Reference

How toketbagus.com Handles Your Personal Data

At toketbagus.com, your personal information — from account registration details to payment records via DANA, OVO, GoPay and QRIS — is collected, stored and used only in ways…

Data encrypted in transit and at restDANA, OVO, GoPay & QRIS transaction records protectedYou can request data access or deletionPolicy applies to all accounts including Jakarta usersContact our privacy team within 2 business days response
toketbagus.com How toketbagus.com Handles Your Personal Data
PRIVACY CONTACT PATHS

How to Reach Our Privacy Team

If you have a question about how we process your data, want to request a copy of the information we hold, or need to report a suspected breach, our privacy support team is reachable through three channels seven days a week. Response times for privacy-related requests are within two business days; urgent security concerns are escalated immediately. Whether you are in Surabaya or anywhere else in Indonesia, the same contact paths apply to all accounts.

Team online

Live Chat

Start a privacy-specific chat from your account dashboard. Available 08.00–24.00 WIB daily. Use the subject line 'Privacy Request' and our team will prioritise your case within two business hours.

Email Support

Send your data access, correction or deletion request to our privacy email address listed in your account settings. Include your registered phone number so we can verify ownership before processing any changes.

In-App Ticket

Submit a formal privacy ticket directly through the Help section of your account on desktop or mobile. You will receive an automated reference number and a human follow-up within two business days.

HOW WE PROTECT YOU

Our Data Handling and Security Practices

Every measure listed below is applied consistently across all toketbagus.com accounts, regardless of which payment channel — DANA, OVO, GoPay or QRIS — you use.

End-to-End Encryption

All data transmitted between your device and our servers uses TLS 1.3 encryption. This applies to account login, payment submissions via DANA or OVO, and any document uploads you make during verification.

Cookie Policy

We use session cookies to keep you logged in and analytics cookies to understand how pages are used. You can manage cookie preferences from the settings menu in your account. We do not use cookies to build advertising profiles.

Account Security Controls

Two-factor authentication is available for all accounts and we encourage you to enable it. Suspicious login attempts from unrecognised devices trigger an automatic email alert to your registered address within minutes.

Data Retention Rules

We retain your personal data for as long as your account is active and for five years after closure, as required for financial audit purposes. After that period, data is deleted or anonymised from our live systems.

Third-Party Data Sharing

We share data only with payment processors — DANA, OVO, GoPay, QRIS — and our fraud-detection partners. Each third party is contractually bound to use your data solely for the service they provide to us.

Your Rights and How to Exercise Them

You have the right to access, correct or delete the personal data we hold. Submit a request through live chat or the in-app ticket system and we will respond within two business days. Eligibility for certain requests depends on local law.

Privacy Policy Questions We Hear Most

The questions below cover what data we collect, how long we keep it, what your rights are, and how to exercise them. If your question is not here, open a ticket through your account dashboard and our privacy team will respond within two business days.

We collect your name, email address, phone number and, where local law permits, identity documents. We also record device identifiers and session data to protect your account against unauthorised access attempts.

We store transaction metadata — amounts, timestamps and channel references — but we do not store your full payment credentials. Those are handled directly by the respective payment processor under their own security protocols.

We retain your account data for five years after closure to meet financial audit requirements. After that retention window, your personal data is either permanently deleted or anonymised so it can no longer be linked to you.

Yes. Submit a data access request via live chat or the in-app ticket system. Include your registered phone number for identity verification. We will deliver your data summary within two business days of confirming your identity.

Use the in-app Help ticket or email our privacy team from your registered email address. State clearly that you want a full data deletion. We will confirm the request and complete deletion within the timeframe required by local law.

No. We do not build advertising profiles or share your data with ad networks. Analytics cookies we use are for internal performance monitoring only and do not identify you to any third-party advertising platform.

Contact us immediately via live chat, available 08.00–24.00 WIB. Our team will freeze suspicious activity, review access logs and escalate to our security unit. We aim to respond to reported breaches within one business hour.