Privacy Policy

1. About This Policy

We believe that everyone using Allure should be confident in the security of their data. We wrote this Privacy Policy to explain what data we collect, how it’s used, and why.

This policy also provides information based on laws related to the processing of your personal data. Further, this policy sets out the basis by which we will process any personal data that you provide to us or that we obtain from other sources.

Thank you for taking the time to read through this Privacy Policy. If you have any questions, please do not hesitate to contact us at

2. Information About Us

For the purpose of data protection law, Allure ("we", "us", and "our") is the data controller with respect to your personal data.

  1. Our main office address: Jl. KHM Naim III Nomor 1A, Cipete Utara, Kebayoran Baru, Jakarta Selatan, 12150, Indonesia
  2. Our email address: 

3. Definitions

In this policy:

  1. Your “personal data” means any data which relates to you and from which you can be identified. It may include contact details, other personal information, photographs, and videos.
  2. Processing” means any activity or operation that is carried out in respect of your personal data, including collecting, storing, using, transferring, and deleting.
  3. Application” refers to the skin analyzer and recommendation applications collectively named “Allure”.
  4. Child” means any individual under the age of 13 in the Allure application.

4. How We Collect Your Personal Data and What Personal Data We Collect

  1. Information you provide while using the application. This may include your username, email address, and payment information (including credit card details and shipping information), as well as data you fill on our survey. Other personal data may also be contained in photographs you upload to the application. As for this  data, we go through processes to make sure that it is not identifiable by anyone.

    In order to use the application, you are required to provide fullname of yourself and email you’ll be using. Other personal data is not required. Any additional personal data will only be obtained if and when you choose to provide it to us.
  2. Information we collect. This may include your device information (such as operating system/version, hardware model, browser type/version), IP address, Allure login information, usage log for the application, device IDs (such as Apple IDFA or Google AAID), and cookies and similar technologies.

    For more information regarding cookies and similar technologies, please see “9. Information on the use of cookies and similar technologies” below.
  3. Information we collect from other sources. This may include:
    • Information about ad clicks and application installs from marketing platforms
    • Purchase information/history from Midtrans, Xendit, and other payment platforms for products and services ordered through the application
    • Allure usage activity from analytics platforms
    • Shipping information provided by other application users when ordering DVDs, photobooks, and/or other products and services purchased through the application as a gift

5. Purpose and Legal Basis of Processing Personal Data

We use your personal data for the following purposes based on our legitimate interests and/or with your consent:

  • To provide you with our services. Our services include the application, skin condition analyzer, customized content, payment processing for products and services purchased withing the application, and improvements to the application.
  • To provide user support. This includes handling inquiries and complaints, troubleshooting and solving technical issues, and making necessary changes to our services.
  • For marketing analytics. This includes collecting and analyzing data to research usage of the application.
  • To protect against cyberattacks. This includes maintaining the privacy of our users and investigating and deterring unauthorized or illegal activity.
  • For marketing. This includes operating promotional campaigns, measuring the performance of these campaigns, and sending information about our services, products, and features. We do not sell your data to any third parties. We also do not share your data to any third parties for advertising purposes.

6. Disclosure of Personal Data to Recipients

Your personal data may be shared with the following recipients in the situations described below:

  • Authorized employees or affiliates. When necessary, these authorized individuals will access the minimum amount of data required to provide customer support, operate our system and services, or investigate fraud or security issues.

  • Manufacturers and service/shipping providers of products/services ordered through the application. We provide only the minimum amount of information necessary for them to carry out the specific services listed in our contract with them. Further, the information is only used for the exact purposes specified in the contract and all information is deleted after the required task has been completed.

  • Payment service providers. Payments for products/services ordered through the application are processed by secure and trusted payment processors, such as Xendit and Midtrans. We do not store payment information.

  • Infrastructure vendors and other service providers. We store all data on servers provided by secure infrastructure services. We also provide data to service providers who support our business, such as by analyzing how our application is used, providing customer service, conducting surveys, measuring promotional campaigns, and/or sending emails and push notifications to users, for the purpose of processing the data described in the above.

