LEGAL REFERENCE

How pirototo Handles Your Account Data

This is the privacy policy page for pirototo. Here we set out, in plain English, what personal data we collect when you open an account with us, why...

Plain-English policyIndonesia-focusedData choices explainedUpdated revisions datedAccount-holder rights
pirototo How pirototo Handles Your Account Data

Our Privacy Posture and Your Rights

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

Privacy Contact Paths

Team online

Privacy Desk Email

Write to our privacy team for any data access, correction or erasure request tied to your pirototo account. We acknowledge within one business day and respond fully within thirty.

In-Account Request Form

Sign in and open the privacy panel to file a structured data request. The form routes straight to our reviewer queue and timestamps your submission for the audit trail.

Live Chat for Policy Questions

Our chat agents handle policy clarifications around the clock. Ask about cookie settings, retention windows or marketing preferences and they'll route deeper queries to the privacy reviewer on duty.

PLATFORM TRUST SIGNALS

How We Review This Policy

Quarterly Policy Review

Our compliance team revisits this document every quarter against current Indonesian data rules. Any wording change is logged with a revision date so you can track what shifted between versions.

Named Data Officer

A named data protection lead signs off every published version of this policy. That person owns your requests end-to-end and is reachable through the privacy desk address listed above.

Processor Vetting

Before any vendor sees pirototo account data, we run a written assessment covering security posture, retention defaults and sub-processor lists. Vendors that fail the check do not get connected.

Encryption in Transit and Rest

Account fields, document uploads and wallet references travel over TLS and sit encrypted on our storage layer. Decryption keys are held separately from the database that holds your records.

Access Logging

Every internal lookup against your pirototo profile is logged with staff identifier and timestamp. We audit those logs monthly and act on any access that lacks a documented support ticket reason.

Breach Notification Plan

If a security incident touches your data, we follow a written notification plan with defined hours-to-disclosure. You hear from us by registered email and through an in-account banner the next time you sign in.

BENCHMARKED

Consistency Across Our Policy Pages

01

Definitions

Terms like account data, processor, retention window and wallet identifier carry the same meaning here as on our terms and cookie pages, so you don't decode jargon twice.

02

Retention Windows

The retention table on this page matches the schedule referenced in our terms of use. Where Indonesian financial law sets a minimum, that figure governs across every policy document.

03

Contact Routes

The privacy desk email, in-account form and chat path shown here are the same routes named in our terms and KYC notices, so you never chase a dead address.

04

Revision Dates

Every sibling policy carries a visible last-updated stamp. When one moves, the others are reviewed in the same cycle to keep cross-references aligned and accurate.

05

Lawful Basis

The contract and legitimate-interest grounds cited here are repeated verbatim in our cookie and marketing notices, so the basis you agreed to does not shift between screens.

06

Third Parties

Our processor list lives in one shared annex linked from this policy and from the cookie notice. Update one, the other reflects it within the same publishing window.

07

User Rights

Access, correction, export, erasure and objection rights are written identically across pages. Whichever policy you land on first, the rights paragraph reads the same way.

SERVICE CONTEXT

What This Policy Page Shows You

01
Plain-English Wording We rewrote every clause out of legalese so you can scan it on a phone screen. Defined terms appear in bold the first time and never drift in meaning further down the page.
02
Section Anchors Each policy section has a deep link in the side rail. Send a friend straight to the retention paragraph or the rights paragraph without making them scroll the whole document.
03
Revision Date Stamp The header carries a visible last-updated date. Older versions sit in our archive panel so you can compare what a clause said before this revision went live on pirototo.
04
Rights Quick-Action Row A pinned action row near the top lets you jump to the in-account request form for access, export or erasure without reading every paragraph first.
05
Glossary Tooltips Hover any defined term and a short tooltip explains it without sending you to a separate glossary page. Mobile readers get the same tooltip on tap.
06
Print-Friendly Layout Use the print button in the rail to generate a clean PDF of this policy with revision date and section numbers preserved, handy if you keep your own records.

Privacy Policy Questions

We collect your registered name, contact details, the wallet identifier you link for DANA, OVO, GoPay or QRIS, verification documents where local law permits, plus session logs needed to keep your account secure and reconcile transactions accurately.

Active account data stays with us while your profile is open. After closure, transaction records are held for the minimum period Indonesian financial rules require, then deleted or anonymised. Marketing preferences drop sooner if you withdraw consent.

Yes. Send an erasure request through the in-account form or to our privacy desk email. We confirm within one business day, then remove or anonymise records that are not held under a legal retention obligation.

No. We do not sell account data to third parties. Processors who handle data on our behalf — payment, hosting, verification — are bound by written terms and cannot use your information for their own marketing or profiling.

We date every revision at the top of the page and keep older versions in an archive panel. Material changes trigger an in-account banner the next time you sign in and a notification email to your registered address.

Write to the privacy desk before continuing to use the account. We will explain the reasoning, note your objection, and where the clause rests on legitimate interest, weigh your specific situation against ours and respond in writing.

Primary account records sit on infrastructure aligned to Indonesian data expectations. Where a processor operates outside the country, we apply written safeguards before any field leaves our environment, and the processor list is published in our annex.