Privacy Policy

Huudis is the identity-and-access product of PT Forjio Teknologi Indonesia. We provide single sign-on, MFA, OIDC, and account management for the Forjio family of products (Plugipay, Storlaunch, Ripllo, Fulkruma, LinkSnap, and others). Reach us at support@forjio.com.

•Account data — email, name, password hash, locale. Provided by you at signup or social-login link.

•Authentication data — login timestamps, IP address, user-agent, MFA challenge metadata. Used for security, fraud detection, and audit trails.

•Social-login identifiers — when you sign in with Google, Apple, or Facebook, we receive the platform's opaque user ID + email + name + profile picture URL. We do not request access to your contacts, posts, or any other data.

•Workspace data — accounts, members, roles, IAM policies, service-account keys. Created by you when you set up workspaces.

•Audit logs — records of authentication events, role changes, and policy modifications. Retained for security investigations.

•To authenticate you and route OIDC tokens to the Forjio products you use.

•To detect fraud, account takeover, and abuse.

•To meet legal and tax obligations as required by Indonesian law.

We do not sell personal data, do not show advertising on Huudis, and do not share your data with third-party advertisers.

When you click a social-login button, you are redirected to that platform's own consent screen. Only the data you grant becomes accessible to us. For all three providers we request only:

•email — your email address

•profile / public_profile — your name and profile picture URL

Your social-platform access tokens are stored encrypted at rest and used only to verify your identity at sign-in. You can unlink any social provider from your Huudis account at any time in Linked accounts. Unlinking deletes the token within 24 hours.

Production data is hosted in Singapore on DigitalOcean infrastructure, encrypted at rest and in transit. Backups are encrypted and retained for 30 days.

•Account data: until you delete the account, then 30 days for backup expiry.

•Social-identity links: until you unlink or delete the account.

•Audit logs: 90 days for general events, 7 years for tax-relevant records.

•MFA recovery codes (hashed): until you regenerate or delete the account.

You can:

•Request a copy of the data we hold about you

•Request correction of inaccurate data

•Request deletion (see data deletion)

•Withdraw social-login consent by unlinking the provider

Email support@forjio.com to exercise any of these rights. We respond within 30 days.

We share data with the following processors, all under data-processing agreements:

•DigitalOcean — hosting

•Resend — transactional email delivery (verification, password reset, security alerts)

•Forjio family products — when you sign in to a sibling product (Plugipay, Storlaunch, etc.) via OIDC, we send the requested claims to that product

We share the minimum necessary data for each processor to perform its function. We do not sell data to advertisers, data brokers, or any third party.

Huudis is not intended for users under 18. We do not knowingly collect data from minors.

We will post material changes to this policy on this page and notify active users by email at least 14 days before they take effect.

The data controller for Huudis is:

PT Forjio Teknologi Indonesia
Jl. Parkit, Blok I, No. 48, RT 004, RW 001
Cempaka Permai, Gading Cempaka
Bengkulu, Bengkulu 38221
Phone / WhatsApp: +62 815-2999-0219
Email: support@forjio.com (subject line tag: [privacy])

Data subject requests under UU No. 27/2022 (Pelindungan Data Pribadi) — including access, correction, deletion, and portability — go to the email above. We respond within 30 days.