Privacy Policy You Can Actually Read
This is how we handle the data you share when you open an account with punyatoto. We've kept the language plain so you can see what we collect...
What We Collect and Why
We collect the details you give us at sign-up — name, contact, date of birth — plus the device and session data your browser sends when you load the lobby. Payment references tied to DANA, OVO, GoPay and QRIS are stored only to confirm transactions and resolve disputes. We don't sell your data. We share it with processors and regulators where local
law permits, and only to the extent needed to keep your account working in supported regions. You can ask us to export or delete your record at any time, and we'll respond inside the window your jurisdiction sets for us.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
How to Reach the Privacy Desk
Three ways to talk to us about your data, separate from general lobby support.
How This Policy Stays Honest
Editorial and legal checks that keep the policy aligned with what actually happens inside punyatoto.
Quarterly Review
Our legal team rereads this page every quarter against the live account flow, so the wording matches what the platform...
Versioned Changes
Each update gets a date stamp at the foot of the page. Material changes trigger an in-account notice before they...
Named Owners
A named data officer signs off every revision. That person is the one your privacy emails reach, not a rotating...
Processor List
We keep an internal list of every vendor touching your data, from payment rails to anti-fraud. You can request a...
Indonesia Alignment
Wording is checked against Indonesian data rules so the rights described here match what you can actually exercise locally, not...
Reader Testing
Before we publish a revision, plain-language editors read it cold. If a sentence trips them, it gets rewritten until it...
Consistency Across Our Policy Pages
How this Privacy Policy lines up with our other legal pages so nothing contradicts.
| Terms of Service | Defines the account contract; this policy explains the data side of that contract. Both pages share the same definitions block. |
|---|---|
| Cookie Notice | Covers tracking technologies in detail. This page summarises cookies; the notice itself goes deeper into categories and durations. |
| AML Statement | Sets out identity checks. Privacy explains how the documents you submit for those checks are stored and eventually purged. |
| KYC Notice | Lists what we verify. Privacy here explains retention windows for the verification artefacts after your account closes. |
| Complaints Policy | Explains escalation. If a privacy issue isn't resolved by the data desk, the complaints route picks up under the timelines published there. |
| Acceptable Use | Behavioural rules for the lobby. Privacy clarifies what behavioural data we log to enforce those rules and how long we keep it. |
| Regional Addenda | Country-specific notes attach to this policy. The Indonesia addendum overrides the general text where local rules require sharper wording. |
What Defines This Policy Page
The visible elements we built into the policy layout so you can navigate it without scrolling blind.