Privacy Policy
Version: 2026-06-06
Last Updated: June 6, 2026
Operator: Aksa
Address: Jl. Prof. Soedarto No.12, Tembalang, Kec. Tembalang, Kota Semarang, Jawa Tengah 50275
Email: aksauniversal@gmail.com
Phone: +6287743025271
This Privacy Policy explains how Aksa ("Aksa", "we", "us", "our") collects, uses, shares, and protects information when you access or use our Services.
This policy applies to visitors, users, creators, buyers/subscribers, and anyone else who interacts with the Services.
1) Key Concepts
- "Personal Data" means information that identifies or can reasonably be linked to you.
- "Processing" means collecting, storing, using, disclosing, or otherwise handling Personal Data.
- "Controller" (GDPR) means the entity that determines the purposes and means of processing.
For purposes of applicable privacy laws, Aksa acts as a controller for most Personal Data processed through the Services.
2) Information We Collect
We collect information in the following categories:
2.1 Information you provide
- Account information. When you sign in via an external provider (such as Google), we receive information that provider shares with us (e.g., name, email address, profile photo URL).
- Profile information. Username/handle, bio, links, preferences, and other profile fields you choose to provide.
- Learning and community content. Notes, reflections, posts, comments, messages, files, and other content you create or upload.
- Creator commerce information. If you sell, we process information needed to operate creator features (e.g., store configuration, item metadata, payouts as applicable).
- Support and feedback. Messages you send to us and information included in feedback forms.
2.2 Information we collect automatically
- Device and usage data. IP address, device identifiers (where available), browser type, OS, pages viewed, interactions, time spent, referring/exit pages, and approximate location inferred from IP.
- Cookies and similar technologies. We use cookies and local storage for essential functions and preferences. See Section 15 for details on our cookie usage.
- Security signals. We use integrity and anti-abuse signals such as Firebase App Check and reCAPTCHA Enterprise where applicable.
2.3 Transaction data (payments)
If you purchase through the Services, we receive and store transaction metadata such as order IDs, amounts, payment method labels, statuses, refunds/disputes metadata, and related identifiers needed for reconciliation. Payment credentials (e.g., card numbers) are handled by payment providers; we do not store raw card details on our servers.
3) How We Use Information
We use Personal Data to:
- provide, operate, and maintain the Services (including account creation and authentication),
- personalize and improve learning experiences and recommendations,
- enable community interactions and creator commerce,
- process transactions, refunds, disputes, and payouts,
- provide customer support and respond to inquiries,
- protect users and the Services (fraud prevention, security, abuse prevention),
- comply with legal obligations and enforce our Terms and policies.
4) Legal Bases (GDPR)
Where the GDPR applies, we rely on one or more of the following legal bases:
- Contract. Processing necessary to provide the Services and fulfill our agreement with you.
- Legitimate interests. Improving Services, security, preventing abuse, and operating platform integrity (balanced against your rights).
- Consent. Where required, such as for certain optional features or cookies.
- Legal obligation. Compliance with applicable laws and lawful requests.
5) AI Features and AI Data
The Services may include AI-assisted features. Depending on the feature, we may process:
- your prompts and inputs to AI features,
- context and conversation history to provide continuity,
- outputs generated for you.
We use AI-related data to provide the AI features, to maintain quality and safety, and for internal evaluation and improvement of the product experience. We do not use your AI data to train third-party foundation models unless we clearly disclose it and obtain consent where required.
AI processing may involve service providers (for example, Google Gemini models through our AI orchestration stack). See "Sharing" below.
6) How We Share Information
We do not sell Personal Data. We may share Personal Data in the following circumstances:
6.1 Service providers (processors)
We use trusted vendors to operate the Services. They may process information only to provide services to us, subject to contractual protections. Examples include:
- Hosting and infrastructure: Google Cloud Platform, Firebase (authentication, database, hosting, storage).
- AI services: AI providers used to run AI features (e.g., Google Gemini via our orchestration stack).
- Payments: payment processors (e.g., Midtrans) to accept payments and process refunds and disputes.
- Realtime communications: providers such as LiveKit (if you participate in realtime audio/video experiences).
6.2 Legal requirements and protection
We may disclose information if we believe in good faith that disclosure is necessary to:
- comply with law, regulation, legal process, or government request,
- enforce our Terms and policies,
- protect the rights, property, and safety of Aksa, our users, or others,
- investigate fraud, security issues, or abuse.
