The Platform is a business-to-business tool used by WEBARQ’s staff and authorized client representatives to manage digital advertising campaigns. It is not a consumer product and is not open to public sign-up. By accessing the Platform you acknowledge the practices described here.
1. Who we are
- Operator: PT Web Architect Technology (trading as WEBARQ), Jakarta, Indonesia
- Platform: https://promote.webarq.net
- Contact: privacy@webarq.net
We act as the data controller for the account and identity data of Platform users. For the advertising and business data we process on behalf of our clients, we act as a data processor following each client’s instructions (see Section 9).
2. Information we collect
a. Account and identity data
When you are granted access, we collect your name, work email address, assigned role(s), and authentication identifiers. Sign-in is handled through our single sign-on provider (Timegem SSO); we receive your identity from that provider and do not store your SSO password.
b. Advertising and marketing performance data
To manage campaigns, the Platform connects to advertising platforms — including Meta (Facebook/Instagram) Ads, Google Ads, and TikTok Ads — using credentials that WEBARQ holds for ad accounts that have been assigned to us by their owners. From these platforms we retrieve data such as ad account, campaign, ad set / ad group, and ad details; performance metrics (impressions, clicks, conversions, spend, results); and billing and invoice information. This data describes advertising accounts and business performance, and is accessed to operate the campaigns we manage on our clients’ behalf.
c. Client business records
The Platform stores business records that WEBARQ and its clients create, including client profiles, objectives and KPIs, budgets and top-up balances, reports, briefs, notes, tasks, approvals, and competitor analysis.
d. Usage, log, and audit data
We automatically record technical information such as IP address, browser and device type, pages accessed, actions taken, and timestamps. Because spend-affecting actions require human approval, we keep an audit log of who proposed, approved, and applied each change.
e. Cookies
We use only strictly necessary cookies to keep you signed in and to secure your session. We do not use advertising or third-party tracking cookies on the Platform.
3. How we use information
We use the information above to:
- authenticate users and control access by role;
- retrieve, display, and reconcile advertising performance and spend against client budgets;
- generate reports, insights, and optimization recommendations;
- operate AI-assisted features that draft recommendations and reports for human review (see Section 5);
- carry out approved campaign changes on connected advertising platforms;
- communicate operational updates and reports to authorized client contacts;
- maintain security, prevent abuse, debug, and keep audit records; and
- comply with legal, tax, and accounting obligations.
We do not sell personal data, and we do not use it to advertise to you.
4. Platform data from Meta and Google
Meta
We access the Meta Marketing API solely to retrieve advertising data and perform approved campaign-management actions for ad accounts that their owners have assigned to WEBARQ. Our access to and use of Meta Platform Data complies with the Meta Platform Terms and Developer Policies. We use Meta data only to provide and improve the campaign-management service for the account owner; we do not sell it, and we do not use it for any unrelated purpose.
Our use of information received from Google APIs (including the Google Ads API) adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google advertising data only to operate the campaign-management and reporting features described in this Policy, on behalf of the advertising account owner.
5. AI processing
The Platform uses artificial-intelligence services (provided by Anthropic) to analyze campaign data, draft reports, and suggest optimizations. AI outputs are advisory: any action that affects spend or live campaigns requires explicit human approval before it is applied. Data sent to our AI sub-processor is processed only to generate these features and is not used by the provider to train its models.
6. How we share information
We do not sell your information. We share it only with:
- Service providers (sub-processors) that help us run the Platform, under contractual confidentiality and data-protection obligations. These currently include hosting (Linode, Jakarta region), email delivery (Mailgun), accounting (Zoho Books), AI processing (Anthropic), and messaging (Qiscus / WhatsApp). We also exchange data with the advertising platforms you connect (Meta, Google, TikTok).
- Our clients, with respect to the data of their own accounts and users.
- Authorities or third parties where required by law, to enforce our terms, or to protect rights, safety, and security.
7. Data retention
We retain information for as long as needed to provide the Platform and for legitimate business purposes. Account data is kept while your access is active. Advertising and reporting data is retained for the duration of the client engagement and a reasonable period afterward. Certain records — such as invoices and financial data — are retained longer where required by Indonesian tax and accounting law. When data is no longer required, we delete or anonymize it.
8. Data security
We protect data with industry-standard measures, including encryption in transit (TLS), single sign-on, role-based access control, least-privilege database roles, server hardening, and audit logging. The Platform is hosted in the Linode Jakarta region (Indonesia). No method of transmission or storage is completely secure, but we work to protect your information and review our controls regularly.
9. Our role and our clients’ role
For the advertising accounts and business data we manage, our clients (the account owners) determine the purposes of processing and act as the data controller; WEBARQ acts as a processor following their documented instructions. If you are an individual whose personal data may appear within a client’s advertising data and you wish to exercise your rights, please contact the relevant client (the account owner), or contact us and we will route the request appropriately.
10. International data transfers
Some of our sub-processors operate outside Indonesia (for example, AI processing and email delivery may occur on infrastructure in other countries). Where data is transferred internationally, we take steps to ensure it remains protected consistent with this Policy and applicable law.
11. Your rights
Subject to applicable law, including Indonesia’s Personal Data Protection Law (Law No. 27 of 2022), you may request to access, correct, update, or delete your personal data, or object to or restrict certain processing. To make a request, see our Data Deletion page or email privacy@webarq.net. We will verify your identity and respond within the timeframe required by law.
12. Children
The Platform is intended for business use by authorized adults and is not directed to children. We do not knowingly collect personal data from anyone under 18.
13. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify users. Continued use of the Platform after an update constitutes acceptance of the revised Policy.
14. Contact us
Questions about this Policy or your data? Contact WEBARQ at privacy@webarq.net, Jakarta, Indonesia. See also our Terms of Service and Data Deletion page.