Privacy Policy

Effective Date: April 1, 2026 · Last Updated: April 1, 2026

BEYOND Community Indonesia ("we", "our", or "us") operates the BEYOND Community mobile application (the "App") and website at beyond-community.id. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

Summary: We collect only the data necessary to provide community membership services. We never sell your personal data to third parties.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Full name, email address, phone number, gender, date of birth, and residential address (province, city, district).
  • Vehicle Information: Vehicle Identification Number (VIN/frame number), license plate number, vehicle model, submodel, year, color, and dealership.
  • Vehicle Proof Documents: Photos of vehicle registration documents (STNK) uploaded for verification purposes. These files are encrypted at rest.
  • Profile Information: Profile photo/avatar and display nickname.
  • Communications: Messages sent through in-app community chat groups, service complaints, and support requests.

1.2 Information Collected Automatically

  • Device Information: Device type, operating system version, and unique device identifiers for push notifications (Firebase Cloud Messaging token).
  • Usage Data: App login timestamps, feature usage patterns, and session information.
  • IP Address: Collected during authentication for security and fraud prevention.

1.3 Information We Do NOT Collect

  • We do not access your GPS/real-time location.
  • We do not access your contacts, call logs, or SMS.
  • We do not use advertising trackers or sell data to advertisers.

2. How We Use Your Information

  • Membership Services: Verifying vehicle ownership, generating digital membership cards, and managing community membership status.
  • Community Features: Enabling participation in model-specific and regional chat groups, events, and the marketplace.
  • Communication: Sending push notifications about events, membership updates, and important community announcements.
  • Security: Protecting accounts through two-factor authentication (TOTP), WebAuthn/passkeys, and session management.
  • Service Improvement: Analyzing aggregated, anonymized usage patterns to improve app functionality.

3. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

  • Community Coordinators: Regional coordinators may access member name, province, and vehicle model for community management purposes only.
  • Service Providers: We use Firebase Cloud Messaging (Google) for push notifications. These services process limited device identifiers under their own privacy policies.
  • Legal Requirements: We may disclose information if required by Indonesian law or in response to valid legal processes.

4. Data Storage & Security

  • All data is stored on secured servers.
  • Vehicle proof documents are encrypted at rest using AES-256 encryption.
  • Passwords are hashed using industry-standard encryption.
  • API communications are protected via JWT authentication and CSRF tokens.
  • Sensitive PII fields are encrypted with dedicated encryption keys.

5. Data Retention

  • Active Accounts: Data is retained for the duration of your membership.
  • Deleted Accounts: Upon account deletion request, personal data is permanently deleted within 30 days. Anonymized aggregate data may be retained for statistical purposes.
  • Chat Messages: Chat history is retained for community continuity but will be disassociated from deleted accounts.

6. Your Rights

You have the right to:

  • Access your personal data through the app's Profile section.
  • Correct your information by editing your profile or submitting an update request.
  • Delete your account and associated data. See our Account Deletion page for instructions.
  • Withdraw Consent for push notifications through your device settings.
  • Data Portability: Request a copy of your data by contacting us.

7. Children's Privacy

Our App is not intended for use by individuals under 17 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

8. Third-Party SDKs

The App integrates the following third-party services:

  • Firebase Cloud Messaging (FCM): For push notifications. Firebase Privacy Policy
  • WebSocket: For real-time chat functionality (self-hosted, no third-party data sharing).

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the App or by email. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us: