1. Summary

NADI (Network for Advancing Development and Innovation in Health) takes the privacy of every visitor, contributor, and partner interacting with the platform seriously. This page explains, in plain language, what data we collect, why we keep it, and the rights you hold over that data.

2. Data We Collect

The data we hold depends on how you use NADI:

1. Public visitors — anonymised access logs (IP address, user-agent, the pages you opened) for analytics and security.
2. Newsletter subscribers — email address, subscription date, and the IP recorded at sign-up to prevent spam.
3. Registered contributors — full name, email, bcrypt-hashed password, role, and the activity trail tied to your account (articles you authored, comments, status transitions).
4. Consent-to-publish signatures — when you sign the consent form, we store the signature image, full name, date, and affiliation details exactly as submitted.
5. Direct communications — contact-form submissions, comment replies, and emails you send to the NADI team.

3. How We Use Your Data

Your data is only used to:

• Operate the NADI platform — authentication, article management, and the review workflow.
• Send relevant notifications: registration confirmation, review feedback, approval to publish, and important platform announcements.
• Publish your policy product on your behalf — strictly within the scope of the consent form you signed.
• Investigate security incidents and prevent abuse of the platform.
• Improve service quality through aggregate statistics that do not identify individual users.

4. Storage & Security

Data is stored on cloud infrastructure managed by trusted providers. Passwords are never stored in plaintext — they're hashed with bcrypt. Access to the production database is restricted to admins on a need-to-know basis and recorded in an internal audit log.

Daily backups are taken and kept encrypted for thirty days. Any security incident affecting user data is reported within 72 hours in line with GDPR-style standards.

5. Sharing With Third Parties

We do not sell personal data to anyone. Data is only shared with:

• Cloud infrastructure providers (database, file storage, email delivery) bound by confidentiality contracts.
• Legal authorities when required by a court order or applicable Indonesian law.
• The public — limited to content you've explicitly approved for publication via the consent form.

6. Cookies & Tracking

We use technical cookies to keep your session active and store preferences (e.g. admin display mode, privacy-popup state). We do not use third-party advertising cookies. You can clear these cookies at any time through your browser; the trade-off is that you'll be signed out of any active sessions.

7. Your Rights

As a NADI user you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data through your profile or by contacting the NADI team.
• Delete your account and the data tied to it — except for content already published with your prior consent.
• Restrict processing by temporarily deactivating your account.
• Port your data to another service in a portable JSON / CSV export.

Requests can be submitted to info@nadi-health.id and will be processed within fourteen business days.

8. Users Under Eighteen

NADI is intended for users aged eighteen and over. We do not knowingly collect data from anyone under that age. If we discover such data, the related account is removed immediately.

9. Changes to This Policy

This policy may be updated as the service evolves or regulations change. Material changes are communicated to registered users via email and shown on the dashboard at the first sign-in after the update.

10. Contact

Questions about this privacy policy can be sent to:

• Email: info@nadi-health.id
• Post: Jl. KH Abdullah Syafi'i No. 28, Jakarta 12840, Indonesia