1Introduction
Last Updated: April 2026
This Privacy Policy explains how PT Morfogenesis Teknologi Indonesia ("we," "our," or "us") collects, uses, and protects your personal information when you use the Sikorwas web application ("App").
This policy complies with Indonesia's Personal Data Protection Law (Undang-Undang Perlindungan Data Pribadi) and other applicable data protection regulations.
—Acknowledgment and Consent
By accessing and using the Sikorwas App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. You consent to the collection, processing, storage, and use of your personal data as described in this policy.
If you do not agree with any part of this Privacy Policy, please do not use our App. Your continued use of the App constitutes your acceptance of this Privacy Policy and any updates to it.
2What Data Do We Collect
We collect various types of personal information to provide and improve our services. The categories of data we collect include:
- Employee identification number (NRP) or user ID
- Full name and email address
- Username and account profile information (if provided)
- Roles and permissions granted to your account
- Organizational scopes used for report access (e.g. polda/instansi/bag)
- Daily report details (report type, date/time, location/address, notes)
- Checkpoint location details (address/lokasi, latitude/longitude, accuracy when provided)
- Draft and attendance identifiers used to link users to reports
- Timestamped information related to report creation and updates
- Photos and supporting documents you upload for daily reports and checkpoints
- File metadata (e.g. file name) and upload information
device_infosubmitted with reports (when provided)- User agent information (when available)
- Standard request logs used for security and service operation
- Notification content and read/unread status
- Session/CSRF cookies required for authentication and secure requests
- UI preference cookies (e.g. sidebar state)
Daily reports and checkpoint submissions may include sensitive personal information, location data, and attachments. We process this data only for operational purposes and grant access based on role/permission levels.
3How Will We Use the Data
We collect and process your personal data for the following purposes:
a)Account & Access Management
- Managing user accounts and authentication-related data
- Enforcing roles and permissions to control access to reports
- Supporting profile updates (e.g. your account details)
b)Daily Reports & Checkpoints
- Creating, storing, and managing daily reports
- Processing and archiving checkpoint submissions (including drafts and finalized reports)
- Managing report attachments (photos and documents), including related metadata
- Using location and timestamp information provided with reports for record-keeping
c)Security and Authentication
- Detecting and preventing unauthorized access to your account and reports
- Maintaining audit logs and monitoring for security-relevant events
- Ensuring the security and integrity of the App and its data flows
d)Legal Compliance
- Complying with Indonesian labor laws and regulations
- Maintaining records for internal and external audits
- Resolving employment-related disputes and investigations
- Ensuring compliance with data protection and document retention requirements
e)Service Improvement
- Understanding how users interact with the App to improve features
- Identifying and fixing technical issues
- Enhancing the overall user experience
- Optimizing dashboard performance and report workflows
4With Whom Do We Share the Data
We may share your personal information in the following circumstances:
a)Third-Party Services
We may use third-party service providers that help us operate, host, and maintain the App, including storing and delivering uploaded photos and documents.
b)Legal Requirements
- When required by law or legal process
- To protect our rights, property, or safety
- To prevent fraud or illegal activities
- In connection with a business transfer or merger
- For compliance with regulatory requirements related to case documentation and reporting
c)International Transfers
Your personal data may be processed in jurisdictions where our service providers operate. We take reasonable safeguards to protect your personal data and to comply with applicable data protection requirements.
5Protecting Your Personal Data
We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:
a)Technical Security
- Secure transmission: Data is transmitted using TLS/SSL (HTTPS) when communicating with our servers.
- Role-based access: Access to personal data and reports is restricted according to your assigned permissions.
- Audit logging and monitoring: We log and monitor security-relevant events to detect and respond to incidents.
- Secure file handling: Uploaded photos and documents are stored and served through controlled systems.
- Data minimization: We collect and process only what is necessary for daily report and checkpoint operations.
b)Data Protection
- Secure storage: Personal data and reports are stored in secured systems with access controls.
- Access controls: We use role-based access controls to limit access to authorized users.
- Audit logging: Access to personal data and report records is logged for accountability.
- Regular security updates: We apply security patches and improvements as needed.
c)Organizational Security
- Employee Training: Regular privacy and security training for all staff
- Data Protection Officer: Designated personnel responsible for data protection compliance
- Incident Response: Procedures for handling data breaches and security incidents
d)Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including operating the App, maintaining records, and meeting applicable legal or operational requirements.
- Report and checkpoint records: retained for the period necessary for operational and compliance needs.
- Account data: retained while your account remains active or as needed to provide services and comply with legal obligations.
- Audit logs: retained to support security monitoring and accountability.
6Data Security
We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:
a)Technical Security
- Secure transmission: Data is transmitted using TLS/SSL (HTTPS) when communicating with our servers.
- Role-based access: Access to personal data and reports is restricted according to your assigned permissions.
- Audit logging: Security-relevant events are logged for accountability and incident response.
- Secure file handling: Uploaded photos and documents are stored and served through controlled systems.
b)Data Protection
- Secure storage: Personal data and report records are stored in secured systems with access controls.
- Access controls: Role-based access controls limit who can access your data.
- Audit logging: Access to personal data is logged for accountability.
- Regular security updates: We apply security patches and improvements as needed.
c)Organizational Security
- Employee Training: Regular privacy and security training for all staff
- Data Protection Officer: Designated personnel responsible for data protection compliance
- Incident Response: Procedures for handling data breaches and security incidents
7Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:
- Posting the updated policy in the App with a prominent notice
- Posting the updated policy and, where applicable, sending in-app notifications to authorized users
- Updating the "Last Updated" date at the top of this policy
- For significant changes, requesting your consent where required by law
We encourage you to review this Privacy Policy periodically. Your continued use of the App after any changes constitutes acceptance of the updated Privacy Policy.
Our App is designed for workplace use and is intended only for individuals who are 18 years of age or older. We do not knowingly collect personal information from minors under 18 years of age.
8Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: info@morfotech.id
Phone: +62 811 22 888 001
Address:
PT Morfogenesis Teknologi Indonesia
Tendean Square, Jl. Wolter Monginsidi Nomor 122-124 RT 16 RW 02 Kavling No. 20-21 Lantai 3
Kec. Kebayoran Baru Kel. Petogogan, Jakarta Selatan 12170, Indonesia
—Response Time
We will acknowledge receipt of your inquiry within 3 business days and provide a full response within 30 days. If we need additional time, we will notify you of the extension and the reasons for it.
—Complaint Procedures
If you are not satisfied with our response to your data protection inquiry, you have the right to lodge a complaint with:
- The Indonesian Data Protection Authority (when established)
- The Ministry of Communication and Information Technology (Kementerian Kominfo)
- Other relevant supervisory authorities