LEGAL REFERENCE

How extoto Handles Your Account Data

This is the extoto privacy policy, written for Indonesia visitors who want a clear picture of what we collect, why we keep it, and how long it stays...

Plain-language policyIndonesia-focusedMobile-friendly readUpdated regularlyAccount-side clarity
Browse the Lobby Read FAQ
extoto How extoto Handles Your Account Data

Our Privacy Posture and Jurisdiction

We collect the details you give us at sign-up — name, contact handle, date of birth — plus the device and session signals our lobby needs to keep your account secure. Where local law permits, we hold that data only as long as your account is active or regulation tells us to retain it. Payment references tied to DANA, OVO, GoPay or

QRIS are stored as transaction tokens, not raw wallet credentials. You can ask us to export, correct or erase your record at any time, and we'll act on that request inside the windows our supported regions require.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

Privacy Contact Paths You Can Use

Privacy Inbox Email our privacy desk directly when you want...
In-Lobby Chat Open the chat bubble inside your account area...
Account Settings Your privacy controls — marketing toggles, session logging...
WHY VISITORS TRUST US

Editorial Trust Behind This Policy

Reviewed by Counsel

Every clause in this privacy policy is checked by legal counsel familiar with Indonesia data rules before it goes live...

Versioned Changes

We log every edit to this policy with a date stamp and a short note. If a clause about retention...

Named Owners

The privacy policy has named internal owners, not an anonymous committee. That means escalations about your data reach a person...

Plain Language

We rewrite legalese into readable English so you don't need a lawyer to understand what extoto keeps. Where a technical...

Independent Audits

Our data handling is reviewed against external benchmarks each cycle. Audit findings feed back into this policy, which is why...

Indonesia-Aware

Clauses are calibrated for Indonesia visitors first, including how DANA, OVO, GoPay and QRIS references are tokenised and how local...

Consistency Across Our Policy Pages

Terms of ServiceThe terms page governs account conduct; this privacy policy governs data. Where they overlap on account closure, both pages point to the same retention window.
Cookie NoticeOur cookie notice details browser-side trackers. This privacy policy references it for session signals so you don't read conflicting retention numbers between pages.
KYC StatementIdentity verification rules sit in the KYC statement. This page mirrors its language on document storage so the two never disagree about how long IDs are kept.
Marketing PreferencesEmail and push opt-ins live in your account settings. This policy describes the legal basis; the preference page handles the toggles, and both reference the same channels.
Complaints PathThe complaints page lists escalation steps. This policy points to it for privacy-specific disputes so you don't have to guess which channel reaches a reviewer.
Data Export PageSubject access requests are filed through the export page. The format, timing and verification described there match what this privacy policy commits to.
Security NotesOur security notes describe encryption and storage. This policy summarises the same controls in plainer language without contradicting the technical detail there.

Brand Elements Around This Policy

Clause Anchors

Each section of the policy has a deep-link anchor so you can share a specific clause with our team or save it for your records without scrolling the whole document.

Last-Updated Stamp

A visible date sits at the head of the policy. When wording shifts, the stamp moves and a short change note appears beside it so the edit is never silent.

Inline Definitions

Tooltips on terms like processor, controller and retention window let you read this policy without bouncing to a glossary tab on your phone.

Print View

A print-friendly layout strips navigation and badges so you can save a clean PDF of the privacy policy for your own records or compliance file.

Mobile Reflow

The policy reflows for narrow screens so clauses stay readable when you check it from the same phone you use to open the lobby.

Cross-Linked Footers

Every clause that touches another policy carries a footer link to that page, keeping your reading path tight when one rule depends on another.

Privacy Questions We Hear Most

We collect the identity details required at sign-up, your contact handle, and session signals our lobby uses to keep the account secure. Payment references tied to DANA, OVO, GoPay or QRIS are stored as tokens.

Your record stays with us while the account is active and for the retention window local law sets after closure. Where supported regions require shorter windows, we follow the shorter rule and document it inside this policy.

Yes. Send an erasure request through the privacy inbox or in-lobby chat. We'll verify the account, action the deletion within the legal window, and confirm in writing once the record has been cleared from our systems.

We share only what processors need to run your account — payment routing, identity checks, fraud signals. Each processor is bound by contract to handle your data on the same terms this privacy policy commits to.

Wallet credentials never sit on our servers in raw form. We hold transaction tokens issued by the payment partner, which means a database event would not expose your DANA, OVO, GoPay or QRIS account itself.

The last-updated stamp at the head of the page moves whenever wording shifts, and a short note explains what changed. Material changes also trigger an in-account message before the new clauses take effect.

A named privacy team owns this policy, supported by legal counsel familiar with Indonesia data rules. Escalations from the inbox or chat route to that team directly rather than sitting in a general support queue.