Privacy policy

We collect the following categories of data:

• Account information: name, email address, organization name, role, and password (stored as a bcrypt hash, never in plain text).
• Asset data: asset descriptions, serial numbers, locations, photos, and metadata that you enter into the system. This data belongs to you.
• Inspection and certification records: inspection results, dates, inspector identity, photos, comments, and generated certificates.
• Usage data: pages visited, features used, timestamps, browser type, device type, and IP address. We use this to improve the product and diagnose issues.
• Support data: messages you send to our support team, including any attachments.

We use your data for the following purposes:

• Service delivery: storing and displaying your asset records, generating inspection reports and certificates, enabling tag scanning and verification.
• Product improvement: understanding which features are used, identifying performance issues, and improving the user experience.
• Support: responding to your questions and resolving technical issues.
• Communication: sending transactional emails (password resets, inspection alerts, certificate expiry reminders) and, with your consent, product updates.
• Legal compliance: meeting obligations under applicable law, responding to lawful requests from authorities.

We do not sell your data. We do not share your data with third parties for advertising purposes. We share data only with:

• Supabase (data processor): our database and authentication provider. Supabase processes data on our behalf under a Data Processing Agreement. Supabase is SOC 2 Type II certified.
• Vercel (hosting): our application hosting provider. Vercel processes request data (IP addresses, headers) to deliver the application.
• Your organization: data you enter is visible to members of your organization based on their role permissions.
• Public verification: if you enable public verification for an asset, limited data (asset status, certification validity) is accessible via the asset's tag scan. No personal data is included in public verification pages.
• Legal requirements: if required by law, court order, or government request, we may disclose data to the extent legally necessary.

We retain your data for as long as your account is active. After account cancellation, we retain your data for 12 months to allow for reactivation or data export. After 12 months, your data is permanently deleted from our systems and backups.

Completed inspections and issued certificates are retained for the full retention period to preserve audit trail integrity. You may request earlier deletion, subject to any legal retention obligations.

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate personal data.
• Deletion: request deletion of your personal data, subject to legal retention requirements.
• Portability: receive your data in a structured, machine-readable format (CSV or JSON export).
• Restriction: request that we limit processing of your data in certain circumstances.
• Objection: object to processing based on legitimate interests.
• Withdrawal of consent: withdraw consent for processing that is based on consent, at any time.

To exercise any of these rights, contact privacy@kaliratech.com. We respond to all requests within 30 days.

KALIRA uses essential cookies only. These cookies are required for authentication (keeping you signed in) and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies on our marketing site.

Within the application, we use functional cookies to store your preferences (theme, language, sidebar state). These cookies do not track you across other websites.

As an Indonesian company, KALIRA complies with Undang-Undang Pelindungan Data Pribadi (UU PDP) No. 27 Tahun 2022. We process personal data based on legitimate interest (service delivery) and consent (marketing communications). Indonesian users have the rights specified in UU PDP, including the right to access, correct, and delete their personal data.

Our data controller is PT Safe Horizon Industries, domiciled in Jakarta, Indonesia.

For users in the European Economic Area, KALIRA processes personal data under Article 6(1)(b) (performance of a contract) and Article 6(1)(f) (legitimate interests). Where data is transferred outside the EEA, we rely on Standard Contractual Clauses and the adequacy of the data protection framework in the hosting region.

EU users may lodge a complaint with their local supervisory authority in addition to contacting us directly.

KALIRA is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we delete it promptly.

We may update this policy to reflect changes in our practices or applicable law. Material changes will be communicated via email to account holders. The “last updated” date at the top of this page indicates the most recent revision.

KALIRA includes AI-powered features that process Customer Data to generate summaries, search results, and recommended actions. AI processing occurs on our servers using your organization's data only. Your data is not used to train AI models and is not shared with other organizations.

AI-generated responses may reference your asset records, inspection data, and compliance status. These responses are informational and do not constitute safety advice or professional assessment. See our Terms of Service (Section 9) for full AI disclaimer.

In the event of a personal data breach, KALIRA will:

• notify affected customers within 72 hours of discovery, in compliance with GDPR Article 33 and UU PDP requirements;
• provide details of the breach scope, affected data categories, and likely consequences;
• describe the measures taken to address the breach and mitigate potential harm;
• cooperate with customer incident response procedures and regulatory authorities as required.

For privacy-related questions or requests:

• Email: privacy@kaliratech.com
• Entity: PT Safe Horizon Industries
• Location: Jakarta, Indonesia