Terms of Service
The terms describe the contract; this privacy policy describes the data inside it. Both pages share definitions for account, session and verified identity so cross-references resolve cleanly.
LEGAL REFERENCE
How tupaiwin Handles Your Account Data
This is the tupaiwin privacy policy — the page that tells you what we collect when you open an account, why we collect it, and how we keep...
Privacy PolicyData HandlingAccount SecurityIndonesia ScopeYour Rights
Policy Posture and Data Scope
Our privacy policy applies to your tupaiwin account where local law permits and across the supported regions we serve in Indonesia. We collect identity details you submit at sign-up, transaction references tied to your e-wallet top-ups, and session data that helps us keep the lobby stable on your device. We don't sell your data. We share it only with vetted processors who
help us run payments, fraud checks and platform infrastructure. You can contact us to access, correct, export or delete the records we hold, subject to retention duties we owe regulators. Policy updates are posted on this page with a fresh effective date so you always read the current version.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
REVIEW SIGNALS
How We Review This Policy
This privacy policy isn't a copy-paste template. It's reviewed by people whose job is to keep tupaiwin honest about data, and it gets updated whenever our processors, regions...
Legal Review Cycle
Our legal team reads the policy end to end every quarter and flags any clause that no longer matches how...
Engineering Sign-off
Before each update goes live, the engineering leads confirm that the data flows described here match what the systems actually...
Processor Audits
We audit the third-party processors that touch your data — payment partners, fraud tooling, hosting — and document who holds...
Regional Compliance
Indonesian data expectations shape this policy. We track local guidance and adjust retention windows, consent prompts and breach notification steps...
Change Logging
Every edit to this page carries a timestamp and a short note explaining what shifted. You can ask our privacy...
Independent Counsel
Outside privacy counsel reviews material rewrites before publication. That second set of eyes keeps us from drifting into vague language...
WHY THIS PLATFORM
Consistency Across Our Policy Pages
We keep the privacy policy aligned with the other legal pages on tupaiwin so you don't get conflicting answers depending on which page you land on. Here's how this page sits next...
Cookie Notice
Cookies are summarised here and detailed on the cookie page. Categories, lifetimes and opt-out paths use identical labels on both pages so your choices carry across.
KYC Statement
Identity checks are described as data collection here and as account duty there. Retention windows quoted on both pages match exactly, including the post-closure hold period.
Acceptable Use
Behaviour rules live in acceptable use; this page only covers the data those rules generate. Both reference the same enforcement workflow when an account is paused for review.
Complaints Policy
If you escalate a privacy issue, the complaints policy explains the route. Timelines quoted there mirror the response targets named in our privacy contact section above.
Retention Schedule
The retention table on this page is the canonical source. Other legal pages link to it rather than restating numbers, which prevents drift when we shorten or extend a window.
Regional Addendum
Where Indonesia-specific obligations differ from our base policy, the regional addendum clarifies them. This page flags the addendum at every clause it modifies so nothing hides in fine print.
PLATFORM SNAPSHOT
What This Privacy Page Actually Covers
Rather than burying the structure in legalese, here's a tour of the visible blocks on this privacy policy and what each one is for. Use it as a...
Data We Collect
A plain list of the fields we capture at sign-up...
How We Use It
Purposes are grouped: running your account, keeping the lobby secure...
Who Sees It
Internal teams are listed by function, not by name. External...
Retention Windows
Each data category has a stated holding period. Where regulators...
Your Rights Panel
Access, correction, export, deletion, objection and consent withdrawal each get...
Update History
The footer carries the effective date and a short changelog...
Privacy Policy Questions We Hear Often
We collect the identity details you submit, contact information, device and session data, and transaction references tied to DANA, OVO, GoPay or QRIS top-ups. Each field has a stated purpose listed in the data section above.
No. We don't sell account data. We share specific records only with processors who help us run payments, fraud checks and infrastructure, and each one is bound by a written agreement that limits use to those tasks.
Most account data is deleted shortly after closure, but transaction and identity records are held for the period regulators require. The retention block on this page shows the exact windows for each category.
Yes. Send a data access request through the in-app privacy form or our privacy inbox. We confirm your identity, then return the records we hold within the timeline our regional addendum specifies.
Open your account settings for self-serve edits, or contact the privacy desk for fields locked after verification. Deletion requests are honoured where no legal retention duty applies to the record in question.
Yes. Material changes trigger an in-account notice before the new version takes effect, and the footer changelog records every edit with a date so you can track what shifted between visits.
Start with our privacy inbox so we can investigate directly. If you're not satisfied, the complaints policy explains the escalation route, including the relevant Indonesian authority you can approach independently.