LEGAL REFERENCE

Our Privacy Policy, Written Plainly

This is the 100pasaran privacy policy — the document that explains what we collect when you open an account, why we hold it, and how long it stays...

Data minimisationEncrypted at restIndonesia-awareClear retentionYour access rights
See the Lobby Read FAQ
100pasaran Our Privacy Policy, Written Plainly

Policy Posture and Jurisdiction Wording

Our policy applies where local law permits and across the supported regions we serve from Indonesia. We collect the account details you give us at sign-up, the device signals your browser sends, and the payment references tied to DANA, OVO, GoPay and QRIS deposits — nothing more than we need to keep your account moving. Sensitive fields are encrypted at rest, segregated

from analytics tables, and retained only for the windows our finance and compliance obligations require. If a regulator in your supported region asks us to adjust retention or disclosure handling, we update this page and notify you inside the lobby before the change takes effect.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

24/7 SUPPORT

How to Reach Our Privacy Team

Privacy questions are handled by a dedicated desk, not the general help queue. Use any of the paths below and we'll route your message straight to the reviewer who owns that data...

Privacy Inbox Email our privacy desk directly for access requests, deletion asks, or questions about how a specific data field is used. We aim to respond inside two business days from Jakarta hours.
In-Lobby Chat Open the chat bubble after you sign in and ask for the privacy team by name. The agent escalates your ticket so it skips the general support queue and lands with a reviewer.
Data Request Form Submit a structured form when you want a copy of your account data, a correction to a field, or removal under our retention policy. Identity checks apply before we release anything.
TRUST MARKERS

Editorial Trust Signals for This Policy

This policy is reviewed on a fixed cadence and signed off by named functions inside 100pasaran before it's published. Here's how we keep it honest.

Quarterly Review

Our compliance lead re-reads the full text every quarter and checks each clause against current Indonesia data practice. Edits, however small, are dated in the changelog at the foot of this page.

Named Owners

Each data category — account, payment reference, device signal, support transcript — has a named internal owner. If you ask who handles a field, we can tell you the role responsible for it.

Plain-Language Pass

After legal drafts a clause, our editorial team rewrites it for clarity without softening the meaning. You shouldn't need a lawyer to understand what we do with your email address.

Change Log

Material updates carry a version note and a short summary of what moved. We don't quietly republish; if retention windows shift or a processor changes, you see it logged here.

Processor Register

We keep an internal register of every third-party processor touching your data, including payment rails and analytics. The register is audited annually and summarised inside this policy.

Incident Posture

If a data event affects your account, we notify you inside the lobby and by email within the window our supported-region rules require. No silent handling, no buried disclosures.

Consistency Across Our Policy Pages

This privacy policy sits alongside our terms, cookie notice and account rules. We keep the wording aligned so a clause here doesn't contradict one there.

Terms of Service
Account obligations described in our terms reference the same data categories defined here, using identical labels.
Cookie Notice
Browser-side storage is detailed in the cookie notice; this policy points to it rather than duplicating the table.
Account Rules
Identity checks mentioned in account rules follow the verification flow described in this policy's onboarding clause.
Payment Disclosures
DANA, OVO, GoPay and QRIS reference handling is explained once here and cross-linked from the payments page.
Support Charter
Transcript retention from chat sessions follows the same windows set out in this policy's retention table.
Marketing Preferences
Opt-in and opt-out controls listed here mirror the toggles inside your account settings panel.
Regional Notices
Supported-region addenda inherit definitions from this master policy and only add what local law requires.
AT A GLANCE

What Defines This Policy Page Layout

The visible elements on this page exist to make the policy scannable. Here's what each block does and why we chose to show it on the policy side...

Section Anchors A sticky anchor list runs alongside the body so you...
Inline Definitions Terms like 'device signal' or 'payment reference' carry hover definitions...
Version Stamp The header shows the current version and last-edited date. If...
Plain Summary Each long clause opens with a one-line summary in lighter...
Rights Panel A dedicated panel lists access, correction, deletion and portability rights...
Change Log Footer The footer carries every material edit since this policy first...

Privacy Policy Questions, Answered

We collect the fields you enter at sign-up — name, contact, date of birth — plus device signals from your browser and the payment reference returned by DANA, OVO, GoPay or QRIS when you fund your account.

Active account data is held while your account is open. After closure, finance and compliance windows in our supported regions require us to retain certain records for a fixed period, after which the data is deleted or fully anonymised.

Yes. Send a data request through the form linked in the support section. After we verify your identity against the account, we package your data into a readable export and deliver it within the response window stated in this policy.

We share only with processors who help run the service — payment rails, fraud checks, analytics — and only the minimum each one needs. Our processor register lists every party, and none of them resell your data onward.

Payment references are stored as tokens, not full instrument details. They sit in a segregated table with stricter access controls than general account data, and they're encrypted at rest with keys rotated on a fixed schedule.

Material changes trigger an in-lobby notice the next time you sign in and an email to the address on your account. The change log at the foot of this page also records every edit, dated and summarised.

Write to the privacy inbox first so we can investigate. If you're not satisfied with our handling, you may escalate to the data protection authority in your supported region under the rules that apply where local law permits.