LEGAL REFERENCE

How We Handle Your Account Data

This Privacy Policy is the page where we, togeljoni, tell you exactly what we collect when you open an account, what we don't, and why. We've written it...

Account dataCookiesRetentionYour rightsIndonesia
See the Lobby Read FAQ
togeljoni How We Handle Your Account Data

Our Privacy Posture, Plainly Written

We collect only what your account actually needs: your sign-in identifier, a verified contact channel, your chosen wallet reference, and the lobby activity tied to your sessions. Where local law permits, we store this on servers configured for supported regions and retain it for the periods our licensing obliges. We don't sell your data to third parties. Payment partners see only the

transaction fields they need to settle a DANA, OVO, GoPay or QRIS movement — never your full session history. You can ask us to export or erase your record, and we respond within the windows our policy commits to below.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Contact Paths

Team online

Data Requests Inbox

Email our privacy desk directly when you want a copy of your data, a correction, or full erasure. We confirm receipt the same day and close most requests inside seven working days.

Live Chat Privacy Lane

Open the chat widget inside your account and pick the Privacy topic. The agent routes you to a reviewer who handles consent changes, marketing opt-outs and cookie preferences without bouncing your ticket.

Account Settings Panel

Most controls sit inside your account: communication toggles, session history download, and the delete-account flow. We've kept the panel one tap from the lobby so you don't hunt through menus.

WHY VISITORS TRUST US

How This Policy Gets Reviewed

Quarterly Policy Review

Our compliance team re-reads this page every quarter against changes in Indonesian data rules and our licence conditions. Material edits get a dated change-log entry at the foot of the policy.

Named Data Owner

A single internal owner signs off every revision before it goes live. That keeps the wording on this page consistent with what our engineers actually do inside the account and lobby systems.

External Legal Counsel

Indonesian-qualified counsel checks our policy language against local statute before publication. We don't rely on template clauses; each section maps to a real practice inside togeljoni.

Encryption In Transit

Every form on togeljoni — sign-in, DANA top-up, QRIS scan, GoPay link — runs over TLS. Internal services that touch your record authenticate to each other before any field is read.

Access Logging

Staff access to account records is logged, time-stamped and reviewed. If someone on our side opens your file, there's a trace, and unusual patterns trigger an internal alert the same shift.

Breach Response Plan

We keep a written incident playbook. If a breach affecting your data occurs, we notify you through the contact channel on file and the regulator within the windows local law sets.

Consistency Across Our Policy Pages

Privacy vs Terms
This Privacy Policy explains data handling; our Terms cover account conduct. Where they touch — like account closure — both pages point at the same retention windows so you don't see conflicting numbers.
Privacy vs Cookies
Our Cookies notice details trackers and storage keys. This page references it for anything browser-side, so consent choices you make there flow straight into the toggles described here.
Privacy vs KYC
KYC verification has its own notice for identity documents. This policy covers the lighter account data; the KYC page picks up where document uploads begin, with stricter retention.
Privacy vs Payments
Payment-side data — DANA references, OVO tokens, GoPay IDs, QRIS strings — is described here at a high level and detailed in the Payments notice with partner-specific clauses.
Privacy vs Marketing
Marketing consent lives in your account panel. This page lists the legal basis; the Marketing notice lists the channels. Opting out in one place updates the other within the same session.
Privacy vs Complaints
If a privacy request becomes a complaint, the Complaints policy takes over the timeline. The handover is documented so your case keeps its original reference number throughout.
Privacy vs Regional Notices
Where Indonesian rules differ from our base policy, the Regional notice overrides. We flag each difference inline rather than burying it, so you read one consistent document end to end.

What This Policy Page Actually Shows You

Dated Change Log

Every revision date sits at the foot of the page with a one-line summary of what moved. You can scan the log before re-reading the full text and jump straight to changed sections.

Plain-Language Summary

Each clause opens with a short, plain-language sentence before the formal wording. We've kept legalese where law requires it, but you shouldn't need a lawyer to grasp the main idea.

In-Page Anchors

Section headings are linkable anchors so support agents can send you directly to the clause you asked about — retention, consent, third parties — instead of pasting long quotes.

Request Forms Inline

Data export and erasure forms sit inside the relevant sections. You don't have to leave the policy to act on what you've just read; submit and you'll get a reference number on screen.

Glossary Footnotes

Terms like controller, processor and lawful basis are explained in footnotes beneath each section. Hover or tap once and the definition appears without scrolling away from your place.

Mobile-First Layout

The whole policy renders cleanly on the phone you signed in with. Headings stay sticky, tables collapse into stacked rows, and the request buttons remain reachable with one thumb.

Privacy Questions We Hear Most

We collect your sign-in identifier, a verified contact channel, your wallet reference for DANA, OVO, GoPay or QRIS, and the session activity tied to your lobby use. Nothing more is required to get you inside.

Active accounts keep their records for as long as the account is open. After closure, we retain the minimum set our licence and Indonesian law require, then erase the rest on a scheduled cycle.

Yes. Use the export form inside your account or email our privacy desk. We confirm the same day and deliver the file within seven working days, packaged so you can open it without special tools.

Our DANA, OVO, GoPay and QRIS partners only see the transaction fields they need to settle a movement. They don't receive your lobby history, communication logs or marketing preferences from us.

Open your account, tap Communication Preferences, and switch the channels off. The change applies immediately across email and in-app notifications, and our team can't override it from their side.

We follow a written incident plan: contain, assess, then notify you through your contact channel and the regulator within the windows local law sets. You'll get plain-language steps to protect your account.

On this page. Every revision lands here with a date and a short note in the change log at the foot. We don't quietly amend clauses; if wording moves, you'll see it called out.