LEGAL REFERENCE

How tobawin Handles Your Account Data

This is the tobawin privacy policy — the document that tells you what we collect when you open an account, why we collect it, and how long we...

Plain-English policyIndonesia-awareAccount-level scopeUpdated regularlyContact paths inside
View Game Library Read FAQ
tobawin How tobawin Handles Your Account Data

Policy Posture and Scope

Our privacy policy applies to every account opened on tobawin.app where local law permits, and it governs the personal data tied to your profile — name, phone, email, verification documents and gameplay logs. We process this data to run your account, confirm payouts and meet record-keeping rules in supported regions. Where Indonesian regulations require disclosure, we cooperate with the relevant authority and

notify you when we are permitted to. The chips below are referenced as context for payment-linked data fields handled under this policy; the policy itself is what governs them.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Contact Paths

If you want to ask us about your data, exercise a deletion request or raise a concern, here is how to reach the privacy desk directly.

Privacy Email Write to our data desk and we will reply within seven working days. Include your registered phone number so we can match the request to the correct tobawin account safely.
In-App Chat Open the chat bubble inside your tobawin lobby and ask for the privacy team. Agents can route data questions, account export requests and erasure forms without making you leave the page.
Postal Address For formal notices, our registered office accepts written correspondence. We publish the current address on the contact page; please mark envelopes for the attention of the privacy officer to avoid delays.
REVIEW SIGNALS

Editorial Trust Behind This Policy

This policy is reviewed by humans, not auto-generated. Here is who touches it and how we keep it current.

Legal Review

Our legal counsel reviews the wording each quarter and after any change in Indonesian data rules. The version date at the foot of this page reflects the most recent sign-off by that team.

Security Sign-Off

Our infrastructure lead confirms that what we describe here matches what actually runs in production — encryption at rest, scoped access logs and the retention windows we list in the policy body.

Plain-Language Pass

A copy editor rewrites legalese into something you can read on a phone. If a clause stops being clear after a legal change, we flag it and rework the sentence before publishing.

Indonesian Context

We cross-check against the local data protection framework so the rights we describe match what you can actually exercise in Indonesia, including correction, portability and erasure of your tobawin profile.

Change Log

Material edits appear in a dated change log at the bottom of the policy. You can compare the previous version against the live one to see exactly what we adjusted and when.

Independent Audit

An external auditor reviews our handling controls each year. Their findings drive fixes that flow back into this policy, so what you read reflects audited practice rather than aspiration.

BENCHMARKED

Consistency Across Our Policy Pages

Our privacy policy is one of several legal pages on tobawin. Here is how it lines up against the sibling documents so you know which page answers which question.

01

Privacy vs Terms

Privacy covers what data we hold about you. Terms covers the rules of using the lobby. If your question is about data, you are on the right page.

02

Privacy vs Cookies

This page describes account data overall. The cookie notice zooms in on browser-level identifiers and the choices you have over them inside your tobawin session.

03

Privacy vs KYC

KYC explains why we ask for ID at verification. Privacy explains how those documents are stored, who sees them and when they are deleted from our systems.

04

Privacy vs AML

AML sets the obligation to monitor activity. Privacy sets the limits on how that monitoring data is retained, shared and protected on your account record.

05

Privacy vs Payments

The payments page lists supported rails like DANA, OVO, GoPay and QRIS. Privacy describes the data fields those rails generate and how long we keep them.

06

Privacy vs Bonuses

Bonus terms govern promo eligibility. Privacy covers the participation data that promo logic relies on, including device signals tied to your tobawin profile.

07

Privacy vs Complaints

The complaints page tells you how to escalate. Privacy tells you how the case file is stored and how long the correspondence trail remains on record.

What This Policy Page Includes

Here are the visible elements you'll find as you scroll the privacy policy — the layout we use across every legal page on tobawin.

Section Anchors

Jump links at the top take you straight to collection, retention, sharing or your rights. Use them on mobile so you don't have to scroll the full document to find one clause.

Version Date

Every policy carries a clear version date and effective date. If we update wording, the date moves and the change log records what shifted, so you always know which version applies.

Rights Summary

A short panel summarises the rights you can exercise — access, correction, portability, erasure and objection — along with the contact path that lets you exercise each one.

Retention Table

A simple table shows how long each category of data stays on file, from session logs through to verification documents, so you don't have to read paragraphs to find a number.

Sub-Processor Notes

We name the categories of vendors we use for hosting, payments and communications, and we explain what data each category sees so the chain is visible end to end.

Glossary Box

Legal terms are defined inline in a glossary box. Hover or tap to see what we mean by controller, processor or legitimate interest without leaving your spot in the document.

Privacy Policy Questions We Hear Often

At sign-up we collect your name, date of birth, phone number, email and a password. During verification we collect ID documents. After that, we log your session activity so the account can be operated and audited correctly.

Active account data lives with us while your tobawin profile is open. After closure, we keep records for the period required by Indonesian financial and tax rules, then we delete or anonymise them as the retention table on this page describes.

Yes. Send the request through the privacy email or in-app chat. We will erase data we are not legally required to retain, and we will tell you which categories must stay on file and for how long.

We share only with vendors who help us run the lobby — hosting, payment processors covering DANA, OVO, GoPay and QRIS, and communication tools — and with regulators when the law in supported regions requires it. Nothing is sold to advertisers.

We encrypt data in transit and at rest, scope internal access by role, and log every administrative action. Our infrastructure lead reviews controls regularly and an external auditor checks them yearly, with findings flowing back into our written policy.

You can request access to your data, correct inaccuracies, port a copy elsewhere, ask for erasure where lawful and object to specific processing. The rights summary panel on this page links each right to the contact path that exercises it.

Material updates trigger an in-app notice the next time you open tobawin and an email to the address on your account. The change log on this page records the date and a short note describing what we adjusted.