Privacy Policy_

Webiti (webiti.id) is a website-building studio based in Madiun, Indonesia. We collect the minimum data needed to: (a) run the site correctly, (b) respond to contact messages from prospective clients, and (c) measure content performance through anonymous analytics. We do not sell your data to third parties. You have the right to request deletion of your data at any time by emailing sales@webiti.id.

a. When you fill out the contact / newsletter form

• Name (contact form)
• Email address
• WhatsApp number (optional, contact form)
• Type of website you're interested in (contact form)
• Message / short brief (contact form)
• IP address (for rate-limiting & anti-spam)

Legal basis: consent (you voluntarily submit that form) — PDP Law Article 20 paragraph (1) letter a.

b. When you browse the site (automatic)

• Google Analytics 4: anonymous pageviews, visit duration, device & browser, traffic source, approximate location (city — not precise). IP is anonymized via anonymize_ip. Cookies _ga, _ga_*. 14-month retention.
• Microsoft Clarity: activity heatmaps (clicks, scrolls), approximate navigation paths. All form input is automatically masked via clarity('set','mask','*') — we do not record the contents of email/WhatsApp/brief fields. 90-day retention.
• Google Ads conversion tag (when a campaign is active): measures whether an ad click becomes a contact lead. Stores no personal data beyond the Google ID.
• Server log: IP & user-agent for rate-limiting. Not merged with personal identity. 7-day retention.

Legal basis for analytics: legitimate interest — measuring traffic to improve the site (PDP Law Article 20 paragraph (1) letter f). You can opt out using tracker-blocking extensions (uBlock Origin, Privacy Badger) or private/incognito mode — both block the analytics scripts (GA4, Clarity) before they load. This is more effective and portable than a per-site banner.

• Communication: Responding to your questions via email or WhatsApp.
• Operations: Sending quotes, invoices, and project documentation if you become a client.
• Analytics: Understanding which content helps and what devices visitors use — improving UX and SEO. Aggregate data, never viewed per individual.
• Security: Detecting form abuse (spam, bots), protecting server infrastructure.

We do not use your data for automated profiling, personally targeted ads, or selling to data brokers.

We share minimal data with the following processors. They may not use the data for their own purposes.

• Vercel Inc. (United States) — site hosting & content delivery. Subject to Vercel's DPA.
• Google LLC (United States) — Google Analytics 4, Google Ads, Google Fonts. See Google's Privacy Policy (opens in new tab).
• Microsoft Corporation (United States) — Clarity heatmaps. See Microsoft's Privacy Statement (opens in new tab).
• Resend Inc. (United States) — transactional email delivery (contact, newsletter). The email recipient is only our internal address sales@webiti.id.

Data may cross national borders (cross-border transfer) because of the processors above. Per PDP Law Article 56, we ensure the destination country provides an equivalent level of protection or the processor is bound by standard contractual clauses.

As a data subject, you have the right to:

• Know what we store about you
• Request correction of inaccurate data
• Request deletion of data (right to be forgotten)
• Opt out of analytics via incognito mode or tracker-blocking extensions
• Obtain a copy of your data (portability)
• File a complaint with the Personal Data Protection Commission (Komdigi — Ministry of Communication and Digital Affairs of Indonesia)

To exercise the rights above, email sales@webiti.id with the subject [PDP]. We respond within 3×24 business hours and resolve requests within 30 calendar days, in accordance with PDP Law Article 16 paragraph (3).