LEGAL REFERENCE

How We Handle Your Account Data

This is the totoabadi privacy policy — a plain read of what we collect when you open an account, how we keep your session data, and which parts...

Policy v3.2Indonesia-firstAccount dataConsent choicesUpdated quarterly
View Game Library Read FAQ
totoabadi How We Handle Your Account Data

Policy Scope and Indonesia Jurisdiction

This policy applies to every page on totoabadi.app and to the account flow behind it, where local law permits. We collect three buckets of data: identity fields you give us at sign-up, device and session signals while you browse the lobby, and payment reference tokens passed between us and your DANA, OVO, GoPay or QRIS provider. We don't store full wallet credentials

— those stay with your e-wallet. Account data is held inside supported regions and is retained only as long as your account is active, plus the window Indonesian financial rules ask us to keep. You can request a copy, ask us to correct a field, or close the account from your profile page. Changes to this policy are versioned at the top

of the document so you can see what shifted.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Contact Paths

Three ways to reach our privacy desk if something in your account data needs attention or correction.

Privacy Inbox Email our data team directly for access requests, corrections, or account closure. We aim to acknowledge within one business day and resolve standard requests inside the seven-day window.
In-App Chat Open the chat bubble from your account page and select the Privacy topic. Your session token routes you straight to a reviewer who can see the consent flags on your profile.
Written Notice Post a signed letter to our Indonesia correspondence address listed in the account footer. We use this channel for formal data subject requests that need identity verification beyond email.
TRUST MARKERS

How This Policy Is Maintained

Editorial signals showing this policy is reviewed by real humans, not auto-generated boilerplate.

Quarterly Review

Our compliance lead re-reads every clause four times a year and dates the version header. If a payment partner changes...

Named Reviewers

Each policy version is signed off by a data protection officer and a legal counsel familiar with Indonesian financial regulation...

Plain Language

We rewrite legalese into sentences you can actually parse on a phone screen. Where a term is unavoidable, a short...

Change Log

Every edit lands in a public changelog with the date, the section touched, and a one-line reason. You can scroll...

Partner Audits

We review the data-handling posture of DANA, OVO, GoPay and QRIS integrations annually and update this policy if the scope...

Reader Feedback

If a clause confuses you, the feedback link at the bottom of this page routes straight to the editor who...

Consistency Across Our Policy Pages

How this privacy policy lines up with our other legal documents so the wording stays predictable.

Terms of Service
The terms page governs account behaviour; this privacy policy governs account data. Definitions of account, session, and supported regions are shared between the two documents word-for-word.
Cookie Notice
Cookie categories named here match the toggles on the cookie banner. If you switch a category off there, the corresponding data flow described in this policy stops within the same session.
KYC Statement
Identity verification fields listed in our KYC statement are the same fields referenced under identity data here. Retention windows align so nothing is held longer in one document than the other.
Payments Disclosure
DANA, OVO, GoPay and QRIS handling described in the payments disclosure mirrors the payment reference section in this policy. Tokens, not credentials, in both places.
Acceptable Use
Behaviour rules in the acceptable use page reference this policy whenever a breach involves account data, so enforcement actions cite consistent definitions across both documents.
Complaints Path
The complaints page directs privacy-flavoured issues back to the contact paths above, keeping a single route for data-subject requests rather than splitting them across forms.
Version Headers
Every legal page on totoabadi carries the same version-header format: document name, version number, effective date, and reviewer initials. Easy to cross-check at a glance.

What Defines This Policy Page

Six layout elements that make this privacy policy easy to read on a phone and easy to act on from your account.

Version Header

The top of the page carries the current version number and effective date so you can see at a glance which iteration of the policy is governing your account today.

Section Anchors

Each clause has a short anchor link you can copy and share. Handy when you want to point our support desk at the exact paragraph you have a question about.

Consent Snapshot

A small panel mirrors the consent flags currently set on your account. If you toggle marketing or analytics off in your profile, the snapshot here updates on your next visit.

Data Map

A short visual map shows which data buckets sit where — identity, session, payment reference — so the abstract clauses have a concrete shape you can follow.

Plain-Language Notes

Margin notes translate the heavier legal phrasing into everyday wording. They're written by the same editor who maintains our help centre, so the voice stays consistent.

Changelog Footer

At the bottom, the changelog lists every edit made to this policy with date, section and reason. Older versions remain accessible through the archive link beside it.

Privacy Policy Questions

We store the identity fields you give us at sign-up, session signals from your browser, and payment reference tokens from DANA, OVO, GoPay or QRIS. Full wallet credentials never reach our servers — those stay with your e-wallet provider.

Active accounts keep their data as long as the account stays open. After closure, we hold a minimal record for the window Indonesian financial rules require, then the remaining fields are removed from our active systems on the next retention cycle.

Yes. Email our privacy inbox or open the in-app chat and choose the Privacy topic. We aim to return a structured export within seven days, once we've verified the request is coming from the account holder.

When you pay through DANA, OVO, GoPay or QRIS, the provider sends us a reference token confirming the transaction. We store that token against your account, not your wallet login or card details, which the provider keeps on its side.

Material changes are announced through the in-app notification panel and through the email on your account. The version header updates and the changelog at the bottom records what shifted, so you can compare against the previous wording.

Yes. The cookie banner and your account profile both expose the analytics toggle. Switch it off and the corresponding data flow described in this policy stops within the same session — no extra request needed from our side.

Data is held inside supported regions, with primary storage configured for Indonesia readers first. If a partner integration needs to process a field outside that footprint, this policy names the partner and the field involved.