Reference

How sangtoto Protects Your Personal Data

Your personal data — from your account details to your transaction history with DANA, OVO, GoPay and QRIS — is handled with clear, documented rules at sangtoto.

Data Collected TransparentlyDANA, OVO, GoPay & QRIS Transactions CoveredYour Right to Access & DeleteIndonesia-Based Data HandlingContact Us to Update Your Data
sangtoto How sangtoto Protects Your Personal Data
PRIVACY CONTACT PATHS

How to Reach Us About Your Privacy Rights

If you want to review, correct or remove your personal data, our support team is available every day from 07:00 to 23:00 WIB across three direct channels. You can expect a written response to any privacy request within two business days. Whether you are in Semarang or anywhere else in Indonesia, the same contact options apply to all accounts.

Team online

Live Chat

Open the live chat window inside your account dashboard — available daily from 07:00 to 23:00 WIB. Type 'Privacy Request' to route your message directly to our data team for a faster response.

Email Support

Send a detailed privacy request to our support email address. Include your registered account name and the specific data you wish to access, correct or remove. We aim to respond within two business days.

In-Account Form

Navigate to Account Settings, then select 'Privacy & Data' to submit a structured request form. This path gives you a reference number so you can track the status of your data request at any time.

HOW WE HANDLE DATA

Six Ways We Keep Your Data Secure and Honest

From the moment you open your account to the point you request deletion, every step in our data lifecycle follows a documented process.

Cookie Policy

We use session cookies to keep you logged in and analytics cookies to understand page performance. We do not place third-party advertising cookies. You can clear or block cookies through your browser settings at any time without losing your account data.

Account Security

Passwords are stored as salted hashes — we cannot read your raw password. We recommend enabling two-factor authentication from Account Settings to add a second verification layer each time you log in from a new device.

Data Retention

Active account data is kept for the life of your account plus the period required by Indonesian financial regulation. Once you request deletion and your balance is zero, we begin the removal process within 14 calendar days for non-regulated fields.

Payment Data Handling

When you transact via DANA, OVO, GoPay or QRIS, only the minimum required identifiers pass to the payment processor. We do not store your full e-wallet credentials on our servers — only a tokenised reference for your transaction record.

Who Can Access Your Profile

Internal access to personal data is role-restricted. Only account operations staff and compliance personnel — not marketing or product teams — can view individual account records, and every access event is logged with a timestamp.

Requesting Changes

You can request a copy of your data, correct inaccurate details, or ask us to erase your profile by contacting support via live chat, email or the in-account Privacy form. All requests are acknowledged with a case reference number.

Your Privacy Questions About sangtoto

Below are the questions we hear most often about how we collect, store and use your personal data. If your question is not covered here, reach out via live chat between 07:00 and 23:00 WIB and our data team will respond in writing within two business days.

We collect your name, email address, phone number and the payment method you register — such as DANA, OVO, GoPay or QRIS. We also log device type and session timestamps to protect your account from unauthorised access.

We share data only with payment processors who handle your DANA, OVO, GoPay or QRIS transactions, and only the minimum fields they need. We do not sell your personal information to advertisers or unrelated third parties under any circumstances.

We retain active account data for the life of your account plus the period Indonesian financial regulation requires. After you request deletion and your balance reaches zero, non-regulated data fields are removed within 14 calendar days.

Yes. Submit a data access request through Account Settings under 'Privacy & Data', or contact our support team by email. We will send you a structured copy of your data within the timeframe local law permits.

Open the Privacy form inside Account Settings or message us via live chat. Confirm your registered email and a zero account balance, and we will begin the deletion process within 14 days for all fields not subject to mandatory Indonesian retention rules.

We use session cookies for login continuity and analytics cookies for site performance. No third-party advertising cookies are placed. You can disable non-essential cookies in your browser settings without affecting your account login or transaction history.

We store only a tokenised transaction reference — not your full GoPay or QRIS credentials. The actual payment processing happens on the provider's encrypted infrastructure, and our servers never hold your raw e-wallet login details.