Name, email, phone, professional credentials, and Google account data (with your consent)
How We Use It
Event registration, communication, payment processing, and attendee management
How We Store It
Encrypted databases with SSL/TLS, hosted on secure Vercel/Supabase infrastructure
Your Rights
Access, correct, delete your data anytime by emailing admin@isapm2026.org
1. Introduction
Welcome to the ISAPM 2026 website ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at admin@isapm2026.org.
2. DATA COLLECTION - What Information We Collect
We collect personal information that you voluntarily provide to us when you register on the website, express an interest in obtaining information about us or our products and services, when you participate in activities on the website, or otherwise when you contact us.
2.1 Information You Provide Directly
When you register for our event or use our services, we collect:
Identity Information: Full name, professional title, NIK (National ID Number)
Usage Data: Pages visited, time spent on pages, click patterns
Log Data: IP address, access times, referring URLs
2.3 Google Account Data (With Your Consent)
If you choose to connect your Google account, we access:
Basic Profile: Your Google account email address and display name for authentication
Google Sheets Data: For administrators only - event registration data stored in Google Sheets for synchronization purposes
Important: We only access Google data with your explicit consent. You can revoke access anytime at Google Account Permissions.
3. DATA USAGE - How We Use Your Information
We use your personal information only for legitimate business purposes related to the ISAPM 2026 event. Here is exactly how we use each type of data:
Data Type
How We Use It
Name & Email
Account creation, event registration, sending confirmations and event updates
Phone Number
Emergency contact during event, WhatsApp notifications (if opted in)
Professional Info
Verify eligibility for medical professional pricing, generate certificates
Payment Details
Process registrations, issue invoices, verify payments
Google Account Data
Authentication only; Sheets access for admin sync purposes
We DO NOT use your data for:
Selling to third-party advertisers
Creating marketing profiles
Targeted advertising
Any purpose unrelated to ISAPM 2026 event management
4. DATA STORAGE & SECURITY - How We Protect Your Information
We implement industry-standard security measures to protect your personal information:
4.1 Where Your Data Is Stored
Primary Database: Supabase (PostgreSQL) hosted on secure cloud infrastructure with data centers in Southeast Asia
File Storage: Vercel Blob Storage for payment receipts and documents
Backup Systems: Encrypted backups stored separately from primary systems
4.2 Security Measures
Encryption in Transit: All data transmitted using TLS 1.3 encryption (HTTPS)
Encryption at Rest: Database encrypted using AES-256 encryption
Access Control: Role-based access control (RBAC) - only authorized staff can access user data
Row Level Security: Database policies ensure users can only access their own data
OAuth 2.0: Secure authentication - we never see or store your Google password
Regular Audits: Periodic security reviews and vulnerability assessments
4.3 Password Security
User passwords are hashed using bcrypt with salt, making them unreadable even to our administrators. We never store plain-text passwords.
5. DATA SHARING - Who Has Access to Your Information
5.1 We Share Data With:
ISAPM Event Organizers: Registration details for event management, badge printing, and attendance tracking
Hotel Partners (The Singhasari Resort): Only if you book accommodation - name, contact, booking dates
Service Providers:
Vercel (hosting) - technical infrastructure only
Supabase (database) - data storage only
Resend (email) - email delivery only
5.2 We DO NOT:
Sell your personal information to any third party
Share your data with advertisers or marketing companies
Transfer your data to countries without adequate data protection
Use your data for purposes other than event management
5.3 Legal Disclosure
We may disclose your information if required by law, court order, or government regulation, or to protect our legal rights.
6. DATA RETENTION & DELETION - How Long We Keep Your Data
6.1 Retention Periods
Data Type
Retention Period
Reason
Account Information
Until deletion requested or 2 years after event
Account management
Registration Records
5 years after event
Tax and audit compliance
Payment Records
7 years after transaction
Financial regulations
Google API Cache
30 days
Performance optimization
Usage Logs
90 days
Security monitoring
6.2 How to Request Data Deletion
You have the right to request deletion of your personal data at any time. To do so:
Email us at admin@isapm2026.org with the subject line: "Data Deletion Request"
Include your registered email address and specify what data you want deleted
We will verify your identity and process your request within 30 days
You will receive confirmation once your data has been deleted
6.3 Revoking Google Access
To immediately revoke our access to your Google account data, visit your Google Account Permissions page and remove "ISAPM 2026" from the list of connected apps.
7. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information, including:
Right to Access: Request a copy of all personal data we hold about you
Right to Rectification: Request correction of inaccurate personal data
Right to Deletion: Request deletion of your personal data
Right to Restriction: Request we limit processing of your personal data
Right to Portability: Request your data in a machine-readable format
Right to Object: Object to certain types of processing
To exercise any of these rights, please contact us at admin@isapm2026.org. We will respond within 30 days.
8. Updates to This Policy
We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last updated" date and the updated version will be effective as soon as it is accessible. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
9. Contact Us
If you have questions or comments about this policy, you may email us at admin@isapm2026.org or by post to:
Indonesian Society of Anesthesiology for Pain Management The Singhasari Resort & Convention Batu, Malang East Java, Indonesia