Privacy Policy
Effective date: February 20, 2026
LAIT ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the LAIT mobile application and related services, including travel pass ticketing, reward points, tourism, run activity tracking, and account management features.
Information We Collect
a. Account Data
- Full name or display name
- Email address (required for registration)
- Phone number (optional, for OTP verification)
- Profile photo (if uploaded)
b. Ticketing & Transaction Data
- Travel pass purchase history (Daily, Weekly, Monthly)
- Tourist attraction tickets purchased
- QR code scan history for ticket validation
- Transaction IDs and payment method used (QRIS, Virtual Account, Debit, Credit Card)
- Reward point balance and redemption history
- Promo codes redeemed
c. Activity & Fitness Data (Lait Run)
- Running distance, duration, average pace
- GPS route data (only during active sessions)
- Strava sync data (if connected, only with explicit consent)
- Personal diary entries you write
- Event and running challenge participation
d. Device & Technical Data
- Device type, OS version, and app version
- Push notification token (Firebase Cloud Messaging)
- Crash logs and error reports (for app improvement)
- Feature usage for product analytics (anonymous aggregate)
Data We DO NOT Collect
- Full payment card details (card number, CVV, PIN)
- Private messages between users
- Contacts or friend lists from your device
- Private/unpublished Strava activity data
- Biometric data
- Location data outside of active tracking sessions you initiate
How We Use Your Data
We do not sell or rent your personal data to third parties.
Location Data
LAIT requests location access only when you actively use run tracking or transit routing features. We do not track your location in the background without your explicit permission.
Third-Party Services
We integrate third-party services to operate the platform. Each third party has its own privacy policy:
| Service | Purpose |
|---|---|
| Payment Gateways (QRIS, VA) | Ticket & reward payment processing |
| Strava API | Run data sync (optional, with explicit consent) |
| Firebase (Google) | Push notifications, crash analytics, authentication |
| Operator Transportasi | Ticket validation and route data |
| Obyek Wisata Partner | Tourist attraction ticket validation |
Data Storage & Retention
- Data is stored on secure servers with encryption in transit (TLS) and at rest.
- Account data is retained while your account is active.
- Transaction data is kept for 5 years for accounting and legal requirements.
- Run activity and diary data is retained as long as you use the service.
- Upon account deletion, all personal data is erased within 30 days.
Your Rights (GDPR & Local Law)
Access
Request a copy of your data
Correction
Fix inaccurate information
Deletion
Delete your account & all data
Export
Download data in portable format
Objection
Object to certain data uses
Restriction
Limit how we process your data
To exercise your rights, email us at privacy@lait.co.id or delete your account directly from the app settings.
Data Security
We implement reasonable technical and organizational measures to protect your data, including:
Children's Privacy
LAIT services are intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us data, please contact us for removal.
Push Notifications
With your permission, we send notifications for: booking confirmations, ticket status updates, event news, promo offers, and activity reminders. You can disable notifications at any time via device or app settings.
Policy Changes
We may periodically update this Privacy Policy. Material changes will be announced via in-app notification or email before taking effect. The "Effective date" at the top reflects the latest revision.
Contact Us
For questions about this Privacy Policy or to exercise your privacy rights: