Introduction
BayarTepat is a multi-tenant property payment management platform developed and operated by PT Rancang Nusantara Teknologi ("we", "us", "the Operator"). The platform serves multiple property development companies ("Tenants") that operate independently within the platform. Each Tenant acts as a Data Controller for the personal data of their buyers, staff, and associated users, while PT Rancang Nusantara Teknologi acts as the Data Processor, processing data solely on documented instructions from each Tenant. We are committed to protecting personal data in accordance with applicable laws, including Indonesia's Personal Data Protection Law (UU No. 27 Tahun 2022) where applicable.
Data Isolation
BayarTepat enforces strict data isolation between Tenants:
- Each Tenant's data — companies, buyers, payments, documents — is separated at the database level
- Users belonging to one Tenant cannot access data belonging to another Tenant
- Branding, notifications, and reports are scoped per Tenant
Information We Collect
We collect the following categories of information:
- Account details such as name, email, phone number, and WhatsApp number
- Profile information including job role and organisation
- Company and project information
- Buyer and property details
- Payment plan and instalment records
- Device and browser information
- Usage and interaction data, including log data such as IP address and access timestamps
- Push notification subscription data (browser endpoint, encryption keys)
- Payment proof documents and buyer documentation files
- SP (Surat Peringatan) letters and attachments
- Company branding assets (logos, images)
How We Use Information
Information is processed to:
- Provide and operate the Service
- Authenticate users and manage access, including multi-factor authentication
- Enable payment tracking and management
- Send automated reminders via WhatsApp
- Send email notifications such as SP escalations and monthly reports
- Send web push notifications for payment events and reports
- Calculate penalties and track payment status
- Generate PDF reports (monthly, buyer, payment plan)
- Improve system performance and security
- Comply with legal and contractual obligations
Data Sharing and Disclosure
We may share data only as described below. We do not sell personal data, and we do not share data between Tenants.
- Within your Tenant's organisation based on role permissions (Admin, Management, Marketing, Legal, Finance)
- With trusted infrastructure providers such as cloud hosting and database services
- With messaging providers for the purpose of delivering payment reminders, emails, and browser push notifications
- To comply with legal obligations
- In business transfers such as mergers or acquisitions
- With Tenant or user consent
Data Storage and Security
We protect personal data through multiple operational and technical controls:
- Data encrypted at rest and in transit
- Role-based access controls enforced at the database level
- Tenant isolation via row-level security policies
- Two-factor authentication (TOTP) support
- Regular backups and monitoring
- Separate branding and configuration per Tenant
- Upon account termination, data is retained for a commercially reasonable period or as required by law, unless otherwise instructed by the Tenant
Your Rights
Depending on applicable law, users may request:
- Access to personal data
- Correction of inaccuracies
- Deletion, subject to retention requirements
- Data export
- Opt-out of WhatsApp reminders, email notifications, or push notifications
- Withdrawal of consent where applicable
- Requests should be directed to your organisation's administrator
Third-Party Services
The Service integrates with third-party providers for the following purposes:
- Database, authentication, and file storage
- Messaging and payment reminder delivery
- Email delivery
- Content delivery, DDoS protection, and network security
- Error monitoring and bug reporting
- Browser push notifications
- Use of third-party services is subject to their respective privacy policies
Cookies and Local Storage
We use essential cookies and local storage for:
- Authentication and session management
- Push notification subscription state
- User preferences such as language and theme
- No advertising or tracking cookies are used
Children's Privacy
The Service is intended for professional use only and is not designed for individuals under 18 years of age.
International Data Transfers
Data may be processed in jurisdictions outside your own. Appropriate safeguards are applied to protect personal data during any cross-border transfer.
Data Deletion Requests
If you have received WhatsApp notifications from the Service and wish to request deletion of your data, you may do so by contacting us at hello@bayartepat.com. Please include the phone number associated with your WhatsApp account and a description of your request. Upon receiving a valid deletion request, we will delete all WhatsApp message logs associated with your phone number and confirm completion of the deletion within 30 days. For deletion of other personal data held within the Service, please contact your organisation's administrator, who may submit a request on your behalf.
Changes to This Policy
We may update this Privacy Policy periodically. Continued use of the Service constitutes acceptance of the updated policy. The "Last Updated" date at the top of this policy indicates when changes were last made.
Contact
For privacy-related questions, please contact your organisation's administrator or reach out to the platform operator at the address below.
BayarTepat
PT. Rancang Nusantara Teknologi
Jalan Angsana, Lot 301, Kawasan Industri Batamindo, Mukakuning, Sei. Beduk, Batam 29433, Indonesia
Email: hello@bayartepat.com