Privacy Policy

ProBono.id is committed to protecting your privacy and personal data. This policy explains how we collect, use, and protect your information in accordance with Law No. 27 of 2022 on Personal Data Protection.

Last updated: February 10, 2026

1. Data Controller

ProBono.id acts as the data controller for all personal information collected through our Platform.

Data Protection Officer (DPO):

  • Email: privacy@probono.id
  • Address: Revenue Tower, 19th Floor, Jl. Jend. Sudirman kav. 52-53, District 8, SCBD, Jakarta Selatan
  • Response time: 5-7 business days

2. Legal Basis for Processing

We process your personal data based on the following legal grounds in accordance with Law No. 27 of 2022:

  • Consent: You provide explicit consent when registering and creating an account
  • Contractual necessity: Processing data is necessary to provide consultation services
  • Legal obligation: Complying with professional regulations (PERADI 50-hour pro bono requirement, doctor/psychologist licenses)
  • Vital interests: Emergency detection to protect user safety

3. Data We Collect

3.1 Account Information (All Users)

  • Basic identity: Full name, email, phone number
  • Security credentials: Password (hashed with bcrypt, not stored in plaintext)
  • Account metadata: Registration date, verification status, last login timestamp

3.2 Help Seeker Data

  • Case information: Case description, area of assistance needed (legal/health/mental health), urgency level
  • Preferences: Consultation language, location (optional), availability
  • Consultation history: Consultation requests, consultation notes, ratings given

3.3 Volunteer Data

  • Professional credentials: License number (STR, SIPP, PERADI), certificates, professional organization affiliations
  • Verification documents: Uploaded licenses, certificates (stored encrypted)
  • Expertise: Specializations, languages spoken, years of experience
  • Service history: Cases handled, pro bono hours logged, ratings received

3.4 Organization Data

  • Institution information: Organization name, service areas (pillars), location
  • Contact: PIC (Person In Charge), organization email, phone
  • Events: Pro bono event details organized

3.5 Technical Data (Automatic)

  • Server logs: IP address, browser user agent, access timestamp
  • Session data: Session cookies (for authentication), UI preferences
  • Error logs: Error stack traces (without sensitive data)

3.6 Anonymous Data (Emergency Detection)

Important Note: Our emergency detection system analyzes consultation request text for emergency keywords (suicide, chest pain, severe bleeding, etc.). This data is NOT linked to user IDs and is stored anonymously for safety purposes.

4. How We Use Your Data

4.1 Core Service Provision

  • Matching: Match help seekers with volunteers based on expertise, language, availability
  • Verification: Verify volunteer professional credentials
  • Notifications: Send emails about consultation status, schedules, reminders
  • Hour tracking: Record volunteer pro bono hours for PERADI compliance

4.2 Security and Safety

  • Emergency detection: Block emergency requests and redirect to 119/110/112
  • Fraud prevention: Detect fake accounts, invalid credentials
  • Content moderation: Check for violating content (harassment, spam)

4.3 Platform Improvement

  • Analytics: Anonymous usage metrics (number of consultations, average response time)
  • Debugging: Error logs to fix bugs
  • Feedback: Ratings and reviews to improve quality

5. Third-Party Data Sharing

ProBono.id DOES NOT sell your personal data to anyone.

We only share data with third parties in the following limited situations:

5.1 Technical Service Providers

  • Resend (Email): Sending consultation notification emails (Phase 2)
  • Google Meet: Meeting URLs for video consultations (volunteers provide links)
  • Cloud Hosting: Vercel/AWS for application and database hosting

Agreements: All service providers are bound by Data Processing Agreements (DPA) to protect your data.

5.2 Legal Obligations

We may disclose data if:

  • Required by court order or subpoena
  • Requested by law enforcement agencies (Police, Attorney General's Office)
  • Necessary to comply with professional regulations (PERADI, IDI, HIMPSI)
  • To protect ProBono.id's legal rights or prevent fraud

5.3 Business Transfers

If ProBono.id is acquired or merged with another entity, user data may be transferred as part of business assets. You will be notified in advance.

