Reference

How oppatoto Handles Your Personal Data

At oppatoto, every piece of information you share — from account registration details to payment records via DANA, OVO, GoPay and QRIS — is handled under a clear…

Data encrypted at rest and in transitDANA, OVO, GoPay & QRIS transaction records securedAccount access logs retained per policyYou may request data deletion at any timeSupport available 07:00–23:00 WIB
oppatoto How oppatoto Handles Your Personal Data
REACH OUR PRIVACY TEAM

Open a Privacy Request Through These Channels

Our dedicated privacy support team is reachable seven days a week from 07:00 to 23:00 Western Indonesia Time. Whether you are in Bandung or anywhere else across the archipelago, you can submit a data access request, correction notice or deletion request through any of the channels below, and we aim to respond within 3 business days.

Team online

Live Chat

Start a live chat session directly from your account dashboard between 07:00 and 23:00 WIB. Our privacy team handles data access and deletion requests through this channel with average response under 10 minutes.

Email Privacy Request

Send your written data request to our privacy address listed in the account settings page. Include your registered email and the nature of your request; we aim to confirm receipt within 24 hours and resolve within 3 business days.

Account Settings Portal

Log in, navigate to Settings, then select Privacy Controls. From there you can download a copy of your stored data, update consent preferences, or submit a formal deletion request — no need to contact support for standard changes.

HOW WE PROTECT YOU

Explore Our Data Handling and Security Practices

We apply layered security controls across every data touchpoint — from the moment you enter your details on the registration form to the moment a DANA or OVO withdrawal confirmation is logged.

Encryption Standards

All data in transit between your device and our servers uses TLS 1.2 or higher. Stored records — including QRIS and GoPay transaction logs — are encrypted using AES-256. Your login credentials are hashed and never stored in plain text.

Cookie Policy

We use functional cookies to keep your session active, analytical cookies to understand which pages you visit most, and preference cookies to remember your language and payment method settings. You can manage cookie consent from the banner on your first visit or via browser settings at any time.

Account Security Controls

Two-step verification is available on every account and we strongly recommend enabling it after your first login. Suspicious login attempts from unrecognised devices trigger an automatic email alert so you can act immediately, even if you are not actively monitoring your account.

Data Retention Schedule

Account data is retained for the duration of your active account plus five years after closure, as required for financial record-keeping. Identity verification documents are purged 12 months after account closure unless retention is required under applicable Indonesian regulation.

Your Right to Access and Correct

You may request a full export of the personal data we hold on you at any time via the Account Settings portal or by emailing our privacy address. Correction requests for inaccurate information are processed within 5 business days of verification.

Third-Party Data Sharing Limits

We share data only with payment processors handling DANA, OVO, GoPay and QRIS transactions, identity-check providers, and authorities where Indonesian law requires disclosure. Each third party signs a data-processing agreement before receiving any of your information.

Switch to the Answer You Need

Below are the questions we receive most often about how we handle your data at oppatoto. Each answer is specific to our platform — not generic legal boilerplate — so you know exactly what applies to your account.

We collect your full name, email address, phone number, date of birth and identity document details at registration. Payment method details for DANA, OVO, GoPay and QRIS are processed by our payment partners and stored as encrypted references, not raw account numbers.

Account data is kept for five years after closure to meet Indonesian financial record-keeping requirements. Identity documents are deleted 12 months after closure unless a legal hold applies. You will receive a confirmation email when scheduled deletion is complete.

Yes. Log in, go to Settings, and select Privacy Controls to download a structured export of your personal data. Alternatively, email our privacy team and we aim to deliver your data package within 5 business days of identity verification.

We may share data with payment processors and identity-verification providers, some of whom operate internationally. All cross-border transfers are covered by contractual data-processing agreements. We do not sell your data to advertisers or unrelated third parties under any circumstances.

Navigate to Account Settings and edit your profile details directly for most fields. For identity document corrections, contact us via live chat between 07:00 and 23:00 WIB with your updated document; our verification team will process the change within 5 business days.

We use session cookies to keep you logged in, analytical cookies to measure page performance, and preference cookies to remember settings like your saved DANA or OVO payment method. Manage or withdraw cookie consent at any time through the cookie banner or your browser settings.

Transaction references and timestamps for DANA and GoPay are retained and made available to you and our payment partners during a dispute. Records are accessible via your account transaction history and can be provided in a formal export if you open a dispute case with our support team.