1. Introduction

PT. Arah Makna Network ("we," "our," or "us") operates MUVI, an edutainment platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us:

• Account Information: Name, email address, password, and profile picture when you create an account
• Authentication Data: When you sign in using Google or GitHub, we receive your basic profile information from these providers
• Payment Information: Billing address and payment details processed through Stripe, LemonSqueezy, or Paddle
• Profile Data: Additional information you choose to provide in your profile
• Communications: Messages you send through our support system or contact forms

2.2 Automatically Collected Information

When you access our platform, we automatically collect certain information:

• Usage Data: Pages viewed, time spent, courses enrolled, films watched, and learning progress
• Device Information: Browser type, operating system, device type, and IP address
• Cookies and Similar Technologies: We use cookies, session tokens, and local storage to maintain your session and preferences
• Log Data: Server logs, error reports, and performance metrics

2.3 Learning and Progress Data

We track your educational progress including:

• Course enrollments and completion status
• Lesson progress and quiz results
• Certificates earned
• Films watched and viewing history
• Time spent on learning activities

3. How We Use Your Information

We use the information we collect to:

• Provide Services: Create and manage your account, process payments, deliver content, and track your learning progress
• Personalization: Recommend relevant courses and content based on your interests and learning history
• Communication: Send transactional emails, course updates, newsletters, and respond to your inquiries
• Improvements: Analyze usage patterns to improve our platform, develop new features, and enhance user experience
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our terms of service
• Certificates: Generate and verify completion certificates

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Payment Processors: Stripe, LemonSqueezy, and Paddle for processing payments
• Cloud Storage: AWS S3 for storing uploaded files and media
• Email Services: Nodemailer and Mailchimp for sending emails
• Content Management: Sanity CMS for managing blog posts and dynamic content
• Search Services: Algolia for powering search functionality
• AI Services: OpenAI for AI-powered features
• Analytics: Service providers for analyzing platform usage

4.2 Authentication Providers

When you sign in using Google or GitHub, these providers share your basic profile information with us according to their privacy policies.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights or the safety of users.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data in transit is encrypted using HTTPS/TLS protocols
• Password Security: Passwords are hashed using industry-standard algorithms
• Access Controls: Role-based access control limits who can access your data
• Database Security: PostgreSQL database with secure connections and regular backups
• Session Management: Secure session handling using JWT tokens with NextAuth.js
• Regular Updates: We keep our software and dependencies up to date with security patches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Data Rights

You have the following rights regarding your data:

6.1 Access and Portability

You can access your personal information through your account settings and user dashboard. You can request a copy of your data in a portable format.

6.2 Correction

You can update your profile information, email address, and preferences through your account settings.

6.3 Deletion

You can request deletion of your account and personal data by contacting our support team. Note that some information may be retained for legal or legitimate business purposes.

6.4 Opt-Out

You can opt out of marketing communications by clicking "unsubscribe" in emails or updating your notification preferences in your account settings.

6.5 Data Retention

We retain your information for as long as your account is active or as needed to provide services. We may retain certain information after account closure for legal, tax, or audit purposes.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use essential cookies for authentication, session management, and security. These cookies are necessary for the platform to function properly.

7.2 Functional Cookies

We use functional cookies to remember your preferences such as language selection, theme (dark/light mode), and other settings.

7.3 Local Storage

We use browser local storage to cache certain data for better performance and user experience.

7.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

8. Children's Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to request deletion.

9. International Data Transfers

Your information may be transferred to and processed in countries other than Indonesia, including the United States where our service providers are located. We ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy.

10. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last Updated" date. Significant changes will be communicated via email to registered users.

12. Contact Us

If you have questions or concerns about this privacy policy or our data practices, please contact us: