1. Who We Are
ZenMiles is a travel loyalty management application operated by a PT Perorangan registered in Indonesia. As the Data Controller under Law No. 27 of 2022 on Personal Data Protection (UU PDP), we are responsible for how your personal data is collected, used, and protected.
Contact: support@zenmiles.app
2. Data We Collect
We only collect data necessary to provide the service:
- Account data: name, email address, phone number, country.
- Loyalty program data: program name, membership number, points balance, expiry dates.
- Credit card data: card name, last four digits, validity period, statement and due dates, annual fee dates. We never store full card numbers.
- Usage data: anonymised activity logs for service improvement via Mixpanel.
- Device data: device model, operating system version, anonymous device identifier, push notification token via Firebase.
- Crash data: anonymised error reports including device model, OS version, and stack traces via Firebase Crashlytics, used solely to identify and fix bugs.
3. Legal Basis for Processing
We process your personal data on the following grounds:
- Contract performance — to deliver the ZenMiles service you requested.
- Legitimate interests — to improve security, fix bugs, and maintain service quality.
- Consent — for marketing communications, which you can withdraw at any time.
4. Sharing Your Data
We do not sell your data. Data is shared only with the following service providers who help us operate ZenMiles:
- Supabase — database and authentication (servers in Singapore).
- Firebase (Google) — push notifications, feature flags, and authentication.
- Mixpanel — anonymised usage analytics.
- Firebase Crashlytics — anonymised crash reporting and error tracking (part of the Firebase platform).
Each provider processes data only as necessary to deliver their specific service and is bound by their own privacy policies and data protection obligations.
5. Your Rights
Under UU PDP, you have the right to:
- Know what personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data — your account is soft-deleted immediately and permanently deleted after 30 days.
- Withdraw marketing consent at any time.
- Data portability — export your data in a structured format.
To exercise any of these rights, email us at support@zenmiles.app.
6. Data Security
We apply appropriate technical and organisational measures including TLS encryption in transit, encryption at rest, role-based access controls, and continuous security monitoring.
7. Data Retention
Active account data is retained for as long as your account is active. Following a deletion request, data is soft-deleted within 24 hours and permanently purged within 30 days, unless we are legally required to retain it longer.
8. Children
ZenMiles is not intended for anyone under the age of 17. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
9. Changes to This Policy
We will notify you of material changes to this policy via in-app notification and email at least 14 days before they take effect.
10. Contact
For privacy questions or to exercise your rights: support@zenmiles.app