Last Updated
15 Januari 2025

messages.privacy_introduction

Welcome to NobiPlay! This Privacy Policy explains how we ("NobiPlay", "we", "us") collect, use, share, and protect your personal information when you use our streaming services.

By using NobiPlay services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

Our Commitment

Your privacy is our top priority. We are committed to being transparent about our data practices and giving you full control over your personal information.

Policy Scope

This policy applies to:

  • NobiPlay Website (www.nobiplay.com)
  • NobiPlay Mobile App (iOS and Android)
  • Smart TV App and streaming devices
  • Customer support services
  • Newsletter and marketing communications

Information We Collect

1. Information You Provide Directly

Account Information

  • <strong>Registration Data:</strong> Name, email address, phone number, date of birth
  • <strong>Payment Information:</strong> Credit/debit card data, billing information (processed through secure payment processor)
  • <strong>User Profile:</strong> Profile photo, content preferences, language settings
  • <strong>Contact Information:</strong> When you contact customer support

Communication Information

  • Email, chat, or other communications with our support team
  • Feedback, reviews, and ratings you provide
  • Surveys and research you participate in

2. Automatically Collected Information

Streaming and Usage Data

  • <strong>Viewing History:</strong> Movies/series watched, duration, timestamp
  • <strong>Platform Interaction:</strong> Searches, bookmarks, wishlist, ratings
  • <strong>Preferences:</strong> Favorite genres, audio/video settings, subtitles
  • <strong>Watch Progress:</strong> Stopping point for resume feature

Technical Information

  • <strong>Device Information:</strong> Device model, operating system, browser
  • <strong>Network Data:</strong> IP address, ISP, connection speed
  • <strong>App Performance:</strong> Crash reports, loading time, error logs
  • <strong>Location Data:</strong> General location based on IP (country/city)
Data Type Collection Purpose Retention Period
Account Data Authentication and account management While account is active + 2 years
Viewing History Personal recommendations and resume While account is active + 1 year
Payment Data Transaction processing 7 years (as per regulations)
Technical Logs Troubleshooting and optimization 90 days

Anonymous Data

We also collect anonymous statistical data that cannot be identified back to specific individuals for trend analysis and service improvement.

How We Use Your Information

1. Service Provision

  • <strong>Content Streaming:</strong> Providing access to movie and series library
  • <strong>Personalization:</strong> Content recommendations based on your preferences
  • <strong>Synchronization:</strong> Syncing progress across devices
  • <strong>Customer Support:</strong> Providing technical assistance and customer service

2. Service Improvement

  • <strong>Performance Analysis:</strong> Optimizing streaming quality
  • <strong>Feature Development:</strong> Developing new features based on usage data
  • <strong>Content Strategy:</strong> Determining content to be added
  • <strong>Bug Fixing:</strong> Identifying and fixing technical issues

3. Communication

  • <strong>Service Notifications:</strong> Updates, maintenance, policy changes
  • <strong>Marketing (Optional):</strong> Newsletter, promotions, new content
  • <strong>Reminder:</strong> Payment reminders, content that will expire

4. Security and Fraud Prevention

  • <strong>Account Security:</strong> Detecting suspicious logins
  • <strong>Fraud Detection:</strong> Preventing fraudulent payments and fake accounts
  • <strong>Content Protection:</strong> Protecting content from piracy

Legal Basis for Processing

We process your data based on:

  • <strong>Contract:</strong> To provide the service you pay for
  • <strong>Legitimate Interest:</strong> To improve service and security
  • <strong>Consent:</strong> For marketing and optional communications
  • <strong>Legal Obligation:</strong> To fulfill legal requirements

Sharing Information with Third Parties

We DO NOT sell your personal data to anyone.

