LEGAL REFERENCE

Privacy Policy You Can Actually Read

This is how we handle the data you share when you open an account with punyatoto. We've kept the language plain so you can see what we collect...

Plain-English policyIndonesia-facingAccount-level controlsUpdated regularlyYour data, your call
punyatoto Privacy Policy You Can Actually Read

What We Collect and Why

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

How to Reach the Privacy Desk

Three ways to talk to us about your data, separate from general lobby support.

Privacy Email Send a written request to our privacy mailbox and we'll log it the same day. Use this for export, deletion, or correction asks tied to your punyatoto account.
In-Account Form Open your account settings and the privacy form sits under the data tab. It routes straight to the team handling Indonesia requests, so nothing gets lost in general queues.
Live Chat Escalation Start with chat in the lobby and ask for a privacy escalation. The agent will hand you to the data team and share a ticket number you can track.
REVIEW SIGNALS

How This Policy Stays Honest

Editorial and legal checks that keep the policy aligned with what actually happens inside punyatoto.

Quarterly Review

Our legal team rereads this page every quarter against the live account flow, so the wording matches what the platform...

Versioned Changes

Each update gets a date stamp at the foot of the page. Material changes trigger an in-account notice before they...

Named Owners

A named data officer signs off every revision. That person is the one your privacy emails reach, not a rotating...

Processor List

We keep an internal list of every vendor touching your data, from payment rails to anti-fraud. You can request a...

Indonesia Alignment

Wording is checked against Indonesian data rules so the rights described here match what you can actually exercise locally, not...

Reader Testing

Before we publish a revision, plain-language editors read it cold. If a sentence trips them, it gets rewritten until it...

Consistency Across Our Policy Pages

How this Privacy Policy lines up with our other legal pages so nothing contradicts.

Terms of ServiceDefines the account contract; this policy explains the data side of that contract. Both pages share the same definitions block.
Cookie NoticeCovers tracking technologies in detail. This page summarises cookies; the notice itself goes deeper into categories and durations.
AML StatementSets out identity checks. Privacy explains how the documents you submit for those checks are stored and eventually purged.
KYC NoticeLists what we verify. Privacy here explains retention windows for the verification artefacts after your account closes.
Complaints PolicyExplains escalation. If a privacy issue isn't resolved by the data desk, the complaints route picks up under the timelines published there.
Acceptable UseBehavioural rules for the lobby. Privacy clarifies what behavioural data we log to enforce those rules and how long we keep it.
Regional AddendaCountry-specific notes attach to this policy. The Indonesia addendum overrides the general text where local rules require sharper wording.
QUICK SIGNAL

What Defines This Policy Page

The visible elements we built into the policy layout so you can navigate it without scrolling blind.

01
Anchor Menu A sticky menu at the top jumps you to collection, sharing, retention and rights. On mobile it collapses into a single tap so you don't lose your place.
02
Plain Summaries Every clause opens with a one-line summary in bold before the legal detail. Read the bold lines first if you want the gist in under a minute.
03
Last-Updated Stamp The revision date sits at the top and the foot of the page. If it hasn't moved, nothing material has changed since your last visit.
04
Rights Checklist A checklist block shows the rights you can exercise — access, correction, deletion, portability — with the in-account link beside each one.
05
Contact Block The privacy contact block is repeated mid-page and at the foot, so you don't have to scroll back up once you've decided to reach out.
06
Change Log A short change log at the base lists what moved in the last three revisions, in plain sentences, so returning readers can scan the diff fast.

Privacy Questions We Hear Often

Sign-up details, verification documents, payment references for DANA, OVO, GoPay and QRIS, plus session logs from the lobby. The full list sits in the collection clause and updates whenever we add a new field.

Yes. Send the request through the in-account privacy form and we'll act within the window local law sets. Some records — financial and anti-fraud — we must keep for the retention period regulators require.

No. We don't sell your data. We share it with payment processors, identity vendors and regulators where local law permits, and only the minimum each one needs to do its job for your account.

Identity and transaction records are held for the period Indonesian financial rules require, then purged. Marketing preferences drop sooner. The retention clause lists each category with its own window so you can check directly.

Primary storage sits with vetted cloud providers in regions covered by adequacy arrangements. Backups follow the same rules. The processor summary, available through the privacy form, names the current locations.

The last-updated date moves at the top of the page. Material changes also trigger an in-account notice before they take effect, so you have time to read the diff and adjust your settings.

Escalate through the complaints policy linked in the footer. You can also reach the local data authority directly. We publish that route on the page so you don't have to hunt for it.