Reference

Explore How rupiahtoto Protects Your Personal Data

At rupiahtoto, your personal data — from account registration details to transaction records processed through DANA, OVO, GoPay and QRIS — is handled with clear, documented practices you…

Data encrypted at rest and in transitDANA, OVO, GoPay & QRIS transaction privacyYour right to access and delete data24/7 privacy support channelIndonesia-based data handling practices
rupiahtoto Explore How rupiahtoto Protects Your Personal Data
PRIVACY CONTACT PATHS

Start a Privacy Request Through These Channels

Live Chat — 24/7 Reach our privacy team directly through the live chat widget on rupiahtoto.today. Available around the clock, our agents can log a data-access or deletion request on your behalf within minutes of contact.
Email Privacy Desk Send a written data request to our dedicated privacy email address listed in your account settings panel. We aim to acknowledge every email within 24 hours and resolve requests within 14 working days.
Account Settings Portal Log into your rupiahtoto account, open Settings, and select Data & Privacy to submit a self-service data download or deletion request without waiting for an agent.
DATA HANDLING STANDARDS

See How We Handle Cookies, Security and Retention

rupiahtoto uses a layered approach to data security: all account credentials are hashed using industry-standard algorithms, session tokens expire after periods of inactivity, and payment data flowing through DANA, OVO, GoPay and…

Cookie Controls

We use session cookies for authentication and analytics cookies to understand lobby navigation patterns. You can manage or withdraw cookie consent at any time through the cookie preference panel in your account footer.

Account Security Practices

Passwords are stored as salted hashes and never in plain text. Two-factor authentication is available on your account settings page and we strongly encourage you to activate it to protect your data.

Payment Data Isolation

Transaction data from DANA, OVO, GoPay and QRIS is tokenised before storage. We retain only a transaction reference and timestamp — not your full wallet credentials or bank details.

Data Retention Schedule

Account activity logs are retained for the minimum period required under Indonesian financial and anti-fraud regulations. After this period, data is anonymised automatically and cannot be linked back to your identity.

Your Data Access Rights

You may request a full export of the personal data we hold on you at any time via the Account Settings portal or by contacting our privacy desk. Exports are delivered within 14 working days in a portable format.

Third-Party Sharing Limits

We share data with payment processors, fraud-detection services and server infrastructure providers only under strict data-processing agreements. We do not share your personal data with advertising networks or data brokers.

Check the Answers to Your Privacy Questions

The questions below reflect what you've asked us most often about how rupiahtoto collects, stores and processes your personal information. If your question isn't covered here, open a live chat session and our privacy team will respond within the hour.

We collect your name, email address, phone number and the device identifiers your browser sends. If you deposit via DANA, OVO, GoPay or QRIS, we also log a tokenised payment reference and transaction timestamp — never your full wallet credentials.

We use your data to operate your account, process deposits and withdrawals, detect fraud, and send you service notifications. We do not use your data for third-party advertising or sell it to data brokers under any circumstances.

Yes. Log into your account, navigate to Settings, then Data & Privacy, and submit a data-export request. Alternatively, email our privacy desk and we will deliver a portable data file within 14 working days of your request.

Submit a deletion request through the Data & Privacy section of your account settings or via our 24/7 live chat. We process deletions within 14 working days, subject to any retention obligations required by Indonesian financial regulations.

Only with payment processors such as DANA, OVO, GoPay and QRIS networks, fraud-screening services, and server infrastructure providers — all under binding data-processing agreements. Access to data depends on local law and regulatory requirements.

Transaction records are retained for the minimum period required under applicable Indonesian financial and anti-fraud regulations. Once that period ends, records are anonymised automatically so they can no longer be linked to your identity or account.

We store passwords as salted hashes, expire inactive session tokens automatically, and offer two-factor authentication from your account settings page. Payment data from DANA, OVO, GoPay and QRIS is tokenised before any storage on our servers.