However, we may share your information in the following limited situations:

1. Service Providers

  • <strong>Payment Processors:</strong> To process payments (Stripe, PayPal, etc.)
  • <strong>Cloud Storage:</strong> For data hosting and backup (AWS, Google Cloud)
  • <strong>Analytics:</strong> For usage analysis (anonymized data)
  • <strong>Customer Support:</strong> Support chat and ticketing platforms
  • <strong>Email Services:</strong> To send notifications and newsletters

2. Content Partners

  • <strong>Aggregated Data:</strong> Anonymous data about content popularity
  • <strong>Regional Preferences:</strong> Viewing trends for licensing decisions
  • <strong>Performance Metrics:</strong> Streaming quality data per content

3. Legal Requirements

We may share information if required by law:

  • Responding to subpoenas or court orders
  • Protecting rights, property, or security of NobiPlay
  • Preventing illegal or harmful activities
  • Compliance with government regulations

4. Business Transfers

If NobiPlay undergoes a merger, acquisition, or asset sale, user data may be transferred as part of such transaction.

Partner Agreements

All partners are required to sign Data Processing Agreements (DPA) that ensure they protect your data with the same high standards.

Partner Category Data Shared Purpose
Payment Processors Billing info, transaction data Payment processing
Cloud Providers Encrypted user data Data storage & backup
Analytics Anonymized usage data Platform optimization
Content Studios Aggregated viewing stats Content licensing

Security and Data Protection

Enterprise-Level Security Technology

1. Data Encryption

  • <strong>In Transit:</strong> TLS 1.3 for all communications
  • <strong>At Rest:</strong> AES-256 encryption for data storage
  • <strong>Database:</strong> Encrypted database with rotating keys
  • <strong>Backup:</strong> Encrypted backup with geographic redundancy

2. Access Control

  • <strong>Multi-Factor Authentication:</strong> For all admin access
  • <strong>Role-Based Access:</strong> Principle of least privilege
  • <strong>Zero Trust Architecture:</strong> Verify every access request
  • <strong>Regular Audits:</strong> Monthly access permissions review

3. Infrastructure Security

  • <strong>SOC 2 Type II Compliant:</strong> Infrastructure providers
  • <strong>DDoS Protection:</strong> Advanced threat mitigation
  • <strong>Intrusion Detection:</strong> 24/7 security monitoring
  • <strong>Vulnerability Scanning:</strong> Automated security testing

4. Application Security

  • <strong>Secure Development:</strong> OWASP guidelines implementation
  • <strong>Code Reviews:</strong> Security-focused peer reviews
  • <strong>Penetration Testing:</strong> Quarterly third-party testing
  • <strong>Bug Bounty Program:</strong> Community-driven security testing

Certifications & Compliance

  • <strong>ISO 27001:</strong> Information Security Management
  • <strong>SOC 2 Type II:</strong> Security, Availability, Confidentiality
  • <strong>PCI DSS Level 1:</strong> Payment card data protection
  • <strong>GDPR Compliant:</strong> European data protection standards

5. Incident Response

If a security incident occurs:

  • <strong>Detection:</strong> Automated monitoring and alerting
  • <strong>Response:</strong> 24/7 security team for immediate response
  • <strong>Containment:</strong> Isolation and threat mitigation
  • <strong>Communication:</strong> Transparent communication with affected users
  • <strong>Recovery:</strong> Systematic restoration and prevention measures

6. Employee Security

  • <strong>Background Checks:</strong> For all employees
  • <strong>Security Training:</strong> Regular security awareness training
  • <strong>Confidentiality Agreements:</strong> Strict NDAs
  • <strong>Device Management:</strong> Secure company devices and BYOD policies

Your Rights to Personal Data

You have full rights to control your personal data:

1. Right to Access

  • <strong>View Data:</strong> Request complete copy of all data we store
  • <strong>Data Portability:</strong> Export data in readable format
  • <strong>Processing Activities:</strong> Information about how data is processed

2. Right to Rectification

  • <strong>Update Info:</strong> Correct inaccurate information
  • <strong>Complete Data:</strong> Add incomplete information
  • <strong>Real-time Updates:</strong> Changes apply immediately in the system

3. Right to Erasure

  • <strong>Delete Account:</strong> Delete account and all related data
  • <strong>Partial Deletion:</strong> Delete specific data only
  • <strong>Retention Override:</strong> Delete data before retention period ends

4. Right to Restrict Processing

  • <strong>Temporary Stop:</strong> Temporarily stop processing
  • <strong>Storage Only:</strong> Store data without processing
  • <strong>Limited Use:</strong> Limit use for specific purposes

5. Right to Object

  • <strong>Marketing:</strong> Opt-out from all marketing communications
  • <strong>Profiling:</strong> Reject automated decision-making
  • <strong>Legitimate Interest:</strong> Object to processing based on legitimate interest

6. Right to Data Portability

  • <strong>Export Data:</strong> Download all data in JSON/CSV format
  • <strong>Transfer Service:</strong> Move data to another streaming service
  • <strong>Automated Transfer:</strong> API for automatic transfer (if available)

Response Time

We are committed to responding to all requests within <strong>30 days</strong> or sooner. For complex requests, we will inform you about the required timeline.