6. Data Retention Periods

Data TypeRetention PeriodReason
Active accountUntil account deletion + 30 daysGrace period for recovery
Consultation records2 years after completionLegal compliance (malpractice, audit)
Anonymous emergency sessions1 yearSafety analytics, detection improvement
Server logs90 daysDebugging, security
Verification documentsUntil volunteer deactivates account + 1 yearVerification audit

7. Data Security

Encryption

  • HTTPS/TLS for all connections
  • Password hashed with bcrypt
  • Credential documents encrypted

Access Control

  • Role-based access control (RBAC)
  • Admin audit logs
  • 2FA for admin accounts (Phase 2)

Monitoring

  • Real-time intrusion detection
  • Automated daily backup
  • Routine vulnerability scanning

Breach Notification

  • Notification within 72 hours (Law 27/2022)
  • Email to affected users
  • Report to Kominfo if required

8. Cookies and Tracking Technologies

8.1 Essential Cookies

Used for: Authentication, session management

  • authjs.session-token - Session token (expires after 30 days)
  • authjs.csrf-token - CSRF protection

Note: Essential cookies do not require explicit consent as they are necessary for Platform functionality.

8.2 Optional Cookies (Phase 2)

We plan to add optional cookies for analytics and user experience improvement. You will be asked for consent via cookie banner.

9. Your Privacy Rights (Law 27/2022)

In accordance with Law No. 27 of 2022, you have the following rights:

1. Right to Access

Request a copy of the personal data we hold about you in machine-readable format (JSON/CSV).

How: Email privacy@probono.id with subject "Data Access Request"

2. Right to Rectification

Correct inaccurate or incomplete data through account settings or contact us.

3. Right to Erasure

Delete your account and personal data. See Account Deletion for details.

Note: Consultation records are retained for 2 years for legal compliance, but are anonymized (user ID removed).

4. Right to Withdraw Consent

Withdraw your consent for data processing at any time (will deactivate account).

5. Right to Data Portability

Receive your data in JSON format to transfer to other services.

6. Right to Object

Object to data processing for specific purposes (e.g., analytics).

Response time: We will respond to your requests within 5-7 business days in accordance with Law 27/2022.

10. Children's Privacy

ProBono.id is not intended for children under 18 years of age. We do not knowingly collect data from children.

If you are under 18, you must obtain parental/guardian permission before using the Platform. If we learn that we have collected data from a child without permission, we will delete such data immediately.

11. International Data Transfers

Your data is stored on servers located in Indonesia or Southeast Asia. If we need to transfer data outside Indonesia (e.g., international cloud providers), we will:

  • Ensure the provider has adequate data protection
  • Use Standard Contractual Clauses (SCC) or other legal mechanisms
  • Notify you about such transfers

12. Privacy Policy Changes

We may update this Privacy Policy from time to time to reflect changes in practices or legal requirements.

Change notifications:

  • Material changes: Email to all registered users 30 days in advance
  • Minor changes: Posted on this page with "Last updated" date

13. Privacy Contact Information

Data Protection Officer (DPO)

Email: privacy@probono.id

Email subject: Include "[PRIVACY]" at the beginning of the subject for high priority

Response time: 5-7 business days

Reporting Data Breaches

If you suspect a data breach or unauthorized activity on your account, immediately contact: security@probono.id

14. Complaints to Authorities

If you are not satisfied with our response to your privacy complaint, you have the right to file a complaint with:

  • Ministry of Communication and Information Technology (Kominfo)
  • Website: www.kominfo.go.id
  • Email: humas@mail.kominfo.go.id

Our commitment: ProBono.id is committed to protecting your privacy and complying with all applicable data protection regulations in Indonesia. If you have any questions or concerns, please do not hesitate to contact us.