Privacy Policy

1. Introduction

Averoz (“Averoz”, “we”, “us”, or “our”) — a brand owned and operated by PT Digital Wijaya Group— operates an AI website builder platform that lets you upload your business materials, generate a website with the help of AI, and publish and host it. References to “Averoz”, “we”, “us”, and “our” in this policy mean PT Digital Wijaya Group. This policy applies to our marketing site, the dashboard, the website builder, and the related services we provide (the “Service”).

By creating an account or using the Service, you agree to the practices described here. If you do not agree, please do not use the Service. Where required by law, we rely on your consent, the performance of our contract with you, our legitimate interests, or our legal obligations as the basis for processing your data. As we operate in Indonesia, we handle personal data in line with the Indonesian Personal Data Protection Law (Undang-Undang Perlindungan Data Pribadi / UU PDP) where it applies to you.

Data controller

Averoz is a brand owned and operated by PT Digital Wijaya Group, a limited liability company established under the laws of the Republic of Indonesia, domiciled in Surakarta. PT Digital Wijaya Groupis the data controller responsible for your personal data under this policy — the entity that determines how and why your data is processed.

Registered address: Jl. Kyai Mojo No. 25, Kelurahan Semanggi, Kecamatan Pasar Kliwon, Kota Surakarta, Jawa Tengah 57191, Indonesia. Business Identification Number (NIB): 1604260060856. For any data-protection matter, you can reach our privacy contact at support@averoz.com.

2. Information We Collect

Information you provide

• Account information: your name, email address, WhatsApp number, and a securely hashed password. We never store your password in plain text.
• Google sign-in: if you sign in with Google, we receive your basic Google profile and email address from Google to create or link your account.
• Business brief & uploads: the brief you describe, and materials you upload such as logos, photos, and PDF documents (for example a company profile), plus the website content you and our AI generate.
• Payment metadata: records of your purchases, invoices, plan, and credits. Full card numbers are handled by our payment processors and are never stored by Averoz.
• Support communications: messages, tickets, and any information you share when you contact us.

Information we collect automatically

• Usage logs: AI generation logs, the credits ledger, deployment logs, and other records of how you use the Service.
• Device & technical data: IP address, browser type, device information, and approximate location derived from your IP.
• Cookies & session data: identifiers used to keep you signed in and remember your preferences (see Cookies below).

Information from third parties

• Authentication providers: Google, when you choose to sign in with Google.
• Payment processors: payment status and transaction confirmations from Xendit and PayPal.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service — generate, edit, publish, and host your websites;
• Process payments, manage your plan, and track your credits;
• Send transactional notifications by email and WhatsApp (for example payment confirmations and account alerts);
• Verify your identity and prevent abuse, fraud, and spam;
• Provide customer support and respond to your requests;
• Operate, maintain, and improve the Service and develop new features;
• Comply with applicable laws and enforce our terms.

4. AI Processing of Your Content

A core part of the Service is generating website content with artificial intelligence. To do this, your business brief and the materials you provide may be sent to third-party AI providers — including Anthropic (Claude) and other providers such as Google (Gemini)— which process that content to produce text and structured website data.

These providers process your content under their own terms and security commitments and only to deliver the generation you requested. We send the minimum necessary to perform the task, and we do not use your private business content to train our own public models.

5. Cookies & Similar Technologies

We use a small number of cookies and similar technologies:

• Essential / session cookies: required to keep you signed in and secure your session (managed through our authentication system).
• Preference cookies: for example a language preference cookie (NEXT_LOCALE) that remembers whether you use the English or Indonesian interface.
• Minimal analytics: aggregate, privacy-respecting measurement to understand how the Service is used.

Non-essential cookies, such as analytics, are used only with your consent, and you can withdraw that consent or opt out at any time through your browser settings or any cookie controls we provide. Essential cookies are always required for the Service to function. We do not use heavy third-party advertising or cross-site ad tracking.

6. Third-Party Services & Sub-Processors

We rely on trusted service providers (sub-processors) to operate the Service. They process data on our behalf under appropriate safeguards:

• Supabase — PostgreSQL database hosting;
• Cloudflare R2 & CDN — file storage and content delivery;
• ServerAvatar / VPS — hosting for your published websites;
• Xendit — payment processing for IDR transactions;
• PayPal — payment processing for USD transactions;
• Fonnte — WhatsApp notifications and verification;
• Resend — transactional email delivery;
• AI providers — Anthropic (Claude) and Google (Gemini) for content generation;
• Domain registrars / resellers — when you search for or register a domain;
• Google — OAuth sign-in.

Payment card data is handled directly by Xendit and PayPal; Averoz never stores full card numbers.

7. How We Share Information

We do not sell your personal data. We share information only in these limited circumstances:

• With the sub-processors listed above, solely to operate the Service on our behalf;
• When you publish a website, the content you choose to publish becomes publicly available on the internet;
• To comply with the law, a court order, or a valid legal request;
• To protect the rights, safety, and security of Averoz, our users, and the public;
• In connection with a merger, acquisition, or sale of assets, in which case we will notify you and honor this policy.

8. Data Storage, Location & Retention

Your data is stored with our infrastructure providers and may be processed in data centers located in different countries. We retain your information for as long as your account is active and as needed to provide the Service.

Published website data is preserved even if your hosting lapses: the live site may be temporarily deactivated, but the underlying data is kept so it can be restored. When you delete your account or request deletion, we remove or anonymize your personal data within a reasonable period, except where we must keep it to comply with legal, accounting, or anti-fraud obligations.

9. Data Security

We apply technical and organizational measures to protect your data, including:

• Encryption in transit using SSL/TLS;
• Passwords stored only as secure hashes;
• Encryption at rest for sensitive data such as merchants’ stored payment-gateway keys;
• Access controls limiting who can reach your data.

No method of transmission or storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security.

In the event of a personal-data breach, we will notify the affected data subjects (and the supervisory authority where required) without undue delay and, in line with the Indonesian Personal Data Protection Law (UU Pelindungan Data Pribadi / UU 27/2022), within 3×24 hours of becoming aware of the breach.

10. Your Rights & Choices

Subject to applicable law — including, where it applies to you, the Indonesian Personal Data Protection Law (UU PDP) — you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or incomplete information;
• Delete your data and your account;
• Export a copy of your data;
• Withdraw consent where processing is based on consent;
• Object to or restrict certain processing;
• Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you;
• Lodge a complaint with the supervisory authority and seek compensation for losses caused by a violation of the protection of your personal data.

To exercise any of these rights, contact us at support@averoz.com. We may need to verify your identity before acting on your request.

11. Children’s Privacy

The Service is not directed to individuals under 18 years of age, and we do not knowingly collect personal data from children. If you believe a child has provided us personal information, please contact us and we will delete it.

12. International Users & Cross-Border Transfers

Averoz operates globally, and your information may be transferred to and processed in countries other than the one in which you live, including by offshore sub-processors such as Anthropic, Google, PayPal, and Cloudflare.

Consistent with Article 56 of the Indonesian Personal Data Protection Law (UU PDP), we transfer personal data abroad only where: the destination country ensures a level of personal-data protection that is equal to or higher than that under Indonesian law; or, failing that, appropriate and binding safeguards are in place; or you have given your consent. By using the Service, you understand that your data may be processed in these locations.

13. Changes to This Policy & Contact

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after changes take effect means you accept the updated policy.