Reference

How cosmictoto Protects Your Personal Data

Your personal data — including account details, transaction records across DANA, OVO, GoPay, and QRIS, and device activity — is handled under a clear, documented privacy framework.

Encrypted account storageDANA, OVO, GoPay & QRIS data protectedRight to access your dataData retention limits appliedContact us to update or remove records
cosmictoto How cosmictoto Protects Your Personal Data
PRIVACY CONTACT CHANNELS

How to Reach Us About Your Privacy Rights

If you want to access, correct, or request deletion of your personal data, our privacy support team is reachable seven days a week.

Live Chat Support Available daily from 08:00 to 23:00 WIB. Use the chat icon on any page to send a privacy request directly to our data team. Responses within one business hour during operating windows.
Email Privacy Request Send your data access or deletion request to our privacy email address. Include your registered account name and the specific data you need addressed. We aim to respond within two working days.
Telegram Support Handle Message our Telegram handle for privacy queries any time. Agents monitor the channel during WIB business hours and escalate data-related cases directly to the compliance desk.
DATA HANDLING PRACTICES

Six Ways We Manage Your Data Responsibly

From the moment you open an account to every QRIS or GoPay transaction you make, our data handling follows documented internal procedures.

Data Collection Minimisation

We collect only what is needed to run your account and process payments via DANA, OVO, GoPay, and QRIS. No additional profiling data is gathered without your explicit consent during account setup.

Encryption at Rest and in Transit

All personal data — including transaction records and login credentials — is encrypted using AES-256 at rest and TLS 1.3 in transit. This applies to every page you load and every payment session you open.

Cookie and Tracker Disclosure

We use session cookies to keep you logged in and analytics cookies to understand which pages you visit. You can manage cookie preferences via the settings link in the footer of every page on our site.

Account Security Steps

Two-factor authentication is available under Account Settings → Security. We recommend enabling it alongside a strong password. Suspicious login attempts from new devices in Jakarta or elsewhere trigger an automatic email alert to your registered address.

Data Retention Schedule

Active account data is retained for the duration your account remains open. On account closure, transaction records are held for the period required by applicable financial regulations, then securely deleted. You may request an earlier deletion where local law permits.

Third-Party Data Sharing Rules

We share data only with payment processors such as DANA and OVO operators, identity verification partners, and fraud-prevention services. Each third party is contractually bound to handle your data under the same confidentiality standards we apply internally.

Your Privacy Rights at cosmictoto, Explained

The questions below reflect what our Indonesian account holders most frequently ask about data collection, cookie use, payment record storage, and how to exercise their rights. If your question is not covered here, reach us via live chat between 08:00 and 23:00 WIB.

We collect your name, email address, phone number, date of birth for eligibility verification, and device identifiers. Once you link a payment method such as DANA or OVO, we also store tokenised wallet references — never raw account numbers.

Payment session data from QRIS and GoPay is tokenised immediately on processing. The raw transaction reference is retained for reconciliation and is encrypted at rest. We do not store your full wallet credentials beyond the active payment session.

Yes. Submit a data access request via email or live chat, referencing your registered account name. We will compile and send a summary of your stored data within five working days, in a readable format.

Contact our privacy support channel by email or live chat with a deletion request. Where local law permits, we will remove your data within ten working days of verifying your identity. Regulatory retention periods may apply to financial records.

Only with payment processors (including DANA and OVO operators), fraud-detection services, and identity verification partners. Each partner is under a written data-sharing agreement. We do not sell your data to advertisers or unrelated third parties.

We use essential session cookies, performance analytics cookies, and optional personalisation cookies. You can review and adjust your cookie preferences at any time through the Cookie Settings link in the site footer without logging out.

Reach our dedicated privacy team via email or Telegram support, available during WIB business hours. We aim to acknowledge complaints within 24 hours and provide a resolution or escalation path within five working days of receipt.