Privacy Policy

PT Inovasi Media Solusindo (Ethic Ninja) · Last updated: 22 February 2026

Your privacy matters. This policy explains how we collect, use, protect, and manage personal data in line with ISO/IEC 27001:2022 and Indonesian Law No. 27 of 2022 on Personal Data Protection.

1. Information We Collect

• Identity: name, business email, phone, organisation
• Technical: IP address, portal access logs, target configuration data you provide for testing

2. Purpose

• Contract delivery for information security services
• Technical communication on vulnerabilities during projects
• Secure access to VAPT reporting portals
• Legal and audit compliance

3. Protection

• AES-256 encryption at rest; TLS 1.2+ in transit
• Role-based access for assigned pentesters only
• Strong NDAs for all personnel

4. Retention & Deletion

Administrative data retained per contract and legal requirements. Technical VAPT evidence permanently deleted within 30 calendar days after final report handover (BAST), unless otherwise agreed in writing.

5. Your Rights

Access, correction, and deletion rights under PDP Law—contact our DPO at halo@ethic.ninja.

6. Addresses

Registered office: BSD Junction Blok B-23, Jl. Pahlawan Seribu, BSD City, Serpong, Tangerang Selatan 15322, Indonesia
Operations: Jl. Wanamulya Utama BB/VIP/4, Karang Mulya, Karang Tengah, Tangerang 15157, Indonesia