Reference

How meraktoto Protects Your Personal Data

At meraktoto, your personal data — from account registration details to payment activity via DANA, OVO, GoPay and QRIS — is handled under a clear, documented privacy framework…

Data encrypted at rest and in transitDANA, OVO, GoPay & QRIS transaction privacyYour right to access and delete dataNo data sold to third parties24/7 privacy contact channel
meraktoto How meraktoto Protects Your Personal Data
PRIVACY CONTACT PATHS

How to Reach Our Privacy Team

If you want to review, correct, or remove personal data held on your meraktoto account, three direct channels are available around the clock. Our privacy team responds to data-related requests within 48 hours on business days, and all communications are handled by trained staff — not automated scripts. Whether your question concerns a GoPay transaction record or a stored device identifier, we aim to resolve it in one contact.

Team online

Live Chat — Privacy Requests

Open the chat widget inside your account dashboard any time, day or night. State that your message is a privacy request; a specialist will pick it up within 2 hours during 07:00–23:00 WIB.

Email — Data Subject Requests

Send a written request to our privacy address. Include your registered email and the specific data you are asking about — such as a DANA deposit record or stored login history. We respond within 48 business hours.

In-Account Privacy Centre

Navigate to Settings → Privacy Centre on the meraktoto dashboard. From there you can download a copy of your stored data, update marketing preferences, or submit a deletion request without contacting support.

DATA HANDLING STANDARDS

Six Ways We Handle Your Data Responsibly

Every operational decision at meraktoto that touches your personal information follows a set of concrete practices — not abstract promises.

End-to-End Encryption

All data you transmit — account credentials, QRIS payment confirmations, session tokens — travels over TLS 1.3. At rest, your records are encrypted with AES-256 so stored files are unreadable without your account key.

Cookie Controls You Own

We use functional cookies to keep your session active and analytics cookies to understand lobby performance. You can review and withdraw consent for non-essential cookies at any time via the cookie banner or Settings → Privacy Centre.

Payment Data Minimisation

When you deposit via DANA or GoPay, we pass only the transaction reference and amount to the payment processor — never your full account credentials. Card or wallet details are not stored on our servers after a transaction completes.

Account Security Alerts

Any new device login or password change on your meraktoto account triggers an immediate notification to your registered email. If you did not initiate the action, a one-tap account freeze link inside that email lets you lock access instantly.

Data Retention Schedule

Transaction logs are kept for the period required by applicable financial regulations, then permanently deleted. Profile data you have not edited in over 36 months is flagged for review, and you will receive an email before any scheduled deletion.

Right to Erasure

You may request full deletion of your personal data at any time through Settings → Privacy Centre or by email. We process erasure requests within 14 business days, and we will confirm completion in writing — availability depends on local law.

Common Privacy Questions from meraktoto Account Holders

The questions below are the ones our privacy team receives most often. If your question is not listed here, use Settings → Privacy Centre or reach our live chat channel between 07:00 and 23:00 WIB for a direct answer.

We collect your name, email address, registered mobile number, and a government-issued ID for identity verification. We also log your device type, browser identifier, and the IP address used at login — all stored under AES-256 encryption.

No. Once a DANA or OVO deposit or withdrawal clears, we retain only the transaction reference number and amount for our records. Your wallet credentials and account numbers are not stored on our servers after the payment completes.

Go to Settings → Privacy Centre inside your account dashboard and select 'Download My Data'. The file — containing login history, transaction references, and profile information — is ready within 24 hours and delivered to your registered email.

Yes. Submit a deletion request through Settings → Privacy Centre or by email to our privacy address. We complete erasure within 14 business days and send written confirmation. Availability of full erasure depends on local law and active transaction holds.

Only staff whose role requires it — identity verification, payment disputes, and fraud prevention teams. Access is logged, audited quarterly, and governed by internal data-access agreements. No marketing or third-party sales teams have access to your account data.

We use strictly necessary cookies to keep your session alive and optional analytics cookies to measure lobby performance. You can withdraw consent for non-essential cookies any time via the cookie banner at the bottom of the page or through Settings → Privacy Centre.

Use the freeze link in the security alert email to lock your account immediately, then contact us via live chat (07:00–23:00 WIB) or email. Our security team will audit your login history and GoPay or QRIS transaction logs within 4 business hours.