Privacy Policy

Ripllo is the creator-marketplace product of PT Forjio Teknologi Indonesia, registered in Indonesia. We operate ripllo.com. You can reach us at support@forjio.com.

We process two categories of personal data:

Account data — name, email, password hash, phone (optional), workspace role. Provided by you when you sign up via Huudis (our SSO).

Connected platform data — when a creator connects Instagram, TikTok, YouTube, or Threads via OAuth, we receive: the platform handle, follower count, public profile metadata, and aggregate engagement metrics (likes, comments, reach) on the creator's recent posts. For Instagram specifically we also fetch follower demographics (age, gender, country) when the account has at least 100 followers — only the aggregate breakdown, never individual follower identities.

Usage data — pages viewed, actions taken, IP address, user-agent — for security, fraud prevention, and product improvement.

We do not collect: passwords for connected platforms (we never see them — OAuth gives us scoped tokens), DMs, follower lists, or any data we did not explicitly request a scope for.

To provide the service — show verified creator stats to merchants, route campaign invitations, calculate payouts, run abandoned-cart reminders.

To improve the product — aggregated, non-identifying analytics on feature usage.

To meet legal obligations — tax records, fraud investigations, and regulator requests when properly served.

We do not sell personal data. We do not show you advertising on Ripllo, and we do not share creator stats with third-party advertisers.

When you click "Connect" on the verified-stats page, you are redirected to the platform's own OAuth screen. The platform — not Ripllo — authenticates you and asks you to grant a specific set of scopes. We only receive the data covered by the scopes you grant.

For Instagram via Facebook Login for Business we request:

instagram_basic — handle, profile info, public media

instagram_content_publish — required by Meta's configuration; we do not publish on your behalf

pages_show_list — to find which Page is linked to your IG

pages_read_engagement — read aggregate engagement metrics

business_management — required by Meta to issue user-scoped tokens

Your access tokens are encrypted at rest using HMAC-wrapped credentials. They never leave our backend, and we refresh them transparently on schedule. You can revoke access at any time — either from your stats page in Ripllo, or directly from the platform's app settings.

Production data is hosted in Singapore on DigitalOcean infrastructure, encrypted at rest and in transit. Backups are encrypted and retained for 30 days.

Account data: until you delete the account, then 30 days for backup expiry.

Connected platform tokens: until you disconnect or revoke; deleted within 24 hours of either.

Connected platform stats: deleted alongside the token.

Audit / security logs: 90 days.

Tax & invoice records: as required by Indonesian law (typically 10 years).

You can:

Request a copy of the data we hold about you

Request correction of inaccurate data

Request deletion (see data deletion)

Withdraw consent for connected-platform processing by disconnecting that platform

Object to processing for product analytics

Email support@forjio.com to exercise any of these rights. We respond within 30 days.

We share data with the following processors, all under data-processing agreements:

DigitalOcean — hosting

Resend — transactional email delivery

Plugipay — payment processing for payouts and merchant subscriptions

Huudis — single sign-on (operated by the same group company)

We share the minimum necessary data for each processor to perform its function. We do not sell data to advertisers, data brokers, or any third party.

Ripllo is not intended for users under 18. We do not knowingly collect data from minors.

We will post material changes to this policy on this page and notify active users by email at least 14 days before they take effect.

The data controller for Ripllo is:

PT Forjio Teknologi Indonesia
Jl. Parkit, Blok I, No. 48, RT 004, RW 001, Cempaka Permai, Gading Cempaka, Bengkulu, Bengkulu 38221
Phone: +62 815-2999-0219
Email: support@forjio.com (subject line tag: [privacy])

Data subject requests under UU No. 27/2022 (Pelindungan Data Pribadi) — including access, correction, deletion, and portability — go to the email above. We respond within 30 days.