1. Introduction

This Privacy Policy describes how our security-focused web browser ("XecureBrowser") handles user information. Our core principle is simple: we do not collect, store, or share any personal data from users. This policy is designed to align with Indonesia Personal Data Protection Law (Undang-Undang No. 27 Tahun 2022 tentang Pelindungan Data Pribadi / PDP Law).

2. Data Collection (Zero Data Collection Model)

We do not collect or process personal data. This includes, but is not limited to:

  • Browsing history
  • Search queries
  • Device identifiers
  • Location data
  • Cookies for tracking
  • Telemetry or analytics
The Browser operates primarily on the user’s device and does not transmit personal data to us.

3. Limited Backend Access (Whitelist Service Only)

The Browser connects to a minimal backend service solely for the purpose of retrieving a whitelist of allowed websites or resources. Key characteristics of this service:

  • No personal data is sent to the service
  • No user tracking is performed
  • The service only provides static or periodically updated whitelist data
This design ensures that backend interaction does not compromise user privacy.

4. Legal Basis and Compliance

Because we do not collect or process personal data, most obligations related to lawful processing under the PDP Law are not triggered. If future features introduce optional data processing, we will ensure:

  • Clear user consent
  • Purpose limitation
  • Data minimization
  • Transparency

5. User Rights

We respect user rights under the Indonesian PDP Law, including:

  • Right to access personal data
  • Right to correction
  • Right to deletion
  • Right to withdraw consent
Since no personal data is collected, these rights will generally not apply in practice. However, users may contact us for clarification.

6. Data Storage and User Control

All data generated during browser usage (e.g., cache, cookies, local storage) is stored locally on the user’s device. Users have full control and can:

  • Delete browsing data at any time
  • Configure storage preferences
We do not store or have access to this local data.

7. Data Sharing

We do not:

  • Share personal data with third parties
  • Sell or monetize user data
  • Provide data access to advertisers or external parties

8. Third-Party Services and Websites

The Browser enables access to third-party websites and services. These services may independently collect personal data according to their own policies. We are not responsible for third-party data practices. Users are encouraged to review their privacy policies.

9. Security Measures

We implement privacy-by-design and security-by-design principles, including:

  • Local-first architecture
  • No telemetry or tracking infrastructure
  • Minimal backend interaction (whitelist only)
  • Secure default configurations
Our approach minimizes risk by eliminating unnecessary data processing.

10. Data Retention

We do not retain personal data because we do not collect it. Any local data retention is fully controlled by the user on their own device.

11. Children’s Privacy

We do not knowingly collect personal data from children or any users.