The privacy of your data is a priority for Bisa Platform. This page explains what information we collect, how we use and protect it, and your rights as a user.
1. Information We Collect
When you register and use Bisa's services, we collect information you provide directly — full name, email address, phone number, and, if you enable the Formation Research feature: education data, target agency, and target formation.
We also collect automatic usage data such as tryout results, number of questions completed, time spent, streaks, and interactions with materials. This data is used to tailor study recommendations and display personal analytics.
2. How We Use Your Data
Data is used to: (a) provide core services (tryouts, materials, mentoring), (b) display formation analytics & ECP, (c) personalize study recommendations, (d) deliver important communications about your account & payments, and (e) improve service quality in aggregate and anonymized form.
We do not sell personal data to third parties. Third-party advertising, if introduced in the future, will be enabled only with explicit opt-in.
3. Competitor Data Privacy (Formation Research)
When you view the distribution of competitor scores in your target formation, competitor identities are NEVER disclosed. Only aggregate statistics (histogram, average, your position) are shown. The masking algorithm follows the rules in §5.3 of SRS Bisa v3.0.
The minimum number of competitors required to display a histogram is 10 — below that threshold, we show an estimate without visualization to prevent de-anonymization.
4. Storage & Security
Data is stored on servers located in Indonesia (PP 71/2019 compliance). Encryption at-rest (AES-256) and in-transit (TLS 1.3). Internal access is role-based and restricted with audit logs.
Concurrent tryout sessions (Tryout Akbar) use a Redis cache with a maximum 24-hour TTL for sensitive answer data.
5. Your Rights
You have the right to: (a) access and download your personal data, (b) correct inaccurate data, (c) delete your account and all related data (24-hour soft-delete, hard-delete afterward), (d) withdraw consent to data collection, (e) opt out of promotional communications.
Data rights requests can be sent to privacy@bisa.id and will be processed within 14 business days in accordance with UU PDP No. 27/2022.
6. Changes to This Policy
We reserve the right to update this policy. Significant changes will be communicated via email and in-app notification at least 30 days before taking effect.