Last Updated: March 21, 2026
Welcome to daa.bio.
This Privacy Policy explains how [Legal Entity Name], doing business as daa.bio, a company established under the laws of the Republic of Indonesia and having its principal place of business at [registered address] ("daa.bio," "we," "us," or "our"), collects, uses, stores, discloses, transfers, and protects personal data when you access or use our website, applications, creator pages, custom domains, analytics tools, design and asset features, customer support channels, and any related products or services we make available (collectively, the "Services").
daa.bio is a platform that enables creators, professionals, brands, and businesses to build premium link-in-bio pages, manage digital identity, publish content and links, customize visual presentation, connect audiences to third-party destinations, and measure performance through analytics and related tools.
This Privacy Policy applies to:
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. Where applicable law requires consent for specific processing activities, we will request that consent separately and expressly.
daa.bio operates as an Indonesia-based digital platform and, depending on the context, may act either as:
(a) a data controller, where we determine the purposes and means of processing personal data, including for account registration, authentication, subscription administration, billing, security, service communications, product improvement, legal compliance, and customer support; or
(b) a data processor or service provider, where we process personal data solely on behalf of a creator, customer, or business user using our platform, subject to their instructions and applicable law.
Nothing in this Privacy Policy limits any additional obligations that may apply under separate commercial terms, data processing agreements, or specific service terms.
We may collect the following categories of personal data, depending on how you use the Services.
This may include your full name, display name, username, email address, phone number, profile image, biography, company or brand name, job title, account credentials, authentication details, and account preferences.
This may include the information you choose to publish or manage through daa.bio, such as links, link titles, descriptions, images, videos, media assets, social handles, call-to-action buttons, design settings, layout selections, theme choices, custom domain settings, and other content uploaded or generated by you.
This may include subscription plan details, billing name, billing address, invoice records, payment status, transaction references, tax-related information, and related commercial records. Payment credentials may be processed directly by third-party payment providers, and we generally do not store full card numbers or equivalent full payment instrument data.
This may include IP address, browser type, operating system, device identifiers, language settings, date and time stamps, referral URLs, pages viewed, clicks, interactions, session behavior, diagnostic data, crash logs, system performance data, and security logs.
This may include messages you send to us, support tickets, emails, contact form submissions, feedback, survey responses, bug reports, or any other information you provide in the course of communicating with us.
Where analytics features are enabled, we may process information relating to page visits, impressions, clicks, interaction events, approximate geolocation inferred from IP address, traffic source, device type, browser data, conversion events, and similar engagement data relating to public pages powered by daa.bio.
If you sign in through a third-party provider, connect external tools, add payment features, use custom domains, or enable integrations, we may receive information from those providers, such as authentication data, account identifiers, service metadata, delivery status, domain records, or other relevant information necessary to operate the integration.
Unless clearly required for a specific feature and lawfully permitted, daa.bio is not designed for the routine collection of highly sensitive personal data. You should not upload or submit sensitive or high-risk personal data through the Services unless you are legally authorized to do so and the feature clearly requires it.
This includes, without limitation, health data, biometric data, genetic data, children's data, criminal record data, and personal financial data belonging to another person.
If you choose to process such data through the Services, you are solely responsible for ensuring that you have a valid legal basis, proper notices, and any required consent under applicable law.
We collect personal data:
We process personal data only to the extent necessary for legitimate, disclosed, and lawful business purposes, including the following:
We use personal data to create and manage accounts, authenticate users, host and render creator pages, deliver design and asset features, manage custom domains, provide analytics, process subscriptions, and maintain the functionality of the platform.
We process personal data as necessary to provide the Services you request, fulfill subscriptions, process payments, respond to inquiries, deliver customer support, and administer our contractual relationship with you.
We process personal data to monitor system performance, prevent abuse, detect fraud, investigate suspicious behavior, maintain logs, troubleshoot issues, back up systems, protect infrastructure, and respond to incidents.
We may use personal data to understand user behavior, improve usability, develop new features, test system performance, enhance design and analytics tools, and support internal research and product decisions.
We use personal data to send account-related notifications, service updates, support responses, billing notices, legal notices, policy changes, and other operational communications.
We may process personal data where necessary to comply with legal obligations, regulatory requirements, lawful requests by public authorities, dispute resolution processes, tax obligations, and the enforcement of our terms, rights, and legitimate interests.
Where permitted by applicable law, we may send product announcements, promotional messages, newsletters, or other marketing communications. You may opt out of marketing communications at any time.
Where required by applicable law, we rely on one or more lawful bases for processing, including:
Where consent is required, we will seek consent in a manner that is clear, specific, and legally valid.
A central feature of daa.bio is the publication of public-facing pages. Any information, content, links, media, profile details, or other material that you intentionally publish through a daa.bio page may be visible to the public and may be indexed by search engines, copied, cached, shared, embedded, screenshotted, archived, or otherwise redistributed by third parties.
You are solely responsible for the content you choose to make public through your page. You should not publish personal data that is confidential, excessive, sensitive, unlawful, or belongs to another person without proper authority.