6.3 Business transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable law.
7) International Data Transfers
Your information may be processed in countries other than where you live. Where required, we implement appropriate safeguards for international transfers (e.g., contractual protections).
8) Data Retention
We retain Personal Data as long as necessary to:
- provide the Services,
- comply with legal obligations,
- resolve disputes,
- enforce agreements,
- maintain security and prevent abuse.
Retention periods vary by data type. We may retain certain information even after account deletion requests, where legally required or for legitimate business purposes (e.g., fraud prevention, financial records, security logs).
9) Security
We implement administrative, technical, and physical safeguards designed to protect Personal Data. No system is perfectly secure, and we cannot guarantee absolute security.
10) Your Privacy Rights and Choices
10.1 Account controls
You may access and update certain profile information through your account settings where available.
10.2 Deletion requests
If you want to delete your account, contact us at aksauniversal@gmail.com. We may need to verify your identity before processing requests.
10.3 GDPR rights (EEA/UK/Switzerland)
Where applicable, you may have rights to:
- access your Personal Data,
- rectify inaccurate data,
- delete data ("right to be forgotten"),
- restrict processing,
- object to processing,
- data portability,
- withdraw consent (where processing is based on consent),
- lodge a complaint with a supervisory authority.
10.4 CCPA/CPRA rights (California)
Where applicable, California residents may have rights to:
- know what Personal Information we collect, use, disclose, and share,
- request deletion of Personal Information (subject to exceptions),
- request correction of inaccurate Personal Information,
- opt out of "sale" or "sharing" of Personal Information (as defined by law),
- limit the use and disclosure of sensitive personal information (if applicable),
- non-discrimination for exercising privacy rights.
We do not sell Personal Information. If our practices change, we will update this policy and provide required opt-out mechanisms.
11) Children’s Privacy
The Services are not intended for children under 13. We do not knowingly collect Personal Data from children under 13. If you believe a child has provided Personal Data, contact us so we can take appropriate action.
12) Automated Decision-Making
We may use automated systems to detect fraud, abuse, and policy violations. Such systems may result in restrictions (e.g., limiting access, holding transactions). We provide human review pathways where appropriate and feasible.
13) Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated version and "Last Updated" date. Continued use of the Services after changes become effective constitutes acceptance of the updated policy.
14) Contact Us
Privacy questions, requests, or complaints:
- Email: aksauniversal@gmail.com
- Phone: +6287743025271
- Address: Jl. Prof. Soedarto No.12, Tembalang, Kec. Tembalang, Kota Semarang, Jawa Tengah 50275
15) Cookie Policy
Aksa uses cookies and similar technologies on the Services to keep things running securely and smoothly.
15.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website or use a web-based application. Cookies help websites remember your preferences, keep you signed in, and support security and performance. Similar technologies include local storage, session storage, SDK storage, and device identifiers.
15.2 How We Use Cookies and Similar Technologies
We use cookies and similar technologies for:
- Essential functionality: authentication hints, session continuity, navigation state.
- Preferences: remembering UI preferences such as sidebar state and UI configuration.
- Security and abuse prevention: integrity signals and bot protection (including reCAPTCHA Enterprise and Firebase App Check where applicable).
15.3 Cookies We Use (Current)
Below is a list of cookies used by the Services:
aksa_auth: Authentication hint cookie used to help bootstrap session continuity across certain domain/subdomain contexts. (Essential, Up to 30 days)sidebar_state: Remembers whether the sidebar is expanded/collapsed for a better UX. (Preference, Up to 7 days)
15.4 Local Storage and Session Storage
In addition to cookies, parts of the Services may use:
- Local storage to remember preferences (e.g., certain UI settings) and limited feature state.
- Session storage to preserve short-lived flow state (e.g., redirect URL after login, or temporary UI intents).
- IndexedDB persistence (for example, where underlying libraries like Firebase Auth store session state).
15.5 Security Technologies
We use security technologies (like reCAPTCHA Enterprise and Firebase App Check) to verify that requests come from legitimate clients and score bot/abuse risk.
15.6 Managing Cookies
You can manage cookies using your browser settings (delete cookies, block all or third-party cookies, set rules per-site). Note that disabling cookies may affect preference persistence or authentication flow continuity.