Webstorio
For FoundersFor Business OwnersFor Product ManagersFor MarketersFor DesignersFor DevelopersFor SalesFor CouplesFor Event Organizers
Landing PageCompany ProfileBlog, Articles & NewsPortfolioPersonal WebsiteOnline StoreLink DirectoryEvent & InvitationForm & SurveyBooking SystemTicketing SystemLaunch & WaitlistFeedback & SuggestionDonation & Funding
FeaturesDocumentationBlogShowcase
PricingAbout
Start Building Now
Menu
PricingAbout
Start Building Now
English|Bahasa Indonesia

Privacy Policy

Last updated: June 18, 2026

1. Who We Are (Data Controller)

The Webstorio platform and related services are operated by PT Rasylva Digital Lestari ("Webstorio", "we", "our", or "us"), Jakarta, Indonesia. For personal data processed about our account holders and website visitors, we act as the data controller. This Privacy Policy explains how we collect, use, disclose, and safeguard your information, and the rights you have under the EU/UK General Data Protection Regulation (GDPR) and similar laws.

For privacy questions or to exercise your rights, contact us at [email protected].

2. Our Roles: Controller and Processor

We are the controller for personal data relating to your Webstorio account and for first-party analytics we collect on websites published through Webstorio. Where you use Webstorio to build a site and collect data from your own visitors (for example through forms, accounts, or stored records), you are the controller of that data and we act as your processor, handling it on your instructions under our terms and any applicable data processing terms.

3. Information We Collect

  • Account information: Name, email address, and profile data when you sign up or use third-party sign-in (e.g., Google).
  • Content and projects: Websites, pages, and content you create, edit, or publish through Webstorio.
  • Billing information: Plan and transaction details processed through our payment provider when you purchase a paid plan. We do not store full card details.
  • Usage and technical data: How you use the platform, browser and device information, and similar technical identifiers.
  • Visitor analytics (published sites): When analytics cookies are accepted, we collect page views, clicks, engagement duration, referrer, UTM parameters, browser/OS/device, approximate location, and a randomly generated visitor identifier. We use your IP address only transiently to derive an approximate location (city/country) and do not store the raw IP address with analytics events.

4. How We Use Your Information and Legal Bases

We process personal data on the following legal bases (GDPR Art. 6):

  • Performance of a contract: to create and manage your account, provide and operate the service, store your projects and content, and process payments.
  • Consent: for analytics and marketing cookies and for optional communications. You can withdraw consent at any time.
  • Legitimate interests: to secure the platform, prevent abuse and fraud, and improve our services, balanced against your rights.
  • Legal obligation: to comply with applicable laws and lawful requests.

5. Cookies and Similar Technologies

We use a small number of cookies and similar technologies, grouped into categories:

  • Strictly necessary (always on): required for security, sign-in, and to remember your cookie choices.
  • Analytics (opt-in): a session identifier and a visitor identifier cookie (stored for up to 1 year) used to measure usage. These are only set after you accept analytics cookies.
  • Marketing (opt-in): used to measure campaigns, where applicable.

Non-essential cookies are off by default and are only used with your consent. You can change or withdraw your choice at any time using the "Cookie settings" link in the website footer.

6. Sharing, Recipients, and Sub-processors

We do not sell your personal information. We share data only with service providers that help us operate the platform, under confidentiality and data-protection obligations, including:

  • Cloud hosting and database infrastructure providers.
  • Content delivery and security (e.g., Cloudflare).
  • Authentication (e.g., Google sign-in, if you use it).
  • Payment processing for paid plans.
  • Email delivery for transactional and support messages.

We may also disclose information when required by law or to protect our rights, safety, or property.

7. International Data Transfers

We are based in Indonesia and some of our service providers operate outside your country, including outside the European Economic Area. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision, as applicable.

8. Data Retention

  • Account and content data: retained while your account is active and for a limited period afterwards as needed to comply with legal, tax, and accounting obligations, then deleted or anonymized.
  • Analytics events: retained according to your plan's retention window and automatically deleted once that window elapses.
  • Cookie consent record: stored for up to 180 days, after which you will be asked again.

9. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Data portability (receive your data in a portable format).
  • Withdraw consent at any time, without affecting prior processing.

To exercise these rights, email [email protected]. We will respond within one month. To request deletion of your account, contact us at the same address.

10. Right to Lodge a Complaint

If you are in the EU/EEA or UK and believe we have not handled your personal data lawfully, you have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the chance to address your concerns first.

11. Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or alteration, including encryption in transit, access controls, and rate limiting. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

12. Children's Privacy

Webstorio is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

13. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

15. Contact Us

PT Rasylva Digital Lestari, Jakarta, Indonesia. For privacy-related questions or requests, contact us at [email protected].

Webstorio

PT Rasylva Digital Lestari

Jakarta, Indonesia

[email protected]

+62-851-8787-7001

Social

Company

  • About Webstorio
  • About Rasylva.id
  • Contact Us

Product

  • Features
  • Pricing

Resources

  • Documentation
  • Blog
  • Showcase
  • Roadmap
  • Support
  • Feedback form

Legal

  • Privacy
  • Terms

Use Cases

  • Landing Page
  • Company Profile
  • Blog, Articles & News
  • Portfolio
  • Personal Website
  • Online Store
  • Link Directory
  • Event & Invitation
  • Form & Survey
  • Booking System
  • Ticketing System
  • Launch & Waitlist
  • Feedback & Suggestion
  • Donation & Funding

Solutions

  • For Founders
  • For Business Owners
  • For Product Managers
  • For Marketers
  • For Designers
  • For Developers
  • For Sales
  • For Couples
  • For Event Organizers

© 2026 Webstorio. All rights reserved.

English|Bahasa Indonesia