LEGAL REFERENCE

How We Handle Your Data at kobratoto

This is our privacy policy, written for you in plain language. We explain what account details we collect when you open kobratoto, why we keep them, and how...

Plain-language policyIndonesia-awareAccount data onlyUpdated regularlyContact us anytime
Account access Read FAQ
kobratoto How We Handle Your Data at kobratoto

Privacy Posture and Your Rights

Our privacy posture follows the data-protection rules that apply where local law permits across Indonesia and supported regions. We collect only what your account flow needs: identity references, contact channel, device fingerprint for fraud checks, and payment metadata when you link DANA, OVO, GoPay or QRIS. We do not sell your data to third parties. You can request access, correction or deletion

of your records at any time by writing to our privacy desk. Retention windows follow tax and anti-fraud obligations, after which records are purged from active systems. Consent can be withdrawn for marketing channels without affecting your core account.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Contact Paths

If a privacy clause is unclear, or you want to act on a data right, these are the channels we monitor. Each one routes straight to the privacy desk, not general support, so your request lands with the right reviewer the first time.

Team online

Privacy Inbox

Email our dedicated privacy address for access, correction or deletion requests. We acknowledge within two working days and resolve standard requests inside the statutory window where local law permits.

In-Lobby Chat

Open the chat bubble after signing in and type 'privacy' to be routed to a reviewer. Useful when your question touches account data you can already see on screen.

Postal Channel

For formal notices or legal correspondence, our registered address accepts written submissions. Include your account reference so we can match records without asking for extra identity proof later.

REVIEW SIGNALS

How We Review This Policy

This policy is not a static page. It is reviewed on a schedule and after any meaningful change in how we process your data. Here is who signs off and what we...

Legal Sign-Off

Every clause is reviewed by counsel familiar with Indonesia data-protection practice before publication, so wording reflects current obligations rather than copy-paste templates borrowed from other jurisdictions.

Quarterly Refresh

We re-read the full policy every quarter and after any product change touching account data. Version dates sit at the foot of the page so you can spot what shifted.

Payment Data Audit

DANA, OVO, GoPay and QRIS reference flows are audited separately because they involve external processors. We confirm what metadata returns to us and what stays with the wallet.

Access Logs

Staff access to your records is logged and reviewed. Only roles with a stated reason can open an account file, and the log is kept for the retention window.

Vendor Checks

Third-party tools that touch your data are vetted before onboarding and reviewed annually. If a vendor falls short, we replace them rather than weaken our posture.

Breach Drill

We rehearse breach notification steps so that, if something ever went wrong, the alert to you and to regulators would arrive within the windows that apply where local law permits.

Consistency With Our Other Policies

This privacy policy lines up with our other legal pages so you are not chasing contradictions. Here is how it sits next to the sibling documents.

Terms of ServiceDefines the account contract; this policy explains the data side of that contract.
Cookie NoticeCovers browser storage specifically; privacy policy covers the broader account record.
AML StatementIdentity checks live there; we cross-reference rather than duplicate the wording.
Payment DisclosuresWallet-specific notes for DANA, OVO, GoPay and QRIS sit alongside the relevant clause.
Marketing ConsentsOpt-in choices are mirrored in your account preferences panel for easy review.
Retention ScheduleExact retention windows are listed in a separate annex referenced from this policy.
Complaints PathEscalation steps match what the terms describe so the route is identical.
SERVICE CONTEXT

What This Policy Page Shows You

The privacy page has its own layout cues so the document is easy to navigate. These are the visible elements you'll meet as you scroll, not the policy text itself.

01
Version Stamp A date and version number sit at the top so you always know which revision you are reading. Older versions remain accessible through the archive link below the stamp.
02
Section Anchors Each clause has a stable anchor link. Copy it from your address bar to share a precise paragraph with a reviewer rather than the whole page.
03
Plain-Language Box Beside each dense clause sits a short plain-language summary. The legal wording still governs, but the summary helps you scan quickly.
04
Your Rights Panel A panel near the foot of the page lists every right you can exercise, with a one-click route to the request form. No hunting through paragraphs required.
05
Change Log A running change log shows what moved between versions, with strike-through on removed wording so nothing slips past quietly.
06
Print View A clean print stylesheet is available if you want a paper copy for your records. It strips the navigation and keeps the legal text intact.

Privacy Questions We Get Often

Identity reference, contact channel, device fingerprint for fraud checks, and payment metadata when you link DANA, OVO, GoPay or QRIS. We do not store wallet PINs or passwords used at your bank or e-wallet.

Yes. Send a deletion request to our privacy inbox and we will act on it within the statutory window where local law permits. Some records must be retained for tax or anti-fraud rules before full purge.

No. We do not sell your account or payment data. Vendors who process data on our behalf are bound by contract to the same posture and are audited before onboarding and again on an annual cycle.

Active account data stays while your account is open. After closure, retention follows tax and anti-fraud obligations, then records are purged from live systems. A separate annex lists exact windows by record type.

DANA, OVO, GoPay and QRIS metadata is handled inside a segmented environment with restricted staff access. We hold references rather than wallet credentials, so a leak at our end cannot expose your underlying wallet login.

Yes. If a breach affects your data, we notify you and the relevant regulator within the windows that apply where local law permits. The notice explains what happened, what is at risk, and what to do next.

Open your account preferences and toggle the marketing channels you no longer want. The change takes effect immediately and does not affect transactional messages such as login alerts or payment confirmations tied to your account.