Legal · Mobile App

Privacy Diagma

Diagma is a mobile app for overseas study & visa assistance, developed by Bee Mata. This page explains the data the app processes and your rights as a user.

Last updated: June 4, 2026

Data Controller

CV Sekawan Abadi Teknologi (d/b/a Bee Mata)
Tulungagung, East Java, Indonesia
Email: halo@beemata.co.id

This policy applies specifically to the Diagma mobile app available on the Google Play Store and Apple App Store. For the Bee Mata website privacy policy, see the general privacy policy page.

Data We Collect

The Diagma app processes the following categories of data:

  • Account Data — name, email address, and authentication credentials you provide when registering or signing in.
  • Profile Data — profile photo, date of birth, nationality, and passport information you enter to manage travel & study documents.
  • Document Data — scans/photos of documents (passport, visa, acceptance letters, certificates) you upload to your account.
  • Visa & Study Data — destination country, visa type, departure/arrival schedules, and visa application progress.
  • Device Data — device model, OS version, app installation identifier, and push notification tokens (Firebase Cloud Messaging).
  • Diagnostic Data — error logs and crash reports to improve app stability.
  • Notification Data — your notification preferences and the in-app history of notifications you received.

We do not collect precise location, contact lists, microphone audio, or browsing history.

Purpose & Legal Basis for Processing

  • Providing core services (Art. 6(1)(b) GDPR — performance of contract): managing your account, storing documents, tracking visa & study progress.
  • Sending notifications (Art. 6(1)(a) — consent): visa deadline reminders, document status, and important announcements you opt into.
  • Account security (Art. 6(1)(f) — legitimate interest): detecting unauthorized access and protecting data integrity.
  • Product improvement (Art. 6(1)(f)): analyzing anonymized crash reports and diagnostic logs to fix bugs.
  • Legal compliance (Art. 6(1)(c)): responding to lawful requests from authorities.

Storage & Security

Your data is protected by the following layers:

  • Secure on-device storage — authentication credentials are stored via Keychain (iOS) / Keystore (Android) through flutter_secure_storage.
  • Encrypted transport — all server connections use TLS 1.2+ with certificate pinning.
  • Encrypted cloud storage — documents & profile data are stored on cloud infrastructure with encryption at rest.
  • Local cache — offline data is stored encrypted via Hive on your device and can be cleared anytime through the app's settings menu.

Device Permissions

The app requests the following device permissions only when you use the related features:

  • Camera & Photo Library — to take/pick profile photos and scan documents.
  • Storage/Files — to download documents you save.
  • Notifications — to deliver visa deadline reminders and status updates.
  • Internet — for syncing data with the server.

You may revoke any permission at any time through your device's system settings.

Third-Party Recipients & Processors

  • Google LLC (Firebase) — Firebase Cloud Messaging for push notifications and Firebase Crashlytics for crash reports. Processed on Google servers under Standard Contractual Clauses.
  • Apple Inc. — Apple Push Notification service (APNs) for iOS devices.
  • Cloud hosting providers — API servers and document storage.

We do not sell your personal data to third parties and do not use it for targeted advertising.

International Data Transfers

Some processors (Firebase, APNs) process data outside Indonesia. Transfers are safeguarded by Standard Contractual Clauses and GDPR commitments by each provider, ensuring an equivalent level of protection.

Data Retention

  • Account & profile data — retained while your account is active. Erased within 30 days after account deletion.
  • Documents — retained until you delete them, or up to 30 days after account deletion.
  • Diagnostic logs — retained for a maximum of 90 days.
  • Push notification tokens — refreshed automatically and removed when the app is uninstalled or notifications are disabled.

Your Rights

You have the following rights over your personal data:

  • Access and download a copy of your data
  • Rectify inaccurate data
  • Delete your account & all data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability to another service
  • Withdraw notification consent at any time
  • File a complaint with a data protection authority

Account deletion is available directly in-app via Profile → Settings → Delete Account. You may also send a request to halo@beemata.co.id and we will respond within 30 days.

Minors

Diagma is not directed at children under 13. We do not knowingly collect data from anyone under that age. If you believe a child has provided data to us, contact halo@beemata.co.id so it can be removed.

Policy Changes

We may update this policy as the app evolves. Material changes will be announced via in-app notifications and/or email. The "last updated" date above always reflects the current version.

Contact

Questions about this policy or the processing of your data:

CV Sekawan Abadi Teknologi
Email: halo@beemata.co.id
Subject: Diagma Privacy