Privacy Policy

Funnelyn is a performance media-buying firm based in Jakarta, Indonesia. We plug into our clients' advertising accounts — Meta, TikTok, Google, Shopify, and similar platforms — and manage paid media spend on their behalf.

In this policy, "Funnelyn", "we", "us", and "our" refer to Funnelyn, an Indonesia (Jakarta) company. "You" refers to the people whose personal data we handle: the staff at our client companies, prospective clients who get in touch, and visitors to our website.

This policy explains what we do with personal data. It is written to align with Indonesia's Law No. 27 of 2022 on Personal Data Protection (Undang-Undang No. 27 Tahun 2022, the "UU PDP"), and other applicable laws where relevant.

We collect a limited amount of personal data, and only what we need to run our business and our clients' campaigns.

Business contact details: When you enquire about our services, sign an engagement, or work with us as a client, we collect names, work email addresses, phone numbers, job titles, and the company you represent. For billing, we collect company billing details and the contact information of the person who handles payments.

Information needed to access client ad accounts: With your authorization, we are granted access to your advertising and analytics accounts (for example, a Meta Business Manager role, a Google Ads manager link, TikTok Ads Manager access, or a Shopify collaborator account). To set this up we record the account identifiers, the access level granted, and the names and emails of the people who administer those accounts on your side.

Website and analytics data: When you visit funnelyn.io, we automatically collect standard technical information such as your IP address, browser and device type, the pages you view, and the site that referred you. We use this to understand traffic and improve the site.

We do not buy, sell, or operate a database of consumer contact records. We are not a data broker.

We use the information we collect to:

Deliver our services. Plan, launch, and manage paid media campaigns inside your advertising accounts; report on performance; and communicate with your team about the work.

Run and bill the engagement. Set up access to your accounts, issue invoices, process payments, and keep proper financial records.

Respond to enquiries. Answer questions from prospective clients and follow up about proposals or onboarding.

Improve our website and operations. Analyze how visitors use funnelyn.io, fix problems, and improve how we work.

Send communications you have agreed to. Occasional updates about our services, where you have consented or where it is reasonably expected as part of an existing client relationship. You can opt out at any time.

Meet legal and security obligations. Comply with applicable law, prevent fraud and abuse, and protect our systems and the accounts entrusted to us.

The core of our service involves operating within advertising platforms that you own and control. This deserves a clear explanation.

When you engage us, you grant Funnelyn delegated access to your own accounts on platforms such as Meta, TikTok, Google, and Shopify. We act on your behalf, under your authorization. The advertising data, audience data, conversion events, and campaign results in those accounts belong to you, the client, and remain governed by your relationship with each platform and by that platform's own terms and privacy policies.

We do not export, copy, or repurpose your audiences or customer data for our own use or for any other client. We use the access solely to manage the campaigns you have asked us to run. Where you instruct us to set up tracking (for example a pixel, conversions API, or analytics tag) on your website or store, that processing is carried out for you and on your behalf, and you remain the controller of the resulting data.

If our engagement ends, your account access can be revoked by you at any time, and we will confirm removal of our access on request.

Our website uses a small number of cookies and similar technologies.

Essential cookies keep the site working and secure.

Analytics cookies help us understand how visitors use funnelyn.io so we can improve it. This data is aggregated and not used to identify individuals.

You can control or block cookies through your browser settings. Blocking some cookies may affect how parts of the site function.

Note that any tracking we configure inside a client's own website or store — pixels, conversion tags, and the like — is separate from the cookies on funnelyn.io and is covered by that client's own privacy policy and cookie notice.

We do not sell personal data. We share it only where necessary to operate, and only with providers bound to protect it.

Advertising and analytics platforms: Meta, TikTok, Google, Shopify, and similar platforms, accessed on your behalf to run campaigns. Your use of these platforms is also subject to their own terms and privacy policies.

Payment processors: We use Xendit and PayPal to process payments and invoices. They handle payment information under their own privacy policies; we do not store full card details.

Email and communications: We use Resend to send transactional and service emails.

Infrastructure and hosting: Reputable cloud and hosting providers that run our website and internal tools.

Legal and safety: We may disclose information where required by law, regulation, or valid legal process, or to protect our rights, our clients, or the public. In the event of a business sale or restructuring, contact records may transfer to a successor under the same protections described here.

We keep personal data only as long as we need it.

Client and contact records are kept for the duration of our relationship and for a reasonable period afterward in case you return or for legitimate business follow-up.

Account access details are removed when an engagement ends and our access is revoked.

Financial and billing records are retained for as long as required by Indonesian tax and accounting law.

Website analytics are retained for a limited period and then aggregated or deleted.

When data is no longer needed for the purpose it was collected, or for legal compliance, we delete or anonymize it.

We take reasonable and appropriate steps to protect personal data and the account access entrusted to us.

- Data is encrypted in transit, and sensitive information is stored securely.
- Access to client accounts and our internal systems is limited to the people who need it, and protected with strong authentication.
- We follow the principle of least privilege for the platform access our clients grant us.
- We review our practices and respond promptly to any suspected security incident, notifying affected parties and the relevant authorities where required.

No system is completely secure, but we work to keep your information safe and ask that you tell us immediately if you suspect any unauthorized access.

Under the UU PDP, and other applicable laws where relevant, you have rights over your personal data:

Access: You can ask what personal data we hold about you and how we have used it.

Rectification: You can ask us to correct or update personal data that is inaccurate or incomplete.

Erasure: You can ask us to delete personal data we hold about you, subject to our legal and legitimate retention obligations.

Withdrawal of consent: Where we rely on your consent, you can withdraw it at any time. This will not affect processing already carried out, and in some cases withdrawing consent may mean we can no longer provide a service.

Objection: You can object to certain processing of your personal data, including processing for direct marketing.

Data portability: Where applicable, you can ask to receive your personal data in a structured, commonly used format, or to have it transmitted to another party.

To exercise any of these rights, contact our Data Protection Officer at privacy@funnelyn.io. We will respond within the timeframes required under the UU PDP.

Funnelyn is based in Jakarta, Indonesia, and your data is primarily handled here. Some of our service providers — for example advertising platforms, payment processors, and cloud hosting — operate internationally, so personal data may be transferred to and processed in other countries.

When personal data leaves Indonesia, we take steps required by the UU PDP to ensure it receives a comparable standard of protection, including through contractual safeguards with our providers, and we comply with other applicable laws where relevant.

Our services are business-to-business and are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact privacy@funnelyn.io and we will delete it.

We may update this policy from time to time to reflect changes in our practices or in the law. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify our clients directly. Your continued use of our services or website after an update means you accept the revised policy.

If you have questions about this policy or how we handle personal data, or to exercise your rights, please get in touch:

Data Protection Officer: privacy@funnelyn.io
General enquiries: hello@funnelyn.io
Address: Funnelyn, Plaza Aminta Lantai 5/504, Jl. Simatupang No. Kav. 10, RT.6/RW.14, Pd. Pinang, Kec. Kebayoran Lama, Jakarta Selatan, DKI Jakarta 12310, Indonesia

If you are not satisfied with our response, you may contact the relevant Indonesian personal data protection authority under the UU PDP.