Tenant identification | Secure storage, access-controlled URLs |
| ID Card Photos | Sensitive - Contains Multiple Sensitive Fields | Document verification and reference | Secure storage, access-controlled URLs |
By uploading sensitive personal data to the Service, you confirm that you have obtained explicit, informed consent from the data subjects (tenants/persons) for the collection and processing of their sensitive personal data for the purposes described above.
4.5 Data Breach Notification
In accordance with UU PDP Article 46, in the event of a personal data breach (kebocoran data pribadi) that affects your data, we are committed to the following response protocol:
- Immediate Response: Upon discovering a potential breach, we will immediately begin an investigation to determine the scope and nature of the incident
- Notification Within 3x24 Hours: We will notify you within 3x24 hours (72 hours) of confirming a breach that affects your personal data
- Authority Notification: We will notify the relevant data protection authority in Indonesia as required by law
- Breach Details: Our notification will include: the nature of the breach, categories of data affected, approximate number of individuals affected, potential consequences, and measures taken to address the breach
- Remedial Action: We will take immediate steps to contain the breach, mitigate potential harm, and prevent similar incidents in the future
- Documentation: We will maintain detailed records of the incident and our response for regulatory compliance purposes
Breach notifications will be sent to the email address associated with your account. Please ensure your contact information is always up-to-date.
5. Data Sharing and Third Parties
We limit the sharing of your personal data to what is necessary to provide the Service. We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Below is a comprehensive list of the third-party services we use and how your data may be shared with them:
5.1 Third-Party Service Providers
| Service Provider | Purpose | Data Shared | Data Processing |
| Google (Authentication) | User authentication via Google Sign-In | Authentication tokens, basic profile info | Processed according to Google's Privacy Policy |
| Apple (Authentication) | User authentication via Apple Sign-In | Authentication tokens, basic profile info | Processed according to Apple's Privacy Policy |
| Supabase (Database & Storage) | Data storage, file storage, real-time sync | All app data and uploaded files | Processed as data processor under our instructions |
| Google Gemini AI | AI-powered ID document text extraction | ID document photos (temporary) | Processed temporarily, not stored permanently |
| Resend (Email Service) | Transactional and notification emails | Email address, name | Processed for email delivery only |
5.2 What We Do NOT Do With Your Data
To be absolutely clear about our data practices, we want to explicitly state that we do NOT:
- Sell Personal Data: We have never sold and will never sell your personal data to third parties for any purpose
- Share for Advertising: We do not share your data with advertising networks, data brokers, or analytics companies for advertising purposes
- Allow Third-Party Marketing: We do not allow third parties to use your data for their own marketing or promotional purposes
- Create User Profiles for Sale: We do not create profiles about you to sell or license to third parties
- Share Tenant Data: We do not share the tenant/person data you upload with anyone except you and the service providers necessary to operate the Service
5.3 Legal and Safety Disclosures
We may disclose your information if required to do so by law or in response to valid legal requests. Specifically, we may share information:
- To comply with applicable laws, regulations, legal processes, or governmental requests
- To enforce our Terms of Service and other agreements
- To protect the rights, privacy, safety, or property of PT Casia Solusi Teknologi, our users, or the public
- To detect, prevent, or address fraud, security, or technical issues
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations. Below is a detailed breakdown of our data retention practices:
6.1 Retention Periods
| Data Category | Retention Period | Reason |
| Account Data (profile, email) | Until account deletion + 7 days | Required to provide the Service |
| Property, Room, Tenant, Lease Data | Until account deletion + 7 days | Core app functionality |
| Uploaded Photos | Until account deletion + 7 days | User-requested storage |
| Error Logs and Crash Reports | 90 days | Debugging and service improvement |
| Usage Analytics (aggregated) | 24 months | Service improvement |
| Backup Data | 30 days after deletion | Disaster recovery |
| Legal Hold Data | As required by law | Legal compliance |
6.2 Account Deletion
When you delete your account:
- Immediate Effect: Your account becomes inaccessible immediately upon deletion confirmation
- Data Deletion: All your personal data, including properties, rooms, tenants, leases, and photos, is permanently deleted from our active systems within 7 days
- Backup Retention: Copies of your data may remain in our backup systems for up to 30 days after deletion for disaster recovery purposes, after which they are permanently purged
- Irreversibility: Account deletion is permanent and cannot be reversed. Please ensure you have exported any data you wish to keep before deleting your account
6.3 Data Minimization
We practice data minimization, meaning we only collect and retain the minimum amount of data necessary to provide the Service. We regularly review our data collection and storage practices to ensure we are not keeping data longer than necessary.
