Vanaila DigitalVANAILA · SINCE 2018
Book Consultation
[ LEGAL / PRIVACY ]Effective: January 1, 2025

Privacy Policy

Vanaila Digital respects your privacy and is committed to protecting your personal data. This policy explains what we collect, why we collect it, and your rights.

01

Who We Are

Vanaila Digital("Vanaila Digital", "we", "us", or "our") operates the website at vanaila.com and related subdomains. We are registered in Indonesia and our primary office is located at Bogor Utara. For any privacy-related enquiries, contact us at care@vanaila.com.

02

Information We Collect

We collect only the information necessary to provide our services and improve your experience. We do not sell your data to third parties.

Information you provide directly — When you submit a contact or project brief form, we collect your name, business email address, company name (if provided), service category of interest, and a project overview description.

Usage data we collect automatically— When you visit our website, our self-hosted analytics system records the page URL visited, the HTTP referrer (the page you came from), UTM campaign parameters (e.g., from email or ad links), and a randomly generated visitor identifier stored in your browser's local storage. No cookies are used for analytics. No data is sent to third-party analytics platforms such as Google Analytics.

Technical data — Our web server receives standard HTTP request data including your IP address, browser type, operating system, and timestamp. This data is used only for security monitoring and is not linked to your identity.

03

How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to your project brief or enquiry and provide consultation services
  • To understand which pages and content are most useful to our visitors
  • To measure the effectiveness of marketing campaigns via UTM parameters
  • To protect our website from unauthorised access and abuse
  • To fulfil any legal obligations we may have under applicable law

We do not use your data for automated decision-making or profiling.

04

Legal Basis for Processing (GDPR / UU PDP)

Depending on your location, different legal frameworks may apply. Our legal basis for processing personal data is:

  • Contractual necessity — to respond to and fulfil your project enquiry
  • Legitimate interests — to analyse website usage through self-hosted, cookieless analytics and to protect our systems
  • Legal obligation — where applicable laws require us to retain certain records

Where required, we will ask for your consent. You may withdraw consent at any time by contacting us.

05

Data Storage and Retention

Contact form submissions are stored in our secure database hosted on Supabase (PostgreSQL), which is operated on infrastructure within or proxied through the European Union and Southeast Asia regions. We retain contact submissions for up to 3 years for business and tax record-keeping purposes, after which they are permanently deleted.

Analytics records (visitor and session identifiers) are anonymised and retained for up to 12 months to allow us to identify usage trends over time.

06

Cookies and Local Storage

Our website does notuse tracking cookies. We do use the browser's localStorage to store a randomly generated visitor identifier that helps us count unique visitors without identifying you personally. This identifier cannot be used to re-identify you.

We may set a session cookie for administrative users who log in to the admin panel. This cookie is strictly functional and is not used for tracking.

Google Fonts are loaded through our own server (self-proxied) — your browser does not make requests directly to Google's servers.

07

Third-Party Services

We use a minimal set of third-party services. These may process data as part of providing their service:

  • Supabase — database and media storage hosting. Your contact form data is stored here. Supabase is GDPR-compliant and data is processed under a Data Processing Agreement.
  • Hostinger / web host — server infrastructure for running the website.

We do not integrate Facebook Pixel, Google Analytics, Hotjar, Intercom, or any advertising network trackers.

08

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — request deletion of your personal data where there is no lawful reason to retain it
  • Right to restrict processing — ask us to temporarily stop processing your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests

To exercise any of these rights, email care@vanaila.com. We will respond within 30 days. For residents of Indonesia, these rights are recognised under UU PDP (Government Regulation on Personal Data Protection).

09

Children's Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

10

Changes to This Policy

We may update this Privacy Policy from time to time. The effective date at the top of this page will be updated accordingly. We encourage you to review this page periodically. Continued use of our website after any update constitutes acceptance of the revised policy.

11

Contact and Complaints

For any privacy-related questions, data requests, or complaints, contact our data controller:

Vanaila Digital
Bogor Utara
Email: care@vanaila.com

If you are located in the European Union and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Questions or data requests?

care@vanaila.com →
Privacy PolicyTerms of ServiceData Collection