Cookies notice
The cookie page expands on the tracking section here. Both pages use the same category labels — essential, functional, analytics — so consent choices line up wherever you make them.
This is how we look after the data tied to your to388 login account. We explain what we collect when you open the lobby, what we store for...
We process your personal data only where local law permits and only inside supported regions for Indonesia. The categories we hold are limited to what your account needs: identity fields you give us at signup, device and session signals when you load the lobby, and transaction references when you fund the account via DANA, OVO, GoPay or QRIS. We do not sell
your data. We share it with payment processors and licensed auditors strictly to settle balances and meet our reporting duties. You can request access, correction or deletion of your records through the contact paths below, and we will respond within the windows set by the jurisdiction that applies to your account.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
Every clause on this page is signed off by a named privacy reviewer on our side, not an anonymous template...
We revisit the full policy once a year, and sooner if Indonesian rules shift or our processors change. The header...
We write in plain English-ID rather than legalese. If a sentence needs a defined term, we define it on the...
We keep a current list of third parties that touch your data — payment rails, KYC checkers, hosting partners. Ask...
If something goes wrong, we tell affected account holders within the legal window and explain what was exposed, what we...
Our security controls are audited by an outside firm each year. The summary letter is available on request and informs...
The cookie page expands on the tracking section here. Both pages use the same category labels — essential, functional, analytics — so consent choices line up wherever you make them.
Terms govern your account contract; this policy governs your data. Where the two overlap on identity checks, the wording is mirrored word-for-word to avoid confusion.
The KYC page lists which documents we request. This policy explains how long those documents are stored after verification and when they are purged from our systems.
Promo pages reference the marketing consent flag set here. Toggling marketing off in your account removes you from promo emails without affecting account-critical notices.
DANA, OVO, GoPay and QRIS references on the payment policy match the processor disclosures here, so the same partner names appear in both places.
Our complaints page points back to the compliance escalation path above. Both pages quote the same response windows for Indonesia account holders.
In-account cookie controls inherit the categories defined in this document. Changing a toggle there updates the consent log referenced in this policy immediately.