We may use cookies, pixels, local storage, SDKs, and similar technologies to:
You may manage certain cookie settings through your browser or device settings. Please note that disabling certain technologies may affect the performance, availability, or functionality of the Services.
Where creators install third-party scripts, tracking tools, embeds, or integrations on their daa.bio pages, the collection and processing of data by those third parties are governed by the privacy terms of those parties, not by daa.bio.
Creators may choose to connect third-party tools, such as payment providers, analytics tools, embeds, mailing list tools, social media widgets, scheduling tools, storefront tools, or external forms. In those cases, visitors may provide personal data directly to those third parties or through interfaces embedded on a daa.bio page.
daa.bio is not responsible for the privacy practices of independent third-party services. Creators are responsible for ensuring that their own pages, integrations, notices, and processing activities comply with applicable law.
We may disclose personal data only where reasonably necessary and subject to appropriate safeguards.
We may share personal data with vendors and service providers that help us operate the Services, including providers of hosting, cloud infrastructure, content delivery, data storage, authentication, payments, analytics, customer support, email delivery, security, monitoring, and domain services.
We may disclose personal data where you intentionally publish it through public-facing areas of the Services, including public creator pages.
We may disclose personal data to auditors, legal advisers, accountants, consultants, insurers, financing partners, investors, or counterparties in connection with lawful business operations and corporate transactions, subject to appropriate confidentiality arrangements.
We may disclose personal data where required by law, regulation, court order, lawful governmental request, or where reasonably necessary to protect legal rights, investigate wrongdoing, or protect the safety, security, or integrity of our Services or users.
If daa.bio is involved in a merger, acquisition, investment transaction, reorganization, restructuring, or sale of assets, personal data may be transferred as part of that transaction, subject to applicable confidentiality and legal safeguards.
We do not sell personal data as a commercial commodity.
Your personal data may be processed in Indonesia and in other jurisdictions where our service providers, infrastructure providers, or partners operate.
Where personal data is transferred outside Indonesia, we will take reasonable and legally required steps to ensure that the transfer is made with adequate protection, including through contractual safeguards, technical and organizational controls, equivalent or higher standards of protection where required, or data subject consent where legally necessary.
We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:
Retention periods may vary depending on the nature of the data and the purpose of processing. For example:
When retention is no longer necessary, we will delete, anonymize, or securely destroy personal data in accordance with applicable law and our internal retention standards.
We implement technical and organizational safeguards designed to protect personal data from unauthorized access, disclosure, alteration, misuse, loss, destruction, or other unlawful processing. These safeguards may include access controls, role-based permissions, encryption in transit, password hashing, logging, monitoring, backup procedures, environment separation, incident response practices, and internal confidentiality controls.
However, no internet-based service or electronic storage system can be guaranteed to be completely secure. For that reason, while we take security seriously and apply reasonable safeguards, we cannot guarantee absolute security.
If a personal data breach or failure of personal data protection occurs and notification is required by law, we will provide the required notice to affected individuals and the competent authority within the time period required under applicable Indonesian law.
Subject to applicable law, you may have the right to:
To exercise your rights, please contact us using the details set out in the "Contact Us" section below. We may request sufficient information to verify your identity before responding to your request.
We may deny or limit certain requests where permitted or required by law, including where the request would adversely affect the rights of others, conflict with legal retention obligations, or fall within a lawful exception.
Where daa.bio acts as a processor on behalf of a creator, customer, or business user, that party remains responsible for determining the legal basis for processing and for providing any required notices to end users or visitors. Where daa.bio acts as a controller, we remain responsible for our own processing activities as described in this Privacy Policy.
Where permitted by law, creators and business users using daa.bio are responsible for the lawfulness of the content and personal data they upload, publish, embed, or otherwise process through the Services.
The Services are not intended for children except where expressly stated for a specific lawful use case. If we become aware that we have collected personal data from a child without valid authorization from a parent or legal guardian where such authorization is required, we will take reasonable steps to suspend processing and delete the relevant data in accordance with applicable law.
If you believe that a child has provided personal data to us improperly, please contact us promptly.
Where required by law, or where appropriate in view of the scale, nature, and risk profile of our processing activities, daa.bio may appoint an internal or external person or function responsible for personal data protection oversight and compliance.
The Services may contain links to websites, products, domains, applications, services, or content operated by third parties. We do not control and are not responsible for the privacy, security, or content practices of those third parties. You should review their terms and privacy policies before interacting with them.
We may revise this Privacy Policy from time to time to reflect changes in our Services, technology, business operations, or legal obligations. When we do, we will post the updated version on this page and revise the "Last Updated" date above.
Where required by law or where changes are material, we may also provide additional notice through email, dashboard notifications, or other prominent means.
If you have questions, requests, complaints, or concerns about this Privacy Policy or our processing of personal data, please contact us at:
If required by applicable law, communications relating to personal data protection may also be directed to our designated privacy contact or data protection function through the contact details above.