7. Your Rights Under Indonesian Law (UU PDP)
Indonesian Law No. 27 of 2022 on Personal Data Protection (Undang-Undang Perlindungan Data Pribadi / UU PDP) grants you comprehensive rights over your personal data. We are committed to respecting and facilitating these rights. Below is a detailed explanation of your rights and how to exercise them:
7.1 Your Data Subject Rights
- Right to Information (Hak atas Informasi): You have the right to be informed about what personal data we collect, the purpose of collection, how we process it, and who we share it with. This Privacy Policy serves as our primary disclosure to fulfill this right
- Right of Access (Hak Akses): You have the right to access and obtain a copy of your personal data that we hold. In the Kamaru app, you can view all your data through the normal app interface. For a complete data export, please contact us
- Right to Correction (Hak Koreksi): If your personal data is inaccurate or incomplete, you have the right to request correction or completion. You can edit your data directly in the app, or contact us for assistance
- Right to Deletion (Hak Penghapusan): You have the right to request deletion of your personal data. You can delete individual records in the app or delete your entire account to remove all your data
- Right to Withdraw Consent (Hak Menarik Persetujuan): Where processing is based on consent, you may withdraw your consent at any time. You can do this by deleting your account, which will stop all processing of your data
- Right to Object (Hak Keberatan): You have the right to object to the processing of your personal data in certain circumstances
- Right to Data Portability (Hak Portabilitas Data): You have the right to receive your personal data in a structured, commonly used, and machine-readable format. We are developing a data export feature to facilitate this right
- Right to Restrict Processing (Hak Pembatasan Pemrosesan): You have the right to request that we limit how we process your personal data in certain circumstances
7.2 How to Exercise Your Rights
You can exercise your rights in the following ways:
- In-App Features: Use the app's built-in features to view, edit, or delete your data. Go to Profile → Settings for account management options
- Email Request: Send a request to privacy@kamaru.app specifying which right you wish to exercise
- Verification: For security purposes, we may need to verify your identity before processing certain requests
7.3 Response Timeframe
In accordance with UU PDP requirements:
- We will acknowledge your request within 3x24 hours (72 hours)
- We will fulfill legitimate requests within 14 days of verification
- If we cannot fulfill a request, we will explain why within the same timeframe
7.4 Legal Basis for Processing
We process your personal data based on the following legal grounds under UU PDP:
- Consent (Persetujuan): By creating an account and using the Service, you provide your consent to the processing of your personal data as described in this Privacy Policy. You may withdraw consent at any time by deleting your account
- Contractual Necessity (Keperluan Kontraktual): Processing that is necessary to provide the Service you have requested and to fulfill our contractual obligations to you
- Legitimate Interest (Kepentingan yang Sah): Processing that is necessary for our legitimate business interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests do not override your rights and freedoms
- Legal Obligation (Kewajiban Hukum): Processing that is necessary to comply with applicable laws and regulations
7.5 Complaints
If you believe that your personal data rights have been violated, you have the right to:
- Contact Us: First, please contact us at privacy@kamaru.app. We take all complaints seriously and will investigate and respond promptly
- Regulatory Complaint: If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection supervisory authority in Indonesia
8. Rights for International Users
If you are located outside Indonesia, you may have additional rights under the data protection laws of your jurisdiction. We respect these rights and will endeavor to comply with applicable laws:
8.1 European Union Users (GDPR)
If you are located in the European Union, European Economic Area, or United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including:
- All the rights listed in Section 7 above
- The right to lodge a complaint with your local supervisory authority
- The right to object to processing based on legitimate interests
- The right not to be subject to decisions based solely on automated processing