How to Exercise Your Rights

  1. <strong>Self-Service:</strong> Use Privacy Dashboard in account settings
  2. <strong>Email Request:</strong> Send to privacy@nobiplay.com with identity verification
  3. <strong>Support Chat:</strong> Through live chat with account verification
  4. <strong>Written Request:</strong> Written letter to our office address

Verification Process

To protect your privacy, we will verify identity before processing requests:

  • Login to account for self-service requests
  • Email verification for email requests
  • Account information verification for complex requests
  • ID verification for sensitive requests (deletion, transfer)

Cookies and Tracking Technologies

Types of Cookies We Use

1. Essential Cookies (Always Active)

Cookies required for basic website functionality:

  • <strong>Session Management:</strong> Maintain login state
  • <strong>Security:</strong> CSRF protection and security tokens
  • <strong>Load Balancing:</strong> Server load distribution
  • <strong>Language Preference:</strong> Store language selection

2. Functional Cookies (Can be Disabled)

  • <strong>User Preferences:</strong> Video quality, subtitle settings
  • <strong>Watchlist:</strong> Store temporary watchlist
  • <strong>Recent Searches:</strong> Latest search history
  • <strong>Volume Settings:</strong> Audio preferences

3. Analytics Cookies (Optional)

  • <strong>Usage Analytics:</strong> How users interact with the platform
  • <strong>Performance Monitoring:</strong> Loading time and error tracking
  • <strong>A/B Testing:</strong> For testing new features
  • <strong>Conversion Tracking:</strong> Signup and subscription metrics

4. Marketing Cookies (Opt-in)

  • <strong>Retargeting:</strong> To display relevant ads
  • <strong>Social Media Integration:</strong> Sharing to social platforms
  • <strong>Campaign Attribution:</strong> Track marketing campaign effectiveness
Cookie Name Type Purpose Duration
nobiplay_session Essential User authentication Session
csrf_token Essential Security protection Session
video_quality_pref Functional Video quality preference 1 year
user_lang Functional Language setting 1 year
analytics_id Analytics Usage tracking 2 years
marketing_consent Marketing Ad personalization 1 year

5. Third-Party Cookies

  • <strong>Google Analytics:</strong> Website analytics (anonymized)
  • <strong>Payment Processors:</strong> Stripe, PayPal for payment processing
  • <strong>Customer Support:</strong> Intercom or Zendesk for chat support
  • <strong>CDN Providers:</strong> CloudFlare for content delivery

Cookie Management

You can control cookies through:

  • <strong>Cookie Banner:</strong> Select cookie categories on first visit
  • <strong>Privacy Settings:</strong> Change preferences in account settings
  • <strong>Browser Settings:</strong> Disable cookies through browser
  • <strong>Opt-out Tools:</strong> Industry opt-out tools for advertising cookies

6. Local Storage & Similar Technologies

  • <strong>HTML5 Local Storage:</strong> Offline viewing data
  • <strong>IndexedDB:</strong> Downloaded content metadata
  • <strong>Web Beacons:</strong> Email open tracking (marketing emails)
  • <strong>Device Fingerprinting:</strong> Fraud prevention (limited use)

Mobile App Tracking

  • <strong>Advertising ID:</strong> iOS IDFA, Android Advertising ID
  • <strong>App Analytics:</strong> Crash reporting, usage analytics
  • <strong>Push Notifications:</strong> Device tokens for notifications
  • <strong>Location Services:</strong> With explicit permission

Contact Our Privacy Team

Have questions about the privacy policy or want to exercise your data rights? Our privacy team is ready to help.

