Reference

How jeptoto Protects Your Personal Data

Your personal data — from account registration details to payment records via DANA, OVO, GoPay and QRIS — is handled under a clear, documented privacy framework that we…

Encrypted account storageDANA, OVO, GoPay & QRIS transaction privacyData access on requestNo third-party data salesJakarta & Surabaya region coverage
jeptoto How jeptoto Protects Your Personal Data
PRIVACY CONTACT

Reach Us About Your Privacy Rights

If you want to access, correct or delete data we hold about you, our privacy team is reachable through three direct channels.

Live Chat Available 24 hours a day, 7 days a week through the chat widget on…
Email Privacy Team Send data-access, correction or deletion requests to our dedicated privacy address.
Account Settings Panel Log in, go to Account › Privacy, and submit a data-export or data-deletion request…
DATA HANDLING STANDARDS

Six Ways We Safeguard Your Information

We have structured our data practices around six concrete commitments that cover everything from how cookies work on jeptoto.xyz to how long we keep payment logs.

Encryption at Rest and in Transit

All account data and payment records — including DANA and OVO transaction references — are encrypted using AES-256 at rest and TLS 1.3 in transit. No plaintext personal data is written to any unencrypted storage layer.

Cookie Controls You Own

The cookie banner on jeptoto.xyz lets you accept only functional cookies and reject analytics or marketing cookies entirely. Your choice is saved to your session and respected on every return visit without re-prompting unnecessarily.

Payment Data Tokenisation

When you transact via GoPay or QRIS, we store only a tokenised reference, never the full account number or wallet credential. Our payment processor handles authentication; we receive only a confirmation token tied to your jeptoto account ID.

Retention Schedules by Data Type

Identity data is held for the life of your account plus a post-closure window required by applicable rules. Transaction logs are kept for the period mandated by financial record-keeping requirements, after which they are permanently deleted on a scheduled basis.

Third-Party Data Sharing Limits

We share data only with service providers directly required to operate your account — payment processors, fraud-detection services and our hosting infrastructure. We do not sell, rent or trade your personal data to advertisers or data brokers under any circumstance.

Your Right to Request Account Data

You can request a full export of the data we hold on you at any time through Account › Privacy or by emailing our privacy team. Exports are delivered within 14 business days in a structured, machine-readable format.

Answers to Common Privacy Questions

The questions below reflect what people in Indonesia most commonly ask us about their data rights, how we handle payment information and what happens when they close an account. If your question is not covered here, our live chat team — available around the clock — can give you a direct answer tied to your specific account situation.

At registration we collect your name, date of birth, email address and the payment method you link first — such as DANA or OVO. We do not collect more than we need to verify your identity and process transactions accurately.

No. When you connect a DANA or GoPay wallet, authentication happens on the provider's own interface. We receive only a tokenised reference, so your wallet login details are never held on our servers at any point.

We retain transaction logs — including QRIS and OVO payment records — for the period required by applicable financial record-keeping rules. Once that period ends, records are deleted on a scheduled cycle and cannot be recovered.

Yes. Log in and go to Account › Privacy to submit a data-export request, or email our privacy team directly. We deliver a structured data file within 14 business days of confirming your identity.

Submit a deletion request through Account › Privacy or via email. We process it within 14 business days. Some transaction records may be retained for the period mandated by applicable rules even after deletion of your account profile.

We do not sell or share your data with advertisers or data brokers. Data is shared only with the payment processors, fraud-detection services and infrastructure providers that are necessary to run your account and process payments.

Contact us immediately through live chat on jeptoto.xyz — available 24 hours a day — and request an account lock. Our team will investigate, reset access credentials and confirm with you before restoring normal account activity.