Terms of Service
Defines the account contract. Privacy explains the data side of that contract; the two cross-reference each other at every clause where personal details are involved.
LEGAL REFERENCE
How We Handle Your Account Data
This is the toto90 privacy page, and it covers one thing: what we collect when you open an account with us, why we keep it, and how long...
Plain-language policyIndonesia-focusedAccount data onlyUpdated regularly
Our Privacy Posture and Your Rights
We collect the details you give us at sign-up — name, contact, payment handle — plus the activity logs your account generates while you're in the lobby. We store this on secured servers and share it only where local law permits or where a supported regions regulator requests it. You can ask us to export your record, correct a field, or close
the account entirely; we'll action that within the windows set out by Indonesian data rules. Marketing contact is opt-in and you can switch it off from your account panel any time. Cookies that keep you signed in are essential; analytics cookies are optional and listed in the cookie banner.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
PLATFORM TRUST SIGNALS
Why You Can Rely on This Policy
We review this document on a fixed cycle and flag every change to active accounts. Here's what stands behind it.
Legal Review
Each clause is checked by counsel familiar with Indonesian data protection rules before it goes live, so wording matches what regulators actually expect from a consumer brand.
Version History
Older revisions stay accessible on request. If you signed up under an earlier version, we'll show you what changed and when the new terms began applying to your account.
Named Owner
A single data protection lead signs off on this page. Requests routed to the privacy desk land on their queue rather than disappearing into a generic support inbox.
Breach Protocol
If something goes wrong on our side, we notify affected accounts inside the timeframe Indonesian law sets, with a clear note on what was exposed and the steps we're taking.
Third-Party Audit
Our storage providers carry independent security certifications. We re-check their posture annually and rotate suppliers if their controls slip below what we promise you here.
Plain Wording
We avoid legalese where we can. If a clause needs precise language, we add a short explainer underneath so you don't have to guess at the intent.
WHY THIS PLATFORM
How This Sits Beside Our Other Policies
Our policy set is written as one family — terms, cookies, AML and this privacy page all use matching definitions so nothing contradicts.
Cookie Notice
Lists every tracker we set. Privacy covers what happens to the data those cookies generate once it reaches our servers and joins your account record.
AML Statement
Covers identity verification duties. Privacy explains how long we hold the documents you submit and which staff roles can open them.
Promo Terms
Sit under marketing consent. If you opt out of marketing here, promo eligibility narrows but core account access is unaffected.
Complaints Policy
Routes disputes. Privacy complaints follow the same escalation ladder but land with the data lead rather than general operations.
Account Closure
Triggers retention countdown. Privacy sets the clock on how long closed-account data stays before it's purged from active systems.
Regional Notices
Where supported regions add extra rights, we surface them in addenda that sit alongside this page rather than overwriting the main text.
What You'll See on This Policy Page
The privacy page is built so you can find the answer fast. Below are the elements that shape its layout.
Clause Anchors
Each section has a deep link so you can share a specific clause rather than the whole page. Useful when you're asking us about one paragraph and not the rest.
Last-Updated Stamp
A date sits at the top of every revision. If we change anything material, the stamp moves and active accounts get a notice in their inbox the same day.
Glossary Box
Terms like processor, controller and retention window are explained inline. You don't need a legal background to understand who does what with your account record.
Request Forms
Embedded forms for export, correction and deletion sit at the foot of the page. Submit directly without drafting an email or quoting clause numbers.
Region Toggle
If you're in a supported region with extra rights, toggle the view to surface the addenda that apply to your account specifically.
Print View
A clean print layout strips navigation so you can keep a paper copy of the policy version that applied when you signed up.
Common Privacy Questions
We hold the sign-up details you give us, the payment handle you link, and the activity logs your account generates. Nothing outside that scope is stored against your record on our side.
Yes. Submit a deletion request through the privacy desk and we'll action it inside the window Indonesian law sets, after any retention duties tied to financial records have run their course.
Retention periods follow Indonesian financial and tax rules. Once those windows expire we purge the record from active systems; archived copies are encrypted and access-limited until they're destroyed.
Only with processors that run essential parts of our service — payments, identity checks, hosting — and only where local law permits. We don't sell your data to advertisers or list brokers.
Open the account panel, find the communications toggle, and switch marketing off. The change applies immediately. Transactional emails about your account stay on because they're not marketing.
We follow a fixed protocol: contain, assess, notify. Affected accounts hear from us inside the timeframe Indonesian regulators require, with specifics on what was exposed and our next steps.
Check the last-updated stamp at the top of the page. Every material change triggers an inbox notice to active accounts so you don't have to recheck the page on your own schedule.