Skip to main content

PRIVACY

Privacy Policy

Effective Jun 25, 2026

This Policy reflects the principal data-protection laws applicable to a Jakarta-based agency serving clients internationally: Indonesia's Personal Data Protection Law (Undang-Undang Pelindungan Data Pribadi, Law No. 27 of 2022) (the "PDP Law"); and the European Union's General Data Protection Regulation (the "GDPR").

Scope and Data Controller

Crawl Compass is an SEO agency based in Jakarta, Indonesia. Where Crawl Compass determines the purposes and means of processing your personal data, it acts as the data controller for the purposes of applicable law. "Personal data" means any information that identifies you or can be linked to you, such as your name, email address, telephone number, or IP address.

This Policy applies to:

  • visitors to crawlcompass.com (and crawlcompass.com), including any person who submits a form, sends an email, or browses the Website; and
  • clients and prospective clients who contact Crawl Compass, request a proposal, or engage its services.

This Policy does not apply to third-party websites linked from the Website. Once you leave the Website, the privacy policy of the destination website applies.

Personal Data We Collect

Crawl Compass collects only the personal data it requires. The categories of data depend on your relationship with Crawl Compass.

Visitors.

  • Information you provide. When you complete a contact form, request a consultation, or contact Crawl Compass by email or message, Crawl Compass collects the information you choose to provide, typically your name, email address, telephone number, company, and the content of your message.
  • Website and usage data. As is standard for websites, the Website automatically records technical information when you visit, including your IP address, browser type, device, the pages you view, and the source from which you arrived. This information is collected through cookies and similar technologies (see the Cookies section).
  • Analytics and marketing data. Crawl Compass uses Google Analytics, Microsoft Clarity, and Ahrefs Analytics to understand, in aggregate, how the Website is used, and the Meta Pixel and Google Ads tags to measure and conduct advertising. These technologies operate through cookies. You can control or remove these cookies at any time through your browser settings, as explained in the Cookies Policy.

Clients.

  • Business contact and account information. Your name, work email address, telephone number, company, role, and the information you provide while a project is scoped and delivered.
  • Billing information. The information required to invoice you and process payment. The payment method is as agreed with you (for example, bank transfer), and the details are set out in the engagement agreement.
  • Client data processed on your behalf. In performing SEO work, Crawl Compass may process data held within your own systems (your website, analytics, search console, and accounts), which may include personal data relating to your customers or staff. Different rules apply to such data, as set out in "Processing on Behalf of Clients" below.

Crawl Compass does not knowingly collect sensitive personal data (such as data concerning health, religion, or precise location) through the Website. Please do not send such data to Crawl Compass unless it has been requested and its purpose explained.

Crawl Compass uses personal data for limited and specified purposes. Under the GDPR and the PDP Law, each use requires a lawful basis, being the legal ground that permits the processing. The purposes and corresponding bases are:

  • Responding to enquiries. To reply to and follow up on your enquiry. Basis: the legitimate interest of Crawl Compass in responding to enquiries, or taking steps at your request prior to entering into a contract.
  • Providing the services. To deliver, communicate, and invoice an engagement. Basis: performance of the contract with you.
  • Operating and securing the Website. To maintain the Website, prevent abuse, and resolve problems. Basis: the legitimate interest of Crawl Compass in a secure and functioning website.
  • Analytics and improvement. To understand usage and improve the Website. Basis: your consent, given through the cookie banner where required, and otherwise the legitimate interest of Crawl Compass.
  • Marketing, where you opt in. To send updates or offers you have requested. Basis: your consent, which you may withdraw at any time.
  • Legal and accounting obligations. To maintain records required by law. Basis: compliance with a legal obligation.

Where Crawl Compass relies on consent, you may decline, and may withdraw your consent at any time, without affecting the remainder of your relationship with Crawl Compass.

Disclosure of Personal Data

Crawl Compass discloses personal data only where necessary and only to parties bound to protect it. The categories of recipient are:

  • Service providers (processors). Companies that process data on behalf of Crawl Compass, under contract and on its instructions, to operate the business. These typically include hosting, email, analytics, advertising, and any payment provider used. The current providers cover hosting and content delivery (Crawl Compass's own server infrastructure, with Cloudflare for delivery and security), analytics (Google Analytics, Microsoft Clarity, and Ahrefs Analytics), advertising (Meta and Google), email, and the bank or payment method agreed in your engagement.
  • Professional advisers. Accountants, lawyers, or auditors, where their assistance is genuinely required and they are bound by confidentiality.
  • Legal and safety disclosures. Where required by law, or to protect the rights, safety, or property of Crawl Compass, data may be disclosed to authorities or in legal proceedings.
  • Business transfer. If the business is sold or merged, data may be transferred to the new owner, which will remain bound by a policy at least as protective as this one.