  • Law enforcement bodies. In response to legal requests, we will share the minimum amount of data necessary with law enforcement bodies.

  • Other users invited to your album by you or your partner. The only information accessible by other album members is information that you have provided when using the application.

In order to process personal data as described in “5. Purpose and Legal Basis of Processing Personal Data” above, we retain third-party service providers including the following:

  • Amazon Web Services, Google Cloud Platform (to store data, provide our service, etc.)

  • Google Firebase, Amplitude (for analytics, to send push notifications, etc.)

  • Facebook, Linkedin (for advertising and analytics)

  • NewRelic (to monitor our service)

  • SendGrid (to send emails)

  • Google Forms (to conduct user surveys)

In all cases, we apply strict measures to keep your data safe and your privacy protected. We share your personal data only for the purposes described in “5. Purpose and Legal Basis of Processing Personal Data” above. We do not sell your personal data to any third parties, even in the form of anonymized statistical data.

7. Cross-Border Transfer of Personal Data

Whenever we transfer, store, or process your personal data, we take reasonable steps to safeguard the privacy of your data. Your privacy and safety are important for us.

8. Storage Limit of Personal Data

We retain your personal data for the periods listed below, except when required by law to retain it for a longer period of time. In that case, we retain your data for the period required by law.

  • We retain your personal data until we receive a request from you to delete your account.

  • Photos and videos deleted from the application are removed from our servers automatically within 30 days.

  • Your personal data will be deleted from our servers within 30 days of receiving a request to delete your account.

9. Information on the Use of Cookies and Similar Technologies

We utilize cookies and similar technologies within the application in order to collect certain information, including the following:

  • Tracking IDs. Tracking IDs are used by various third-party service providers to associate multiple sessions (and any activity within those sessions) with a unique ID. Your device sends this unique ID with related engagement data, allowing third-party service providers to attribute all relevant activities to one user.
  • Cookies. Cookies are small text files stored on your device by your web browser. We use first-party cookies and we allow our third-party service providers to use cookies for their services. These cookies store your login details, preferences, or other information in order to provide a more efficient and personalized experience. You can learn more about cookies here
  • IP addresses. We and our third-party service providers collect IP addresses in services relating to the application.

We use the following first-party cookies based on your consent or without your consent only where permitted by applicable laws.



Expiration Time


To keep you logged in while using the Allure Upload Site

10 minutes from last access


To connect you to the right album after clicking an invitation link

14 days from last access


To keep you logged in while using the browser version of the application

14 days from last access


We may change the expiration time frames listed above in order to optimize the application’s usability.

It is possible to disable cookies and other tracking IDs on your device. To learn more, visit the appropriate link below:

10. Your Rights

We acknowledge that you have the right to access and correct your personal data, discontinue our usage of your personal data, and other rights stipulated in each applicable jurisdictional law. You also have the right to lodge a complaint with a data protection authority in the jurisdiction where you reside, where you work, or where the alleged infringement of your rights took place. We will comply with any such request in full accordance with the applicable laws and regulations.

11. Required Personal Data

The following personal data is required to use the application:

  • For users who wants to use our skin analyzer: Your registration data and your self photo.

Please note that you cannot use the application if we cannot obtain the personal data listed above.

12. Privacy of Children

We do not knowingly collect or solicit information from anyone under the age of 13 without parental consent. The application is not directed at children under the age of 13 who register themselves without parental consent, and we do not knowingly allow such persons to register. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have obtained any information from a child under 13 without parental consent, please contact us.

13. Changes to This Privacy Policy

We may occasionally update this Privacy Policy in order to better meet our obligations under privacy law. Significant changes may be accompanied by a notification and/or request for consent, as required by law.

14. Contact

Should you have any questions or concerns regarding this Privacy Notice, please do not hesitate to contact us.


Jl. KHM Naim III Nomor 1A, Cipete Utara, Kebayoran Baru, Jakarta Selatan, 12150, Indonesia


Copyright © 2021 PT Pesona Inovasi Indonesia