Reference

How wdtoto Protects Your Personal Data

Your personal data — from your account registration details to your payment activity via DANA, OVO, GoPay and QRIS — is handled according to clear, specific rules we…

Account Data ProtectedDANA, OVO, GoPay & QRIS Transactions EncryptedNo Third-Party Sale of Personal DataRetention Period DisclosedDeletion Requests Accepted
wdtoto How wdtoto Protects Your Personal Data
PRIVACY CONTACT CHANNELS

How to Reach Our Privacy Team at wdtoto

If you have a question about how your data is stored, want to request a correction, or need to submit a deletion request, our privacy support…

Live Chat Connect directly through the wdtoto site chat widget. Available daily 08:00–23:00 WIB.
Privacy Email Send a detailed written request to our privacy team at [email protected].
In-Account Ticket Log in, navigate to Settings, then select Support Ticket and choose the Privacy category.
DATA HANDLING STANDARDS

Six Ways We Manage Your Data Responsibly

Every data-handling decision we make is built around your account security and your right to know what we hold about you. We use AES-256 encryption for stored data and TLS 1.

Encrypted Storage

All personal data, including payment-method references for DANA, OVO, GoPay and QRIS, is stored using AES-256 encryption. Only authorised systems with logged access credentials can retrieve this data.

Cookie Policy

We use session cookies to keep you logged in, analytics cookies to improve page performance, and no advertising cookies that track you across external sites. You can manage cookie preferences in your account settings.

Data Retention Period

Account data is retained for a maximum of 24 months after your last active session. Payment transaction records are kept for 12 months in line with standard financial audit requirements, then permanently deleted.

Account Security Practices

We enforce two-factor authentication on login and flag unusual access patterns automatically. If a login attempt originates from an unrecognised device, we send an immediate email verification request to your registered address.

Your Right to Access and Correct

You can request a full export of the personal data we hold on your account at any time. Corrections to inaccurate data — such as a wrong phone number or outdated email address — are processed within one business day.

Deletion Requests

If you close your account and request data deletion, we remove all personal identifiers from our live systems within 7 business days. Anonymised transaction summaries may be retained for internal audit purposes only.

Frequently Asked Questions About Your Privacy on wdtoto

Here are the questions our account holders ask most often about data collection, storage, access and deletion. If your question is not answered here, reach out through live chat or our privacy email — we respond within 24 hours.

We collect your name, email address, phone number, date of birth and the payment-method identifiers linked to your DANA, OVO, GoPay or QRIS account. Device information such as IP address and browser type is also recorded for security purposes.

We do not sell your personal data. We share data only with payment processors like DANA, OVO, GoPay and QRIS to complete your transactions, and only where local law permits or where you have given explicit consent for a specific purpose.

Account data is retained for up to 24 months after your last active session. Payment records are held for 12 months for audit purposes. After those periods, your personal identifiers are permanently deleted from our live systems.

Send a data access request to [email protected] or raise a ticket in Settings under the Privacy category. We will prepare and deliver a full data export to your registered email address within 2 business days of receiving your request.

Yes. Submit a deletion request via our privacy email or in-account ticket. We remove all personal identifiers from live systems within 7 business days. Anonymised, non-identifiable transaction summaries may be retained for internal audit records only.

Only reference identifiers — not full account numbers or credentials — are stored on our servers, encrypted with AES-256. Full payment credentials remain with the respective payment provider and are never transmitted to or stored on wdtoto infrastructure.

We use session cookies for login continuity and analytics cookies to monitor page load performance. We do not use third-party advertising cookies. You can review and adjust your cookie preferences at any time through the Privacy section inside your account settings.