Privacy Policy

Privacy Policy for PAAS.ID Application

Last updated: February 1, 2026

This Privacy Policy describes how PAAS.ID (accessible at https://www.paas.id), a managed cloud hosting platform served by IDCloudHost (PT Cloud Hosting Indonesia), collects, uses, stores, shares, and protects your personal data, including data obtained through third-party authentication providers.

We take the protection of your personal data and privacy very seriously. We have implemented the General Data Protection Regulation (GDPR) - a regulation designed to protect personal data and privacy of European Union citizens. While GDPR only applies to EU citizens, we have decided to extend these protections to all our customers regardless of nationality or place of residence.

By using PAAS.ID, you agree to the collection and use of information in accordance with this Privacy Policy.

Authentication & User Data

PAAS.ID supports multiple authentication methods, including Google OAuth, email/password credentials, and other Single Sign-On (SSO) providers. We follow industry best practices for all authentication methods to ensure the security and privacy of your data. For Google OAuth specifically, we comply with the Google API Services User Data Policy.

1. Data Accessed

When you sign in to PAAS.ID using any authentication method (Google OAuth, email/password, or other SSO providers), we access the following information:

  • Email Address - Your primary Google account email address for account identification and communication.
  • Basic Profile Information - Your name and profile picture to personalize your PAAS.ID experience.
  • OpenID - A unique identifier to authenticate your identity.

2. Data Usage

We use the user data we access (regardless of authentication method) for the following purposes only:

  • Authentication - To verify your identity and provide secure access to your PAAS.ID account.
  • Account Creation - To create and manage your PAAS.ID user account.
  • Personalization - To display your name and profile picture within the PAAS.ID dashboard.
  • Communication - To send important service-related notifications to your email address.

We do not use user data for advertising purposes, nor do we use it to train AI/ML models. This applies to all authentication methods including Google OAuth.

3. Data Sharing

We are committed to protecting your privacy. PAAS.ID does not share your personal data with any third parties.

  • No Third-Party Sharing - We do not share, sell, rent, or trade your user data to any third parties.
  • No Advertising Networks - We do not share your data with advertising networks or data brokers.
  • Legal Requirements - We may only disclose your data if required by law, court order, or government regulation.

Your data remains exclusively within PAAS.ID infrastructure and is never shared externally. This applies to all data obtained through any authentication method.

4. Data Storage & Protection

We implement robust security measures to protect all user data, regardless of authentication method:

  • Encrypted Storage - All user data is stored in encrypted databases using industry-standard encryption (AES-256).
  • Secure Transmission - All data transmission uses TLS/SSL encryption (HTTPS).
  • Access Control - Strict access controls ensure only authorized personnel can access user data, and only when necessary for service provision.
  • Infrastructure Security - Our servers are hosted in secure data centers with physical security, firewalls, and intrusion detection systems.
  • Regular Audits - We conduct regular security audits and vulnerability assessments.

5. Data Retention & Deletion

We retain your user data only for as long as necessary to provide our services. This policy applies to all authentication methods (Google OAuth, email/password, and other SSO providers):

  • Active Accounts - Your data is retained while your PAAS.ID account remains active.
  • Account Deletion - Upon account deletion request, we will delete all your user data within 30 days.
  • Inactive Accounts - Accounts inactive for more than 24 months may be scheduled for deletion after notification.

To request deletion of your data: You can delete your account directly through the PAAS.ID dashboard settings, or contact us at [email protected]. We will process your request within 30 days.

General Data Collection & Processing

In addition to authentication data, PAAS.ID also collects and processes additional information to provide our cloud hosting services. This section describes our general data practices in compliance with GDPR.

1. Information We Collect

We collect the minimum data required to provide our services:

  • Account Information - Email, name, and contact details provided during registration.
  • Billing Information - Payment details necessary to process your orders.
  • Usage Data - Information about how you use our services (aggregated and anonymized).
  • Technical Data - IP address, browser type, and device information for security and optimization.

2. Data Protection

PAAS.ID does not share your personal data with any third parties. All your data is securely stored within our infrastructure and is never transferred to external parties, advertising networks, or data brokers. We only process your data internally to provide our cloud hosting services.

3. Email Communications

If you subscribed to our newsletter during registration, we will also use your email address to share tips, special offers, and announce our new services. You can view and change these settings through your account dashboard at any time.

4. Cookies and Analytics

We use cookies and similar technologies to monitor website performance, troubleshoot issues, and improve our products and services. This data is aggregated and anonymized. We do not link analytics data to personal information, except when needed to prevent fraud and abuse.

Data Processing for Hosted Content

As a cloud hosting platform, PAAS.ID has responsibilities as a data processor when you store data on our infrastructure. We comply with GDPR requirements for handling such data.

Security Measures

We provide adequate security measures for all data stored on our servers. Our security practices and Data Processing Agreement (DPA) can be viewed at https://idcloudhost.com/tos/

Minimal Access Principle

We access customer data only to the extent necessary to provide our services. Only staff directly involved in service provision have data access.

Breach Notification

In the event of a personal data breach, we will notify affected customers within 72 hours as required by GDPR.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access - You can request a copy of your personal data.
  • Right to Rectification - You can request correction of inaccurate data.
  • Right to Erasure - You can request deletion of your personal data.
  • Right to Data Portability - You can request to receive your data in a portable format.
  • Right to Restrict Processing - You can request limits on how we use your data.
  • Right to Object - You can object to certain types of data processing.

Contact Us

If you have any questions regarding this Privacy Policy or GDPR compliance, please do not hesitate to contact the IDCloudHost team:

[email protected] idcloudhost.com