Privacy Policy

Last Updated: 1 November 2026

Niagora is committed to protecting the confidentiality and privacy of your corporate data. This policy explains the type of data we collect in our B2B ecosystem, the purpose of its collection, and with whom we share that data.

1. Business Compliance Data Collection (KYB)

Unlike B2C platforms, Niagora collects a set of legal corporate data (*Role-Based Data*) to ensure entity validity. We collect:

  • Business Entity Data: NIB (Business Identification Number), Corporate Tax ID/NPWP, Deed of Establishment, and operational correspondence address.
  • Responsible Person Data: ID Card of the Managing Director / legal representative, company email (*corporate email*), and mobile number.
  • Financial Data: Corporate bank account for fund disbursement (*withdrawal*) purposes for Sellers.

2. Audit Log Data Collection (*Audit Log*)

Every activity on the platform, especially those concerning the procurement workflow, is recorded in the audit trail:

  • History of approvals/rejections by each sub-account (Purchasing, Accounting, Finance, Director).
  • History of creation, price changes, and signing of B2B Contract documents (Price Lock).
  • This data is permanently recorded and stored in our system and cannot be modified or deleted by any party to comply with your company's audit standards.

3. Data Sharing with Third Parties

Niagora never sells your corporate data. We only share encrypted data with our infrastructure partners on a strictly-need-to-know basis to process transactions:

  • Payment Gateway (Xendit & Midtrans): Transaction ID and nominal amount to issue Virtual Accounts (VA), as well as Seller banking data for the purpose of releasing funds from Escrow (Disbursement).
  • Logistics Aggregator (Biteship): Warehouse address (Seller), shipping address (Buyer), product dimensions, and weight for calculating expedition rates and generating logistics receipts.
  • Compliance Verification (OSS, DJP, AHU): We match profile data with government databases to validate your entity's registration number.

4. Data Infrastructure Security

All data, documents, and communications are secured using Transport Layer Security (TLS) encryption during transmission, and encryption *at-rest* in our high-security certified cloud facilities (AWS/GCP). Specifically for sub-account passwords, we apply one-way hashing so that Niagora staff cannot know your *password*.

5. Data Retention Policy

We use a soft deletion scheme (soft delete). When you decide to delete an entity or close an account on Niagora, the system will only hide your account from the public interface. Given the nature of B2B transactions which require data availability for inter-entity tax reporting (Value Added Tax/VAT), we are obliged to retain historical transaction data and *invoices* for at least 10 (ten) years in accordance with Indonesian legislation.

6. Data Privacy Service Contact

For requests to export corporate audit histories, data security clarifications, or KYB review requests, please contact our team at privacy@niagora.app.