PRIVACY & COGNITIVE DATA PROTECTION POLICY

Data Controller Entity: PT. Arproyek Evognitive Intelligence ("Arproyek", "We")

Effective Date: 1 April 2026

Regulatory Compliance: Law No. 27 of 2022 concerning Personal Data Protection (PDP Law), Government Regulation No. 71 of 2019 concerning the Implementation of Electronic Systems and Transactions (PSTE).

PREAMBLE: DATA SOVEREIGNTY AND COGNITIVE INTEGRITY

Arproyek operates based on the Original Sovereign Manufacture (OSM) philosophy. We believe that technology should augment human reason, not substitute it, which triggers Cognitive Atrophy. Therefore, this Privacy Policy is structured not only to protect your identity but also to safeguard the integrity of your thought process while you use the Cognitive Orchestration System (COS™) ecosystem.

By using Our services, you understand that We collect data for the purpose of precise academic analytics, not for advertising monetization.

ARTICLE 1: CATEGORIES OF DATA WE COLLECT

In providing services, We act as the Data Controller (for individual users) and Data Processor (for Partner Institutions/Universities). We explicitly collect two main categories of data:

1.1. Administrative Identity Data (PII - Personally Identifiable Information):

• Full name, Student Identification Number (NIM), Educational Institution.

• Institutional/personal email address.

• Authentication credentials (hash* encrypted passwords).

1.2. Cognitive Telemetry Data (Metadata Behavioral):

To enable the academic integrity detection algorithm (V_cog), Our system actively records and analyzes:

• Keystroke Dynamics: Typing speed, pause patterns, and key press rhythm.

• Scroll & Interactivity Behavior: Scrolling patterns on reference documents, cursor movements (mouse tracking), and copy-paste interactions.

• Attention & Reading Time: Real-time duration (milliseconds) a user spends reading journals, articles, or prompts on the active screen before executing a synthesis command.

• AI Execution Logs: History of prompts sent, text generation parameters, and post-generation modifications.

• Environmental Anomaly Detection: Basic device information, browser session, tracking of third-party extensions interacting with the system's DOM, and detection of automation scripts (macro/auto-typer) that potentially manipulate human input.

ARTICLE 2: EXPLICIT CONSENT STATEMENT

By checking the consent box upon registration, you grant Explicit Consent that you are aware of, understand, and authorize Our system (including the V_cog algorithm) to track, record, and analyze Cognitive Telemetry Data as regulated in Article 1.2.

You recognize that this metadata tracking is a prerequisite for system functionality in the "Interest of Academic Integrity Analytics" and cannot be partially disabled while you use this service for academic institution purposes.

Manipulation Prohibition: You also agree that any technical attempt to block, manipulate, or falsify the flow of Cognitive Telemetry Data (including but not limited to the use of auto-typers, macro scripts, or custom browser session modifications) will be recorded as a forensic anomaly and categorized as a direct violation of academic integrity.

ARTICLE 3: PURPOSES OF DATA PROCESSING

We process your data ONLY for the following purposes:

1. Academic Integrity Authentication: Verifying that the written or research output is genuinely the result of the user's rational orchestration, not the result of passive AI generation that bypasses the reading and synthesis process.

2. Cognitive Vector Score (V_cog) Provision: Providing an analytical report to you and/or your Supervising Lecturer/Institution regarding the level of originality intervention in the assignment completion process.

3. Closed System Improvement (R&D): Using anonymized data to train Arproyek's internal anomaly detection models (ArVI/ArGI).

ARTICLE 4: ABSOLUTE PROHIBITION OF DATA SALE (NO THIRD-PARTY MONETIZATION)

We implement the Firewall Clause:

Arproyek guarantees that all your identity data and cognitive telemetry data SHALL NEVER be sold, leased, or exchanged with any third party, including but not limited to data brokers, advertising companies, marketers, or commercial third-party AI platforms outside Our infrastructure.

Data sharing is conducted only with:

• Your Educational Institution: (Based on an official B2G/B2B contract) as an Academic Report.

• Legal Authorities: Only if required by a valid court order in accordance with the laws of the Republic of Indonesia.

ARTICLE 5: SECURITY AND ENCRYPTION STANDARDS (PDP LAW COMPLIANCE)

To comply with the PDP Law, We implement defense-in-depth physical and cyber infrastructure security standards:

1. Data Residency: All of Arproyek's physical databases (Servers) are located within the jurisdiction of the Republic of Indonesia.

2. Data Encryption (Data at Rest): All Identity Data and Cognitive Telemetry Data are encrypted within Our database using the AES-256 encryption standard.

3. Transmission Encryption (Data in Transit): All communication between user devices and Our servers is secured using the TLS 1.3 protocol or higher.

4. Algorithm Isolation: The V_cog system operates in a closed Sandbox environment. Your raw data is not directly exposed to public LLMs (*Large Language Models*) without a sanitation process.

ARTICLE 6: DATA RETENTION AND DESTRUCTION

We do not store your data longer than necessary. Our Retention Policy is as follows:

1. Active Period: Data is stored in full while your account is active or while the contract period between Arproyek and your Educational Institution remains in effect.

2. Academic Audit Retention Period: After the account is deactivated or you graduate, the integrity log data (scores and telemetry evidence) will be stored in encrypted Cold Storage for 5 (five) years to comply with applicable academic and legal audit standards in Indonesia.

3. Permanent Destruction: After exceeding the 5-year retention period, or if your Institution orders deletion (in their capacity as Data Controller), all your identity data and telemetry records will be permanently destroyed through Cryptographic Erasure/Wipe, making them irrecoverable by any party.

ARTICLE 7: DATA SUBJECT RIGHTS

In accordance with the PDP Law, you have the following rights:

1. The right to access your personal data.

2. The right to rectify inaccurate administrative identity data. (Note: This right to data rectification DOES NOT APPLY to Cognitive Telemetry Data and V_cog scores, given that such data constitutes immutable forensic system logs).

3. The right to file a request for data erasure ("Right to be Forgotten").

Academic Integrity Caveat: Considering Arproyek's essential function as an instrument of academic compliance, your right to demand "immediate data erasure," "consent withdrawal," or "cessation of processing" may be suspended or denied if the data is affiliated with submitted academic assignments, is currently being used as evidence in an academic misconduct investigation (*Plagiarism/AI-Generation Dispute*) by your Institution, or is retained based on the Legitimate Interest of higher education regulations.

ARTICLE 8: DATA PROTECTION OFFICER (DPO) CONTACT

Should you have any questions, objections, or wish to exercise your rights under the PDP Law, please contact Our Data Protection Officer (DPO) at:

Email: dpo@arproyek.com

Physical Address: Official Office Address of PT Arproyek

This Privacy Policy may be updated at any time to adjust to regulatory dynamics or system architecture enhancements. Users will be notified via system notification 14 days before any material changes take effect.

Official Document of PT. Arproyek Evognitive Intelligence