Email Privacy
privacy@nobiplay.com<br>Response within 24 hours
Data Protection Officer
dpo@nobiplay.com<br>For privacy complaints
Privacy Hotline
021-5000-NOBI<br>Monday-Friday 9:00-18:00
Office Address
Jl. Sudirman No. 123<br>Jakarta Pusat 10220
Privacy Dashboard

Complaint Rights

If you are not satisfied with the handling of your personal data, you have the right to file a complaint with:

  • <strong>Kominfo RI:</strong> Ministry of Communication and Informatics
  • <strong>BSSN:</strong> National Cyber and Crypto Agency
  • <strong>Data Protection Authority:</strong> According to your jurisdiction

Children's Privacy

Special Protection for Children Under 18

Age Verification

  • <strong>Minimum Age:</strong> 13 years to create independent account
  • <strong>Parental Consent:</strong> Required for ages 13-17
  • <strong>Family Accounts:</strong> Children can use through family account
  • <strong>Age Verification:</strong> Age verification process during registration

Data Collection Limitations

  • <strong>Minimal Data:</strong> Only data necessary for service
  • <strong>No Targeted Ads:</strong> No targeted advertising for children
  • <strong>Limited Profiling:</strong> Limited profiling for safe recommendations
  • <strong>Enhanced Security:</strong> Extra security measures for children's accounts

Parental Controls

  • <strong>Content Filtering:</strong> Automatic filtering based on age rating
  • <strong>Watch Time Limits:</strong> Parents can set viewing time limits
  • <strong>Viewing Reports:</strong> Children's viewing activity reports
  • <strong>Privacy Settings:</strong> Parents control children's privacy settings

Educational Content Priority

  • <strong>Educational Recommendations:</strong> Priority for educational content
  • <strong>Learning Analytics:</strong> Track educational content progress (with consent)
  • <strong>Safe Search:</strong> Safe search results for children
  • <strong>Positive Content:</strong> Algorithm that promotes positive content

Family Account Features

  • <strong>Separate Profiles:</strong> Separate profiles for each family member
  • <strong>Parental Dashboard:</strong> Central control to manage all children's profiles
  • <strong>Activity Monitoring:</strong> Real-time monitoring of children's activities
  • <strong>Emergency Controls:</strong> Instant block/restrict features

Data Retention for Minors

  • <strong>Shorter Retention:</strong> Children's data stored for shorter period
  • <strong>Automatic Deletion:</strong> Auto-delete data when child becomes adult (optional)
  • <strong>Parental Access:</strong> Parents can request data deletion anytime
  • <strong>Transition to Adult:</strong> Smooth transition when child reaches 18 years

International Data Transfers

Data Storage Locations

Primary Data Centers

  • <strong>Indonesia:</strong> Primary data center in Jakarta (AWS Asia Pacific)
  • <strong>Singapore:</strong> Secondary data center for backup and redundancy
  • <strong>Regional Mirrors:</strong> Content delivery networks for performance

International Transfers

In certain situations, your data may be transferred outside Indonesia:

  • <strong>Cloud Infrastructure:</strong> Backup to international data centers
  • <strong>Customer Support:</strong> Support team in various time zones
  • <strong>Content Delivery:</strong> Global CDN for streaming performance
  • <strong>Analytics:</strong> Anonymized data for global analytics

Transfer Safeguards

  • <strong>Adequacy Decisions:</strong> Transfer only to countries with adequate protection
  • <strong>Standard Contractual Clauses:</strong> EU SCCs for all transfers
  • <strong>Binding Corporate Rules:</strong> Internal data protection rules
  • <strong>Encryption in Transit:</strong> All transfers encrypted end-to-end

Regional Compliance

  • <strong>GDPR (EU):</strong> Full compliance for European users
  • <strong>CCPA (California):</strong> California Consumer Privacy Act compliance
  • <strong>PIPEDA (Canada):</strong> Personal Information Protection compliance
  • <strong>Local Laws:</strong> Compliance with local data protection laws

Data Residency Options

For enterprise customers, we provide data residency options:

  • <strong>Indonesia Only:</strong> Data does not leave Indonesia
  • <strong>ASEAN Region:</strong> Data only within Southeast Asia region
  • <strong>Custom Locations:</strong> Choose data storage location according to requirements