Crawl Compass does not sell your personal data. Crawl Compass uses analytics and advertising cookies (Google Analytics, Microsoft Clarity, Ahrefs Analytics, and the Meta and Google advertising tags), and information is shared with those providers when the relevant cookies are active. You can control or remove these cookies through your browser settings.

A "processor" is a company that processes data solely on the instructions of Crawl Compass and may not use it for its own purposes. Each processor is bound by a contract requiring appropriate safeguards.

International Data Transfers

Crawl Compass is based in Indonesia, and some of its providers are located in other countries. Your data may therefore be transferred to and stored in a country other than your own, including outside Indonesia or the European Union.

Where this occurs, Crawl Compass applies the protections required by law. Under the PDP Law, a transfer abroad is permitted where the destination country provides a level of protection at least equivalent to the PDP Law, or, failing that, where adequate and binding safeguards are in place, or with your consent. Under the GDPR, transfers outside the European Union rely on a recognized safeguard, such as the Standard Contractual Clauses (standard data-protection terms approved by the European Commission) or an adequacy decision. Crawl Compass aims to ensure that one of these protections is in place wherever data is transferred across a border.

Data Retention

Crawl Compass retains personal data only for as long as there is a lawful basis to do so, after which it is deleted or anonymized. Retention periods depend on the category of data:

  • Enquiry and contact-form data: retained only for as long as required to handle your enquiry and any follow-up.
  • Client and project records: for the duration of the engagement and a reasonable period thereafter, to address follow-up, disputes, and record-keeping.
  • Billing and accounting records: for the period required by applicable tax and company law, which in Indonesia is generally several years.
  • Analytics data: for the period configured in the analytics tools.

On expiry of the applicable retention period, Crawl Compass securely deletes the data or removes any information that could identify you.

Data Security

Crawl Compass applies reasonable technical and organizational measures to protect personal data, including access controls, encryption in transit where appropriate, the use of vetted providers, and the restriction of access to those who require it.

No method of transmitting or storing data is completely secure. Crawl Compass cannot guarantee that data will never be accessed in a manner it did not intend, and no provider can guarantee otherwise. Where a data breach affects your personal data and the law so requires, Crawl Compass will notify the relevant authority and, where required, you, within the timeframes prescribed by law. Under the PDP Law, that notification is made within 72 hours of becoming aware of the breach.

Your Rights

You have rights in respect of your personal data. The rights available depend on your location, and may be exercised by contacting Crawl Compass.

Under the PDP Law and the GDPR, you may generally:

  • access the personal data held about you and obtain a copy;
  • rectify data that is inaccurate or out of date;
  • erase your data, where there is no overriding ground to retain it (the "right to be forgotten");
  • restrict or object to certain processing of your data;
  • port your data, by receiving it in a portable format or having it transmitted to another party, where that right applies; and
  • withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any right, contact Crawl Compass at hello@crawlcompass.com. Crawl Compass may need to verify your identity before responding, to ensure that data is not disclosed to the wrong person. Crawl Compass aims to respond within the period prescribed by law (one month under the GDPR, and comparable periods elsewhere). If you consider that your data has been mishandled, you may also lodge a complaint with your local data-protection authority.

Processing on Behalf of Clients (Controller and Processor)

In respect of its own website visitors and its clients' business contacts, Crawl Compass acts as the controller, and this Policy governs that processing.

When Crawl Compass works on a client's website or accounts, it may process personal data relating to that client's customers or staff. In respect of such data, the client is the controller and Crawl Compass acts as a processor: it processes the data only on the client's instructions, for the agreed work, and does not use it for its own purposes. Such processing is governed by the agreement with that client (and, where required, a separate data-processing agreement), not by this Policy. An individual whose data is held within a client's systems should exercise their rights with that client as the controller.

Children's Data

The Website and the services are intended for businesses and professionals, not children. Crawl Compass does not knowingly collect personal data from any person below the age treated as a child under applicable law (under the PDP Law, any person under 18). If you believe that a child has provided personal data to Crawl Compass, contact us and the data will be deleted.

Cookies

The Website uses cookies and similar technologies to operate the site, remember your choices, and analyze usage. You may control non-essential cookies through the cookie banner and your browser settings. Full details, including the categories of cookies and how to manage them, are set out in the Cookies Policy.

Changes to This Policy

Crawl Compass may update this Policy as its practices or the law change. Where a material change is made, the "Last updated" date will be revised and, where appropriate, the change will be brought to your attention more prominently. You are encouraged to review this Policy periodically.

Need to talk?

Reach out at hello@crawlcompass.com or +62 822-4654-6832 (WhatsApp).