K Karya1
Request early access

Legal

Privacy Policy

Last updated: 11 May 2026

This Privacy Policy explains how Metatech ID (PT Metatech Indonesia) (operating Karya1, an AI-powered applicant tracking system available at karya1.com and app.karya1.com) collects, uses, shares, and protects personal data. We comply with Indonesia’s Undang-Undang Pelindungan Data Pribadi (UU PDP, Law 27/2022) and apply equivalent EU GDPR principles when EU residents apply through Karya1.

1. Who we are

Karya1 is built and operated by Metatech ID (PT Metatech Indonesia), an Indonesian company. We are the data controller for personal data collected on this website and the recruiter dashboard. Our hiring customers (companies posting roles through Karya1) act as independent data controllers for candidate data they receive from us.

2. Information we collect

We collect personal data in three contexts:

2a. Candidates

  • Identity: full name, email, phone, LinkedIn profile URL.
  • Professional history: CV / resume content (work history, skills, education).
  • Application context: the role applied for, source of the application, recruiter notes.
  • AI screening output: a score and structured rationale (skills / experience / company pedigree / trajectory / tenure / education) generated by an AI model from the CV text against the role requirements. Section 4 explains how this is used.

2b. Recruiters and hiring teams

  • Account: name, work email, profile photo (from Google sign-in), workspace membership.
  • Activity: actions taken in the dashboard (which CV opened, screen runs, stage moves).

2c. Website visitors

  • Technical: IP address, browser user-agent, referer, pages visited. Used for security and traffic analytics only.
  • We do not currently use third-party analytics cookies on the public site.

3. Lawful basis for processing

Under UU PDP Article 20 and GDPR Article 6, we rely on:

  • Consent — for candidate applications. By submitting your CV (directly or via a recruiter who pastes your LinkedIn URL on your behalf), you consent to Karya1 storing and processing it for the purposes in Section 4.
  • Performance of a contract — for the recruiter team using the dashboard.
  • Legitimate interest — for security logs and fraud prevention.

4. How we use information

  • To match candidates to open roles using AI-assisted screening.
  • To let recruiters review applications, leave notes, and move candidates through the hiring funnel.
  • To communicate about an application (status, interview invitations) on behalf of the hiring company.
  • To improve the product (aggregate, de-identified analytics — never resold to third parties).
  • To meet legal obligations (e.g. Indonesian tax records for our recruiter customers).

AI-assisted decisions. Karya1 uses an AI model (Anthropic’s Claude) to generate screening scores and structured rationales. These outputs are decision-support, not decision-making: a human recruiter sees the AI output and decides whether to advance, decline, or further review the candidate. We explicitly mask name, age, gender, religion, marital status, exact address, and school name from the AI prompt to reduce bias.

5. How we share information

We share candidate data only with:

  • The hiring company whose open role the candidate applied to. Each company sees only its own pipeline.
  • Service providers we use to run the product (e.g. infrastructure hosting, transactional email). They process data only on our written instructions and may not use it for their own purposes.
  • Authorities when required by Indonesian law or a valid legal process.

We do not sell personal data, share it with advertising networks, or use it to train third-party AI models.

6. AI vendors

Karya1 currently uses Anthropic Claude (operated by Anthropic PBC, USA) for screening scores and job-description generation. CV text and the role’s screening rubric are sent to Anthropic’s API and processed under Anthropic’s commercial terms. Anthropic does not use API inputs to train their models. PII is masked from the prompt as described in Section 4.

7. Data retention

  • Active applications: kept while the role is open and for 12 months after, in case the recruiter wants to revisit the candidate for a future role.
  • Closed applications: deleted within 24 months of decision unless you ask us sooner.
  • Recruiter accounts: deleted within 30 days of workspace deactivation.
  • Security logs: 90 days.

8. Your rights (UU PDP + GDPR)

If your personal data is in Karya1, you have the right to:

  • Access — ask what data we hold about you.
  • Rectify — correct inaccurate data.
  • Delete — request erasure of your application or account.
  • Withdraw consent — at any time, for any consent-based processing.
  • Object — to legitimate-interest processing.
  • Portability — receive your data in a machine-readable format.
  • Human review of AI decisions — ask a human recruiter at the hiring company to review any AI-assisted decision that affected your application.

Email privacy@karya1.com to exercise any of these rights. We respond within 30 days. You may also lodge a complaint with the Indonesian data protection authority (Lembaga Pelindungan Data Pribadi) once it is operational.

9. Security

Karya1 runs on a dedicated server with TLS for all traffic, role-based access control inside the dashboard, encrypted backups, and audit logging of every screening run. We do not store passwords — authentication is via Google OIDC. Recruiters can only see data scoped to their workspace.

10. International transfers

Some service providers (notably Anthropic and our cloud infrastructure) process data in the United States. Where this involves personal data of EU residents, we rely on the relevant Standard Contractual Clauses and the providers’ own SOC 2 / ISO 27001 attestations.

11. Children’s privacy

Karya1 is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has applied through Karya1, contact us and we will delete the record.

12. Changes to this policy

We will update this page when the policy changes and update the “Last updated” date at the top. Material changes are announced via email to active recruiter accounts. Continued use of Karya1 after a change means you accept the updated policy.

13. Contact

For privacy questions, requests, or complaints:

This policy was drafted with the help of AI for clarity and structural completeness, and is published in good faith based on UU PDP and GDPR principles. It is not legal advice. Metatech ID (PT Metatech Indonesia) reviews this document on each material product change and at least annually.

K Karya1

AI-powered ATS for Indonesian companies. Built by Metatech. Powered by the same engine that runs Pandai admissions.

© 2026 Metatech. All rights reserved.Made in Jakarta · UU PDP compliant