Legal

Privacy Policy — NgeHit

Effective date: January 1, 2025 · Last updated: May 26, 2026
Applies to: ngehit.com and all NgeHit products by Akses Digital Indonesia

TL;DR:NgeHit doesn't sell your data. We don't use your data for advertising. Collected data is used solely to operate the NgeHit service — connecting your accounts to social platforms, scheduling posts, and analyzing content performance. You can delete all your data at any time.

1. Overview and Definitions

This Privacy Policy explains how PT Akses Digital Indonesia (“Akses Digital”, “we”) collects, uses, stores, and protects user data (“you”) through the NgeHit platform (“Service”). It applies to all NgeHit users, including content creators and media agencies using the Social Media Management (SMM) features.

Current Service scope: NgeHit is an SMM platform that helps creators and agencies manage their own social media accounts — including post scheduling, video editing, AI captioning, analytics, and social inbox. The Service currently does not include marketplace features, brand–creator mediation, or third-party transactions.

2. Data We Collect

2.1 Information You Provide Directly

  • Account data: full name, username, email, password (encrypted), phone number
  • Profile data: profile photo, date of birth, gender, city/province
  • Payment data: via Midtrans gateway (we don't store card numbers)
  • Content you create: captions, drafts, schedules, hashtag groups, uploaded media
  • Communications: support messages, feedback you send

2.2 Automatically Collected Data

  • Usage data: features used, time and frequency, pages visited
  • Device data: browser type, OS, screen resolution, IP address
  • Log data: login times, platform activity, error logs
  • Cookies: see section 9

2.3 Data from Social Platforms

When you connect a social account via OAuth, we receive data you explicitly authorize — varies per platform (see section 4).

3. How We Use Data

We use collected data solely for:

  • Providing and running the NgeHit Service
  • Linking your account to social media platforms you choose
  • Generating performance analytics reports on your dashboard
  • Processing payments and managing subscriptions
  • Sending service-related notifications
  • Responding to questions and support requests
  • Preventing abuse and maintaining platform security
  • Fulfilling applicable legal obligations

What we do NOT do: We do not use your data for targeted advertising. We do not sell or rent your data to third parties. We do not use data from social platform APIs (Meta, TikTok, Google) beyond stated purposes.

4. Third-Party Platform Integrations

NgeHit integrates with social media platforms via their official APIs using industry-standard OAuth 2.0.

4.1 Meta — Instagram & Facebook

Access RequestedPurpose
Read profile & account statsDisplay account info and performance data on NgeHit dashboard
Publish contentSchedule and post photos & videos on your behalf
Manage commentsRead and reply via Social Inbox
Read analyticsDisplay content performance reports
Manage messages (DM)Read and reply to direct messages via Social Inbox

4.2 TikTok

Access RequestedPurpose
Read profile infoDisplay account data on dashboard
Access video listDisplay analytics performance reports
Publish videosSend and schedule videos to TikTok on your behalf
Upload contentProcess and upload video files to TikTok

4.3 Google & YouTube

Google Limited Use Statement:NgeHit's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data obtained from Google APIs is:

  • Not used for targeted advertising or retargeting
  • Not sold to data brokers or third parties
  • Not used for credit-worthiness assessment
  • Not used to train AI/ML models
  • Only used to provide YouTube publishing, analytics dashboard, and Drive import

5. Data Sharing with Third Parties

We do not sell your personal data. We share data only in limited circumstances:

  • Infrastructure providers: cloud hosting, encrypted storage, email — bound by confidentiality agreements
  • Payment processing: Midtrans (PCI-DSS compliant). We don't store credit card data
  • AI services: caption generation context — no PII, not used for training
  • Legal obligations: when required by Indonesian law or valid court orders
  • Business transfer: if NgeHit is acquired, with prior user notification

6. Data Security

  • Transit encryption: TLS 1.2/1.3 (HTTPS) for all communications
  • Storage encryption: social platform tokens encrypted
  • Media encryption: files stored encrypted in cloud storage
  • Password hashing: strong one-way cryptographic hashing
  • Least-privilege access: for employee data access
  • Monitoring: activity logs reviewed periodically

Report security vulnerabilities: [email protected] with subject [SECURITY].

7. Data Retention and Deletion

  • Active account data: while your account is active
  • Content & media: until you delete them or close your account
  • Analytics data: 24 months from collection
  • System logs: 90 days
  • Payment/transaction data: 5 years (Indonesian tax law)
  • OAuth platform tokens: deleted immediately upon disconnect

When you delete your NgeHit account, your data is deleted/anonymized within 30 days. See: Data Deletion Guide.

8. Your Rights

  • Access — request a copy of your personal data
  • Correction — request correction of inaccurate data
  • Erasure — “right to be forgotten”
  • Portability — request data in JSON/CSV format
  • Objection — to specific data processing
  • Withdraw consent at any time
  • Revoke platform access directly from each platform's settings

Send requests to [email protected] — we respond within 30 days.

9. Cookies and Tracking

  • Essential cookies: maintain login sessions (required)
  • Functional cookies: store display preferences
  • Analytics cookies: aggregate usage analysis (can be disabled)

We do not use cookies for targeted ads or share data with ad networks.

10. Children's Privacy

NgeHit is not intended for users under 13. Users aged 13–17 must have parental/guardian consent before using paid services.

11. Changes to This Privacy Policy

  • We'll update the “Last updated” date
  • Email notification at least 14 days before material changes
  • Banner notification in dashboard

12. Privacy Contact

  • Email: [email protected]
  • Subject: [PRIVACY] for faster processing
  • Response time: Maximum 30 calendar days
  • Company: PT Akses Digital Indonesia

See also: Data Deletion Guide · Kebijakan Privasi (ID) · Terms & Conditions