Trust Center

Keamanan tingkat enterprise
untuk semua tier.

Encryption-at-rest, audit log immutable, UU PDP compliant, dan PSE Kominfo registered. Dirancang dari hari pertama untuk B2C, B2B, dan B2G.

UU PDP CompliantPSE Kominfo (terdaftar/proses)ISO 27001 ReadySOC 2 TrackLast audit: 2026-Q2

Encryption

AES-256-GCM at-rest untuk semua credential, API key, OAuth token
TLS 1.2+ in-transit (HSTS preload eligible)
Argon2id password hashing (memory-hard, future-proof)
HMAC-SHA256 webhook signature (v1, Stripe-style)

Access Control

Granular API scope (resource:action) + IP allowlist CIDR
JWT auth dengan rotation policy 7 hari
PostgreSQL Row-Level Security per tenant_id
Platform role (USER/SUPPORT/ADMIN/SUPER_ADMIN) untuk admin console

Audit & Compliance

Setiap API call ke /api/v1/* di-log: request_id, latency, IP, status, error
Retensi audit log 7 tahun (Enterprise unlimited)
Export CSV/JSON untuk audit SOC 2 / ISO 27001 prep
Tamper-evident hash-chain (Phase 2 B2G)

Infrastructure

Default region: Contabo Singapore (ISO 27001)
B2G: Lintasarta Cloudeka Jakarta (PSE Kominfo, ISO 27001)
Daily encrypted backup ke S3, retensi 30 hari
Per-tenant Qdrant collection isolation (vector store)

Incident Response

24/7 internal SOC monitoring (Enterprise tier)
Sentry error tracking + PagerDuty alerting
Breach notification SLA: 72 jam (UU PDP Pasal 46)
Public status page: status.bantucs.com (Phase 2)

Privacy by Design

Right to deletion (UU PDP Pasal 5) — 14d processing window
Data minimization: hanya field yang perlu di-store
Opt-out auto-detect (STOP/BERHENTI) untuk broadcast
Consent management untuk end-user customer

Uptime target Pro+

99.9%

Breach notification SLA

72 jam

Encryption

AES-256-GCM

Backup retention

30 hari

Audit log retention

7 tahun

Region default

SG / Jakarta

Compliance & Certifications

Active

UU PDP (UU 27/2022)

Data Subject Rights, breach notification, DPO appointed

Active

PSE Kominfo (PP 71/2019)

Registered (proses verifikasi)

Active

UU KUP (Perpajakan)

Retensi transaksi 10 tahun

Active

OJK (via Duitku)

Payment processor OJK-licensed

In Prep

ISO 27001:2022

Gap analysis selesai, audit Q4 2026 target

In Prep

SOC 2 Type II

Q2 2027 target untuk Enterprise

Security Disclosure

Menemukan kerentanan? Kami menghargai responsible disclosure. Hubungi hello@bantucs.com. Bug bounty program akan dibuka Phase 2.

security.txt

Compliance & Certifications

Active

UU PDP (UU 27/2022)

Data Subject Rights, breach notification, DPO appointed

Active

PSE Kominfo (PP 71/2019)

Registered (proses verifikasi)

Active

UU KUP (Perpajakan)

Retensi transaksi 10 tahun

Active

OJK (via Duitku)

Payment processor OJK-licensed

In Prep

ISO 27001:2022

Gap analysis selesai, audit Q4 2026 target

In Prep

SOC 2 Type II

Q2 2027 target untuk Enterprise

Keamanan tingkat enterpriseuntuk semua tier.

Encryption

Access Control

Audit & Compliance

Infrastructure

Incident Response

Privacy by Design

Compliance & Certifications

Security Disclosure

Keamanan tingkat enterpriseuntuk semua tier.

Encryption

Access Control

Audit & Compliance

Infrastructure

Incident Response

Privacy by Design

Compliance & Certifications

Security Disclosure

Keamanan tingkat enterprise
untuk semua tier.

Keamanan tingkat enterprise
untuk semua tier.