Get Started
Governance & Trust

Legal & Compliance.

Last Updated: May 12, 2026 • Version 2.1 (PDP Compliant)

Download Compliance One-Pager (PDF)

Data Residency

Jakarta (Local)

PDP Compliance

Fully Verified

Encryption

AES-256 (E2EE)

Uptime SLA

99.9% Monthly

Section 01 — Privacy as a Human Right

We believe data sovereignty is a fundamental right for MSMEs. Our platform is architected to ensure that business owners retain 100% control over their customer relationships. Unlike public LLMs, our Sovereign AI Mesh ensures that your private business data is never used for training third-party models.

ASEAN (Data Privacy)

Full alignment with regional personal data protection standards.

Singapore (PDPA)

Standardized data protection practices meeting SG-PDPA requirements for regional operations.

Section 02 — Technical Protections

Security is not an afterthought; it is built into the protocol. All data moving between the KopasAI Cloud and the WhatsApp Business API is protected via:

  • TLS 1.3 Encryption for data in transit.
  • AES-256 Encryption for data at rest.
  • Multi-Factor Authentication (MFA) mandatory for all dashboard accounts.
  • E2EE Protocols maintained for sensitive payment instructions.

For deep technical details on our infrastructure security:

Explore Security Whitepaper →

Section 03 — Sub-processors

To provide high-availability AI services, we partner with the following vetted sub-processors. All data residency remains within the specified regions.

Entity Service Provided Location
Google Cloud Infrastructure & LLM Hosting Jakarta (asia-southeast2)
Meta Platforms WhatsApp API Operations Global (Edge nodes)
Google Cloud Payment Gateway ASEAN
PostHog Product Analytics (Anonymized) Frankfurt (EU)

Section 04 — Data Subject Rights

Right to be Forgotten

MSME owners can request the permanent deletion of their account and all associated customer data at any time. Upon receiving a valid Data Deletion Request via the dashboard or email, we will purge all identifiable records within 30 days, subject to legal retention requirements for transaction history.

View Account Deletion Instructions →

Section 05 — Cookie & Tracking Transparency

We believe in explicit consent. We do not sell user data to third-party advertisers. Our use of cookies is limited to essential operational needs and performance optimization.

Read our Full Cookie Policy →

Identity of Data Protection Officer (DPO):

Privacy & Compliance Team

[email protected]

KopasAI Sovereign Hub • ASEAN