8.2 California Users (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:
- The right to know what personal information we collect, use, and disclose
- The right to delete your personal information
- The right to opt-out of the sale of personal information (note: we do NOT sell personal information)
- The right to non-discrimination for exercising your privacy rights
9. Account Deletion Process
We respect your right to delete your account and all associated data at any time. Here is a detailed guide on how account deletion works:
9.1 How to Delete Your Account
- Open the Kamaru app on your device
- Navigate to Profile (tap your profile icon)
- Go to Settings
- Scroll down and tap "Delete Account"
- Read the warning about permanent data deletion
- Confirm your deletion request
9.2 What Gets Deleted
When you delete your account, the following data is permanently removed:
- Your account profile information (name, email, profile photo)
- All properties you have created
- All rooms associated with your properties
- All person/tenant records you have created
- All lease records
- All uploaded photos (property photos, tenant photos, ID photos)
- All app settings and preferences
9.3 Deletion Timeline
- Immediate: Your account becomes inaccessible
- Within 7 Days: All data is permanently deleted from active systems
- Within 30 Days: All data is purged from backup systems
10. Cookies and Tracking Technologies
This section explains our use (or non-use) of cookies and similar tracking technologies:
10.1 Mobile App
The Kamaru mobile application does not use cookies (which are a web browser technology). However, the app does use:
- Local Storage: We store certain data locally on your device for offline functionality and performance (such as cached data and app preferences)
- Authentication Tokens: Secure tokens are stored on your device to keep you logged in
10.2 Website
Our website (kamaru.app) uses minimal cookies:
- Essential Cookies: Necessary for basic website functionality
- No Advertising Cookies: We do not use advertising or tracking cookies
- No Third-Party Analytics: We do not use third-party analytics services that track you across websites
10.3 Do Not Track
We respect Do Not Track (DNT) signals. Since we do not engage in cross-site tracking, our practices remain the same regardless of DNT settings.
11. Children's Privacy
Kamaru is designed for property owners and managers who are adults. Our Service is not intended for use by children, and we do not knowingly collect personal information from children:
- Age Requirement: Users must be at least 18 years old to create an account and use our Service
- No Child Data Collection: We do not knowingly collect, use, or disclose personal information from anyone under 18 years of age
- Parental Rights: If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@kamaru.app
- Deletion of Child Data: If we discover that we have collected personal information from a child under 18, we will promptly delete that information from our systems
12. International Data Transfers
Kamaru is operated by PT Casia Solusi Teknologi, a company based in Indonesia. However, to provide our Service, your data may be transferred to and processed in countries other than Indonesia. We take steps to ensure that international transfers are conducted with appropriate safeguards:
12.1 Transfer Locations
| Service Provider | Data Location | Purpose | Safeguards |
| Supabase (Database & Storage) | AWS Infrastructure (Singapore region, with possible US replication) | Primary data storage and synchronization | SOC 2 Type II certified, encryption at rest and in transit, DPA in place |
| Google Gemini AI | Google Cloud (various global regions) | AI-powered ID text extraction | Data processed temporarily only, not permanently stored, encrypted transmission |
| Resend (Email) | AWS Infrastructure (US region) | Sending transactional emails | SOC 2 Type II certified, encrypted transmission, DPA in place |
| Google/Apple (Authentication) | Global infrastructure | User authentication | Industry-standard security, OAuth 2.0 protocols |
12.2 Transfer Safeguards
All international transfers are conducted with appropriate safeguards including:
- Standard Contractual Clauses: We have data processing agreements with our service providers that include standard contractual clauses where applicable
- Encryption: All data is encrypted both in transit (using TLS) and at rest (using AES-256)
- Security Certifications: Our primary service providers maintain security certifications such as SOC 2 Type II