Data Breach Response

Incident Response Protocol

Detection & Assessment (0-1 hour)

  • <strong>Automated Monitoring:</strong> 24/7 security monitoring systems
  • <strong>Immediate Assessment:</strong> Evaluate scope and severity
  • <strong>Containment:</strong> Immediate steps to contain breach
  • <strong>Team Activation:</strong> Activate incident response team

Investigation & Containment (1-24 hours)

  • <strong>Forensic Analysis:</strong> Detailed investigation by security experts
  • <strong>Root Cause Analysis:</strong> Identify how breach occurred
  • <strong>System Isolation:</strong> Isolate affected systems
  • <strong>Evidence Preservation:</strong> Preserve evidence for analysis

Notification (24-72 hours)

  • <strong>Regulatory Notification:</strong> Notify authorities as required
  • <strong>User Notification:</strong> Inform affected users transparently
  • <strong>Partner Notification:</strong> Inform relevant business partners
  • <strong>Media Statement:</strong> Public statement if needed

Recovery & Remediation

  • <strong>System Recovery:</strong> Restore systems from secure backups
  • <strong>Security Enhancements:</strong> Implement additional security measures
  • <strong>Monitoring:</strong> Enhanced monitoring post-incident
  • <strong>User Support:</strong> Dedicated support for affected users

Your Protection

If a data breach affects you:

  • <strong>Immediate Notification:</strong> Email and in-app notification
  • <strong>Free Credit Monitoring:</strong> If financial data is affected
  • <strong>Account Security Review:</strong> Complimentary security assessment
  • <strong>Dedicated Support:</strong> Priority customer support

Post-Incident Actions

  • <strong>Lessons Learned:</strong> Comprehensive post-incident review
  • <strong>Process Improvement:</strong> Update procedures based on findings
  • <strong>Training Updates:</strong> Enhanced security training
  • <strong>Transparency Report:</strong> Public report about incident (anonymized)

Communication Channels

  • <strong>Security Page:</strong> status.nobiplay.com for real-time updates
  • <strong>Email Alerts:</strong> Direct email notifications
  • <strong>In-App Notifications:</strong> Push notifications and in-app alerts
  • <strong>Social Media:</strong> Updates on official social media accounts

Changes to Privacy Policy

How We Handle Policy Changes

Types of Changes

  • <strong>Minor Updates:</strong> Clarifications, typo corrections, contact info
  • <strong>Moderate Changes:</strong> New features, additional data uses
  • <strong>Major Changes:</strong> Fundamental changes in data processing
  • <strong>Legal Updates:</strong> Changes due to new regulations

Notification Process

  • <strong>Minor Updates:</strong> Update on website, no notification required
  • <strong>Moderate Changes:</strong> Email notification 30 days before
  • <strong>Major Changes:</strong> Email + in-app notification 60 days before
  • <strong>Urgent Legal:</strong> Immediate notification with explanation

Version Control

  • <strong>Version History:</strong> All previous versions accessible
  • <strong>Change Log:</strong> Detailed log of what changed
  • <strong>Effective Dates:</strong> Clear effective dates for each version
  • <strong>Comparison Tool:</strong> Side-by-side comparison with previous version

Your Rights During Changes

  • <strong>Continued Use:</strong> Acceptance implied by continued service use
  • <strong>Opt-out Options:</strong> Specific opt-outs for new features
  • <strong>Account Deletion:</strong> Right to delete account before changes take effect
  • <strong>Grandfathering:</strong> Some existing users may keep old terms (limited)

Stay Informed

Ways to stay updated on privacy policy changes:

  • <strong>Email Subscription:</strong> Subscribe for privacy policy updates
  • <strong>RSS Feed:</strong> privacy.nobiplay.com/feed for automatic updates
  • <strong>Quarterly Reviews:</strong> Scheduled reviews every quarter
  • <strong>Legal Newsletter:</strong> Broader legal and regulatory updates

Recent Changes Summary

Date Version Change Type Description
15 Jan 2025 3.2 Moderate Added AI recommendation transparency
01 Dec 2024 3.1 Minor Updated contact information
15 Oct 2024 3.0 Major GDPR compliance enhancements
01 Aug 2024 2.5 Moderate New mobile app features