Reference

How yogatoto Handles Your Personal Data

At yogatoto, your personal data — including your account details, transaction history across DANA, OVO, GoPay and QRIS, and session activity — is collected only for the purposes…

Encrypted Account StorageDANA, OVO, GoPay & QRIS Data Handled SeparatelyRight to Access & DeleteRetention Policy DisclosedContact Path Clearly Stated
yogatoto How yogatoto Handles Your Personal Data
PRIVACY CONTACT CHANNELS

Reach Us About Your Privacy Rights

If you want to review, correct or remove any personal data we hold on your account, our privacy support team is available seven days a week. You can reach us via live chat from 08:00 to 24:00 WIB, by email for documented requests, or through our in-app help form — whichever path works for you. For account holders in Yogyakarta or anywhere else in Indonesia, responses to written data requests are sent within two business days.

Team online

Live Chat Support

Our live chat channel is open daily from 08:00 to 24:00 WIB. Use it to ask about data stored on your account, request corrections, or report a privacy concern in real time.

Email Data Requests

Send a written request to our privacy email address to receive a full export of your account data or to submit a formal deletion request. We respond within two business days.

In-App Help Form

Inside your account settings, the help form lets you flag a privacy issue directly from your dashboard — no need to leave the platform or open a separate browser tab.

HOW WE PROTECT YOUR ACCOUNT

Explore Our Data Security and Retention Approach

Security at yogatoto is not a background function — it shapes how we store passwords, log transactions, and manage cookie consent.

Password Encryption

Passwords are hashed using industry-standard one-way encryption at the point of entry. We never store your raw password, and our staff cannot retrieve it — only you can reset it through the verified account recovery flow.

Cookie Consent Management

When you first visit, a consent banner lets you choose which cookie categories to accept. Analytics cookies are optional; strictly necessary cookies that keep your session active are the only ones enabled by default.

Payment Data Isolation

DANA, OVO, GoPay and QRIS transaction references are stored in an isolated data segment that is separate from your profile data. This limits exposure in the unlikely event of a security incident.

Data Retention Schedule

Active account data is kept for the duration of your account. After a verified account closure request, we remove personal identifiers within 30 days, retaining only anonymised transaction logs required for financial audit compliance.

Third-Party Data Sharing Limits

We share data only with payment processors and infrastructure providers bound by confidentiality agreements. We do not share your data with advertisers, data brokers or affiliate marketing networks.

Account Access Logs

Every login to your account is timestamped and device-tagged. You can view recent access events from your account security page, and flag any entry you do not recognise directly to our support team.

Switch Between These Common Privacy Questions

The questions below cover what Indonesia account holders ask us most often about data rights, cookie settings, payment data handling and how to submit a formal privacy request. If your question is not here, our live chat team is available daily until 24:00 WIB.

We collect your name, email address, phone number and the payment identifiers linked to DANA, OVO, GoPay or QRIS deposits. We also log device type and session timestamps to protect your account from unauthorised access.

Payment references from DANA and OVO are stored in an isolated segment of our database, separate from your profile. This means your wallet identifiers are not bundled with your personal profile data and face a narrower exposure window.

Yes. Send a written request to our privacy email or use the in-app help form inside your account settings. We will compile and deliver a full data export within two business days of verifying your identity.

Submit a deletion request via email or live chat. After we verify your identity, personal identifiers are removed within 30 days. Anonymised transaction logs required for audit compliance may be retained beyond that window.

We share data only with payment processors like the networks behind DANA, GoPay and QRIS, and with infrastructure providers under strict confidentiality contracts. We never sell your data to advertisers or data brokers.

A consent banner appears on your first visit. Analytics and preference cookies are optional — you choose whether to accept them. Only session cookies required to keep you logged in are active without your explicit consent.

Yes, certain data processing practices depend on local law. Where local law permits, anonymised analytics may be shared with our platform partners. We aim to align our practices with applicable Indonesian personal data protection regulations at all times.