- Data Minimization: We only transfer the minimum data necessary for each service to function
12.3 Your Consent to Transfers
By using the Service, you acknowledge and consent to the transfer of your data to the locations and service providers described above for the purposes described in this Privacy Policy.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We are committed to keeping you informed about how we protect your data:
13.1 Notification of Changes
- Material Changes: If we make material changes that affect how we collect, use, or share your personal data, we will notify you through the app (via in-app notification) and/or via email to the address associated with your account
- Minor Changes: For minor changes that do not materially affect your rights, we will update the "Last updated" date at the top of this Privacy Policy
- Advance Notice: Where required by law or where changes are significant, we will provide advance notice before the changes take effect
13.2 Your Continued Use
Your continued use of the Service after we post changes to this Privacy Policy or notify you of changes constitutes your acceptance of those changes. If you do not agree with the updated Privacy Policy, you should stop using the Service and delete your account.
13.3 Accessing Previous Versions
If you would like to access previous versions of this Privacy Policy, please contact us at privacy@kamaru.app.
14. Data Controller and Processor Roles
Under data protection laws including UU PDP, it is important to understand the roles of "Data Controller" (Pengendali Data Pribadi) and "Data Processor" (Prosesor Data Pribadi). These roles determine who is responsible for various aspects of data protection:
14.1 Your Account Data
For your account data (your name, email address, profile photo, and authentication information):
Data Controller:
PT Casia Solusi Teknologi
Republic of Indonesia
As the data controller for your account data, we are responsible for:
- Determining the purposes and means of processing your account data
- Ensuring lawful processing in accordance with UU PDP and this Privacy Policy
- Implementing appropriate security measures
- Responding to your data subject requests
- Notifying you of any data breaches affecting your account data
14.2 Tenant/Person Data You Upload
Important Distinction: For tenant and person data that you upload to the Service (including their names, ID information, photos, and other personal details):
- YOU are the Data Controller – You determine why and how tenant data is collected, what data is collected, and how it is used. You make the decision to upload their data to Kamaru
- PT Casia Solusi Teknologi is the Data Processor – We process tenant data only on your behalf and according to your instructions. We store and display the data you upload, but we do not determine the purpose of that processing
14.3 Your Responsibilities as Data Controller
As the Data Controller for tenant data, you are legally responsible under UU PDP for:
- Obtaining Consent: Obtaining valid, informed consent from tenants before photographing their ID documents and uploading their personal data to Kamaru
- Providing Information: Informing tenants about how their data will be stored and processed, including that it will be stored in cloud infrastructure
- Ensuring Lawful Basis: Ensuring you have a lawful basis under UU PDP for processing each tenant's personal data
- Responding to Requests: Responding to tenant requests to access, correct, or delete their personal data
- Data Accuracy: Ensuring tenant data is accurate and up-to-date
- Compliance: Complying with all applicable data protection laws regarding the tenant data you upload
Kamaru provides the technical infrastructure and tools to store and process tenant data, but the legal responsibility for lawful collection and processing of that data remains with you. We recommend informing your tenants that their data is being stored in a property management application and obtaining their written consent.
15. Contact Us
We welcome your questions, comments, and concerns about this Privacy Policy and our data practices. If you have any questions, want to exercise your data rights, or have concerns about how we handle your personal data, please contact us:
PT Casia Solusi Teknologi
Republic of Indonesia
Email: hello@kamaru.app
We aim to respond to all inquiries within 3 business days. For data subject requests under UU PDP, we will acknowledge your request within 3x24 hours (72 hours) and fulfill legitimate requests within 14 days.
This Privacy Policy is effective as of December 21, 2025.