Privacy Policy

Last updated: March 1, 2026

1. Introduction

LVL OTP Engine ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our authentication and OTP delivery services, website, and API platform (collectively, the "Services").

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our Services immediately.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, billing address, and payment details when you register for an account.
  • API Usage Data: Phone numbers and message content processed through our OTP delivery infrastructure on behalf of our clients.
  • Communications: Information you provide when contacting our support team or filling out forms on our website.

2.2 Information Collected Automatically

  • Log Data: IP address, browser type, operating system, referring URLs, access times, and pages viewed.
  • Device Information: Hardware model, operating system version, unique device identifiers.
  • Usage Analytics: API call frequency, delivery success rates, and service performance metrics.
  • Cookies: We use cookies and similar tracking technologies to enhance your experience. See our Cookie Policy for details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our OTP and authentication Services.
  • To process transactions and send related billing information.
  • To send OTP messages and verification codes on behalf of our clients.
  • To monitor and analyze usage patterns, trends, and performance of our Services.
  • To detect, prevent, and address fraud, abuse, and technical issues.
  • To communicate with you about updates, security alerts, and support inquiries.
  • To comply with legal obligations and enforce our terms of service.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information in the following circumstances:

  • Service Providers: We share data with trusted third-party providers (SMS gateways, cloud infrastructure, payment processors) who assist in delivering our Services, subject to confidentiality agreements.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
  • With Consent: We may share information with your explicit consent or at your direction.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. OTP message logs are retained for a maximum of 90 days for audit and fraud prevention purposes, after which they are permanently deleted.

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), access controls, and regular security audits. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. International Data Transfers

Our servers are located in Singapore and Indonesia. If you access our Services from outside these regions, your information may be transferred to and processed in these countries. We ensure appropriate safeguards are in place for cross-border data transfers.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information.
  • Object to or restrict certain processing activities.
  • Request data portability.
  • Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at [email protected].

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our Services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • Email: [email protected]
  • Address: Jl. Sudirman No. 88, Senayan, Jakarta Selatan 12190, Indonesia
  • Phone: +62 21 5089 7700