Reference

How koytoto Protects Your Personal Data

At koytoto, your personal data is handled with a clear set of rules — what we collect, why we collect it, and how long we keep it are…

Encrypted account storageDANA, OVO, GoPay & QRIS data handled securelyData retained only as long as requiredYour right to access or delete data24/7 privacy support channel
koytoto How koytoto Protects Your Personal Data
REACH OUR PRIVACY TEAM

How to Contact Us About Your Data

If you have a question about how your personal information is used, want to request a copy of your data, or need to ask us to delete a record, our privacy support team is available around the clock. You can reach us through live chat directly inside your account dashboard, by email at the address listed in your welcome message, or through our 24-hour WhatsApp line. We aim to acknowledge all privacy requests within 24 hours and resolve them within seven business days.

Team online

Live Chat

Reach our privacy team through the chat widget inside your account dashboard — available every hour of the day, seven days a week, with no hold queues.

Email Support

Send a detailed data request or deletion inquiry to our privacy email address. We aim to confirm receipt within 24 hours and fully resolve your request within seven business days.

WhatsApp Line

Our 24-hour WhatsApp support line handles privacy questions alongside account and payment queries — useful if you need a quick acknowledgment before following up by email.

DATA HANDLING PRACTICES

Six Ways We Keep Your Information Safe

From the cookie layer on our web pages to the encryption wrapping your QRIS transaction references, every stage of data handling at koytoto follows a documented practice.

End-to-End Encryption

All account credentials and payment data — including your linked DANA and GoPay identifiers — are encrypted in transit and at rest using industry-standard protocols. No plain-text payment strings are stored on our servers.

Cookie Policy

We use session cookies to keep you logged in and analytics cookies to understand how pages perform. You can manage cookie preferences in your browser settings at any time; disabling analytics cookies does not affect account functionality.

Account Security Steps

Two-step login verification is available from your account security page. We strongly encourage you to enable it — especially if your account is linked to a DANA or OVO wallet, where an extra verification layer reduces exposure.

Data Retention Periods

Transaction records are kept for the period required under applicable Indonesian financial regulations, after which they are purged from active storage. Account profile data is deleted within 30 days of a verified account-closure request.

Third-Party Sharing Limits

We share data only with payment processors (DANA, OVO, GoPay, QRIS networks) and identity-verification partners strictly necessary to operate your account. No marketing data brokers or unrelated advertisers receive your information.

Your Rights and How to Exercise Them

You have the right to access, correct, or request deletion of your personal data. Submit a request via live chat or email and our privacy team will verify your identity before actioning anything — typically within seven business days.

Common Questions About Our Privacy Policy

The questions below are the ones our privacy team hears most often from account holders in Indonesia. If your question is not covered here, reach us through live chat or email and we will respond within 24 hours.

We collect your name, email address, phone number, and the payment instrument you register — such as your DANA wallet or OVO account number. We do not collect more than is necessary to verify your identity and process transactions.

Payment identifiers linked to DANA, GoPay, OVO, or QRIS are encrypted before storage and are never held in plain text. Our payment processors operate under their own data-security obligations, and we share only the minimum data required to complete a transaction.

Yes. Submit a data-access request via live chat or to our privacy email address. We will verify your identity first, then deliver a structured summary of your account and transaction data within seven business days.

Send a deletion request through live chat or email. Once we confirm your identity, account-profile data is removed within 30 days. Transaction records required under Indonesian financial regulations are retained for the legally mandated period before purging.

No. We do not sell or transfer your data to advertisers or data brokers. Data is shared only with payment networks such as DANA, OVO, GoPay, and QRIS, and with identity-verification partners, solely to operate your account.

We use session cookies for login continuity and analytics cookies to measure page performance. You can disable analytics cookies in your browser settings at any time. Doing so does not affect your ability to log in or make deposits.

The policy applies uniformly across Indonesia — whether you access the platform from Denpasar or elsewhere. Some account features depend on local law, but the data-protection rules described here apply to every account without exception.