Privacy Policy

Who We Are

Silsa is a web-based family tree application operated by Kyoora, an independent software project based in Indonesia. We are the data controller for your account information and the data you store in Silsa. Questions? Email us at janaka.labs@gmail.com.

Data We Collect

We collect account data (email, name), tree data (family names, dates, photos, notes), and technical data (IP, browser info). To run the service we use essential cookies (for example to keep you signed in and remember language); guest trees stay in your browser storage until you clear it. We do not use advertising or third-party tracking cookies. We do NOT collect payment data — Paddle handles payments securely. Silsa is intended for users aged 13 and older; we do not knowingly collect personal data from children under 13. If you believe someone under 13 has signed up, contact us at janaka.labs@gmail.com.

How We Use Data

We use your data to provide the service, send transactional emails, and improve the product via aggregated analytics. We never sell your data or share it for advertising.

Transactional Emails

We send emails only when triggered by your actions or account status: sign-up verification, password reset, tree invitations, and billing notifications. You cannot unsubscribe from transactional emails — they are essential to the service. We do not send marketing newsletters.

Service Providers

Like most online services, we rely on vendors for infrastructure — for example database and authentication, payments (Paddle as Merchant of Record), transactional email, hosting and CDN, and optional Google sign-in. Each provider receives only what they need for their role.

Living People in Family Trees

Your family tree may contain information about living people — relatives who have not consented to their data being stored. Only enter information about others that you have the right to store, be mindful about public trees, and use the role system to control access. We do not verify data you enter about third parties — you are responsible for appropriate permission.

• Only enter information about others that you have the right to store
• Be mindful about marking trees as publicly shared — public trees can be browsed by anyone with the link
• Use the viewer/editor role system to control who can see and edit family data

Public Trees

If you toggle your tree to public, anyone with the link can browse it without logging in. Public trees are accessible by direct link only, not indexed by search engines, and not discoverable via Silsa's own search. You can make your tree private again at any time.

• Accessible by direct link only
• Not indexed by search engines
• Not discoverable via Silsa's own search

You can make your tree private again at any time. After toggling back to private, the content is immediately inaccessible to unauthenticated visitors.

Data Retention

Data is retained while your account is active. If you delete your account, personal data is removed within 30 days. People you delete from a tree are kept in that tree's Trash for up to 30 days — owners and editors can restore or permanently delete them within that window. After 30 days, soft-deleted people are automatically and permanently purged. Guest trees remain in your browser until cleared.

• Active accounts: your data is retained for as long as your account exists
• Soft-deleted people: when a person is deleted from a tree, they are moved to the tree's Trash for up to 30 days. During this window, owners and editors can restore them or permanently delete them. After 30 days, they are automatically and permanently purged.
• Deleted accounts: all personal data and tree data is permanently deleted within 30 days of account deletion
• Guest trees: stored in your browser only; we have no copy
• Anonymized/aggregated logs: may be retained longer for product improvement; these contain no personally identifiable information

Data Security

We use industry-standard security measures: encrypted connections (HTTPS/TLS), row-level access controls, server-side authentication checks, and storage access controls. No system is 100% secure — we will notify you promptly if we become aware of a breach.

• Encrypted connections (HTTPS/TLS) for all data in transit
• Row-level access controls to ensure users can only access their own data
• Server-side authentication checks on all data mutations
• Storage access controls restricting file access to authorized tree members

No system is 100% secure. We will notify you promptly if we become aware of a breach affecting your data.

International Transfers

Your data is primarily stored in the Asia-Pacific region. Some data may pass through other regions via our hosting provider's global CDN. For EU/EEA users, transfers outside the EEA are conducted under appropriate safeguards.

Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you by email or a prominent in-app notice. Continued use of Silsa after changes constitutes acceptance of the updated policy.

• Email (to your registered address)
• A prominent notice in the app

The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Silsa after changes constitutes acceptance of the updated policy.

Contact

For privacy questions or requests — including access, correction, deletion, export of your data, or complaints — email janaka.labs@gmail.com. Applicable laws (including Indonesia's PDP Law and, where relevant, the GDPR) may give you additional rights; tell us what you need and we will respond.

If you are in the EU/EEA and believe your rights have been violated, you may also lodge a complaint with your local data protection authority.