LEGAL REFERENCE

How opahtoto Handles Your Account Data

This is the opahtoto privacy policy. We wrote it to explain, in plain language, what we collect when you open an account, what we keep on file while...

Policy PageLast Updated 2025Indonesia ScopePlain LanguageAccount Data
Browse the Lobby Read FAQ
opahtoto How opahtoto Handles Your Account Data

Privacy Posture and Jurisdiction Scope

This privacy policy applies to opahtoto accounts opened from Indonesia and any supported regions where local law permits. We collect three categories of information: identity details you give us at sign-up, session data your device shares when you browse the lobby, and payment references generated when you fund through DANA, OVO, GoPay or QRIS. We store these on segregated systems, retain them

for the period regulators require, and release them only to the processors who actually need them to settle your transactions. You can ask us to export or delete your record at any time.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

24/7 SUPPORT

Privacy Contact Paths

If anything in this policy needs clarification, or you want to action a data request, reach us through the channels below. Privacy...

Privacy Inbox Email our data desk for export requests, deletion...
In-App Chat Open the chat panel from your account header...
Written Notice For formal data subject requests under Indonesian rules...
WHY VISITORS TRUST US

How We Keep This Policy Honest

Our privacy policy isn't a copy-paste from a template generator. It's reviewed by people who actually run the systems described below, and it changes when our data flows change.

Internal Review

Our compliance team re-reads this policy each quarter against what the platform actually does, so the wording matches the live data flow rather than an older version of opahtoto.

Named Owners

Each section has an internal owner — payments, identity, sessions — who signs off before changes go live. That stops vague claims from sneaking into the privacy text you read.

Change Log

When we update a clause, we note the date and the reason at the foot of this page. You can scroll down to see what shifted between the previous version and the one currently published.

Processor List

We name the categories of processors who touch your account data, including DANA, OVO, GoPay and QRIS rails, so you can see who is actually involved when you top up your balance.

Plain Drafting

We draft in Southeast-Asian English first, not legalese, then a lawyer checks it. The result is a policy you can finish reading without losing the thread halfway through.

User Rights

Export, correction and deletion paths are described in concrete steps, not buried in a paragraph. If a right exists under Indonesian law, we tell you how to use it on opahtoto.

Consistency With Our Other Policy Pages

This privacy policy reads alongside our terms, cookies and account pages. Here's how the wording stays aligned across each one so nothing contradicts.

Terms of Service
Account obligations live in the terms; data handling lives here. Cross-references point both ways so you can move between them without losing context.
Cookie Notice
Browser-level tracking is described in the cookie notice. This privacy policy covers the account-level data those cookies eventually link to once you've signed in.
Account Settings
Toggles you see in your account mirror the categories listed in this policy, so the consent you give in-app matches the wording on this page exactly.
KYC Statement
Identity verification details are summarised here and expanded in the KYC statement. Both documents use the same definitions for identity fields.
Payments Notice
DANA, OVO, GoPay and QRIS reference handling is described consistently in the payments notice and this policy, with no conflicting retention windows between them.
Security Page
How we protect data is summarised under trust here and detailed on the security page, using the same control names so audits line up cleanly.
Contact Page
Privacy contact paths shown above match the channels listed on the contact page, so you reach the same desk regardless of which page you started from.

What This Policy Page Includes

Below are the visible elements that make up this privacy page, so you can scan to the part you actually need rather than reading top to...

Scope Block

The opening section sets out which opahtoto accounts this policy covers, including Indonesia and supported regions, so you know whether the wording on this page applies to your specific account.

Data Categories

A clear breakdown of identity, session and payment-reference data. Each category is named, defined, and tied to the part of the lobby where that data is generated by your activity.

Retention Windows

Concrete time periods rather than vague phrases. You'll see how long account records, session logs and payment references stay on file before they're archived or removed from active systems.

Your Rights

A short list of the rights you can exercise — access, correction, export, deletion — with the exact channel to use for each one. No hunting through paragraphs for the path.

Update History

A dated change log at the foot of the page so you can confirm whether the policy you're reading now is the one that applied when you opened your account.

Contact Block

Direct privacy contact paths sit at the top and bottom of the page, so a question never feels far from an answer when you're scanning this policy on mobile.

Privacy Policy Questions We Get

At sign-up we collect the identity fields needed to open and verify your account: name, contact details, date of birth and the reference linked to your DANA, OVO, GoPay or QRIS funding source.

Active account data stays on file while your account is open. After closure we retain records for the period Indonesian financial and tax rules require, then move them to a restricted archive before final deletion.

We share only the references each rail needs to settle a transaction. DANA, OVO, GoPay and QRIS receive payment fields, not your full account profile, and they operate under their own published privacy terms.

Yes. Send an export request through the privacy inbox or in-app chat. We'll package your identity, session and payment-reference records into a readable file and deliver it within the window stated above.

Submit a deletion request via the privacy inbox. We'll confirm the regulatory holds that apply, remove anything not subject to a hold, and tell you the date the rest will leave our archive.

When wording changes materially, we post the date and the reason in the change log at the foot of the page and notify active accounts by email so you can re-read the affected clause.

This page covers account-level data. Browser cookies are described in our separate cookie notice, which uses the same definitions so the two documents read consistently when you move between them.