Where is my data stored?
All data is stored in Google Cloud Platform Jakarta (asia-southeast2). Data will never leave Indonesian territory — including for backup and disaster recovery.
Your data is never used to train AI and remains entirely yours.
Veritask protects your company data with enterprise-grade security standards and full compliance with Indonesian regulations.
PDP LAW
NO. 27/2022
KOMINFO
PSE REGISTERED
Four foundations that protect your data.
A layered security approach designed to meet enterprise needs in Indonesia, without compromising on speed and user experience.
End-to-End Encryption
All data is encrypted with AES-256 bit, both in transit and at rest.
AES-256 · TLS 1.3
Strict Access Control
Multi-factor authentication and role-based access control for all users.
MFA · SSO · RBAC
Secure Infrastructure
Hosted on Google Cloud Platform Jakarta with a guaranteed 99.9% uptime SLA.
GCP · asia-southeast2
Guaranteed Compliance
Compliant with the Indonesian PDP Law and registered as a PSE under Kominfo.
PDP Law · PSE Kominfo
Your data stays in Indonesia.
All your company data is stored and processed in the Google Cloud Platform Jakarta data center (asia-southeast2). Not a single byte leaves Indonesian territory.
- Data center located in Jakarta, asia-southeast2 GCP region, tier-III certified.
- Compliant with Kominfo regulations, registered as an Electronic System Operator (PSE).
- Automatic backups in the same region with 30-day retention.
- Low latency, averaging under 20ms for users in Indonesia.
"All your data is stored and processed in the Google Cloud Platform Jakarta data center. Data will never leave Indonesian territory."
Data Sovereignty Policy · Veritask
Meeting standards, both local and international.
Up-to-date compliance status, complete with supporting documents. Transparent, verifiable, no over-claims.
| Regulation | Details | Status | Action |
|---|---|---|---|
PDP LawNo. 27 / 2022 | Fully compliant. Data Protection Officer appointed, all PDP controls implemented. | Compliant | |
Kominfo PSEPSE Registration | Registered as a Private Electronic System Operator. Jakarta data center. | Compliant |
Layered security architecture.
Web Application Firewall
Protection from OWASP Top 10, SQL injection, XSS, and other web attacks.
Cloudfare WAF
DDoS Protection
Automatic mitigation of DDoS attacks with absorption capacity up to 100+ Tbps.
L3/L4 + L7
Encrypted Communication
TLS 1.3 with Perfect Forward Secrecy for all inbound and outbound connections.
TLS 1.3
Secure Database
Encrypted at rest with AES-256, automatic key rotation every 90 days.
AES-256
All the controls you need.
Multi-Factor Authentication
Two-step verification prevents 99.9% of unauthorized access to company accounts.
TOTPWebAuthnSMS
Single Sign-On (SSO)
Integration with corporate Active Directory. SAML 2.0 and OIDC fully supported.
SAML 2.0OIDCSCIM
Complete Audit Trail
Every activity logged for 2 years. Exportable for compliance audits.
2yr retentionCSV / JSON
Automatic Backup
Daily backup with 30-day retention. Point-in-time recovery down to the minute.
30d retentionPITR
Role-Based Access Control
Granular permission management with the principle of least privilege.
RBACCustom roles
Session Management
Auto-logout after idle. IP allowlist and device management per user.
IP allowlistDevice pinning
Frequently asked questions.
The questions most often asked by enterprise security and compliance teams.
Is Veritask compliant with PDP Law No. 27/2022?
Yes, Veritask is fully compliant with the PDP Law. We have a certified Data Protection Officer (DPO) and implement all required controls, including data subject rights, breach notification, and privacy impact assessments.
How is the data backup process performed?
Automatic backups run every day at 02:00 WIB, with 30-day retention. Point-in-time recovery is available to restore data to a specific moment. All backups are stored in the same region (asia-southeast2).
Are there regular security audits?
Yes, we conduct internal security audits every 6 months and annual penetration testing by a certified third-party security firm. Audit results are available to enterprise customers via the Trust Center.
What happens in the event of a data breach?
In accordance with the PDP Law, we are committed to breach notification within 72 working hours to affected parties and the relevant authorities. Our incident response runbook is tested every quarter.
Have questions about security?
Our team is ready to help you — from vendor due diligence to comprehensive security review for procurement.