Privacy Policy

At Orqestra (operated by Harmoni Mitra Tekno, "HMT", "we", "us", or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp Business Console platform.

By using Orqestra, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Account Information

• Organization name and unique identifier
• User names, email addresses, and encrypted passwords
• Role assignments and permission settings
• WhatsApp Business Account (WABA) configuration details

WhatsApp Message Data

• Inbound and outbound message content (text, media, documents)
• Contact information from WhatsApp (phone numbers, profile names)
• Message delivery status and timestamps
• Conversation flow session data

Usage Data

• Feature usage analytics (broadcasts sent, flows created, AI interactions)
• Login timestamps and session information
• Credit consumption and subscription status
• Agent performance metrics

How We Use Your Information

• Service Operation: To provide, maintain, and improve Orqestra's core functionality including message routing, team inbox, and automation
• AI Processing: To power AI Copilot features through our Dify integration, using your uploaded knowledge base documents
• Analytics: To generate dashboard insights and performance reports for your organization
• Billing: To process payments, manage subscriptions, and track usage against your plan limits
• Support: To respond to your inquiries and provide customer service
• Communication: To send transactional emails (verification, password reset, subscription notifications)
• Security: To detect and prevent fraud, abuse, and security incidents

Third-Party Services

Orqestra integrates with the following third-party services to provide its functionality:

Data Retention

• Message Data: Retained for the duration of your subscription plus 30 days after account termination
• Account Data: Retained until you request deletion or 90 days after subscription cancellation
• Analytics & Logs: Aggregated analytics retained for up to 2 years; detailed logs retained for 90 days
• Billing Records: Retained as required by Indonesian tax regulations (minimum 10 years)

Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Export: Request an export of your data in a machine-readable format
• Withdraw Consent: Withdraw consent for non-essential data processing

To exercise these rights, please contact us at privacy@orqestra.web.id

Security Measures

• All data transmitted over HTTPS with TLS encryption
• Passwords are hashed using bcrypt with strong salt
• Role-based access control (RBAC) with 22 granular permissions
• Organization-level data isolation (multi-tenant architecture)
• Regular security audits and vulnerability assessments
• Webhook signature verification for WhatsApp API calls

Cookies

We use essential cookies only for authentication and session management. We do not use advertising or tracking cookies. The cookies we use are:

• wa_user_session: Signed session cookie for authenticated users
• wa_admin_session: Signed session cookie for platform administrators

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will send an email notification to organization administrators.

Contact Us

If you have questions about this Privacy Policy, please contact us: