LEGAL REFERENCE

Privacy Policy You Can Actually Read

This is the xo368 login privacy policy, written for Indonesia in plain English. We explain what account data we collect when you open a lobby session, why we...

Plain EnglishIndonesia-FocusedData ChoicesLast Updated 2025Reader-Friendly
Browse the Lobby Read FAQ
xo368 login Privacy Policy You Can Actually Read

How We Handle Your Account Data

Our policy posture is simple: we collect what's needed to run your account and nothing extra. That means sign-in identifiers, device fingerprints for fraud checks, and wallet references when you fund the lobby through DANA, OVO, GoPay or QRIS. We retain records for the period local law in supported regions requires, then we purge. Where Indonesian financial regulation asks us to keep

transaction trails longer, we ring-fence those records away from marketing systems. You can request access, correction or deletion of your data, and we route those requests through a named privacy contact. Cross-border transfers happen only where local law permits and only with contractual safeguards in place.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

24/7 SUPPORT

Privacy Contact Paths

If anything in this policy is unclear, or you want to exercise a data right, reach out through one of the channels below. Our privacy desk responds in Indonesian or English and...

Privacy Email Send privacy requests — access, correction, deletion or consent withdrawal — to our data desk. We reply within seven working days and confirm what action has been taken on your account file.
In-App Chat Open the chat bubble inside your account dashboard and ask for the privacy team. The agent will route you to a human reviewer rather than a generic support script for anything policy-related.
Postal Address Prefer paper? Our registered correspondence address handles formal data subject letters. Include your account handle and a contact route so we can verify before processing the request.
REVIEW SIGNALS

How This Policy Is Reviewed

We don't write this once and forget it. The policy gets a structured review so the wording matches what our systems actually do, and so Indonesia-specific obligations stay current as regulators update...

Legal Counsel

Indonesian and regional counsel sign off the policy each cycle. They flag any wording that drifts from current data-protection rules, and we redraft before the version goes live on this page.

Security Lead

Our security lead pairs each clause with the technical control behind it. If we say data is encrypted at rest, the audit trail proves it before that sentence makes it into the published document.

Privacy Officer

A named privacy officer owns the document and your requests. Escalations land on one desk rather than bouncing between teams, so response times stay predictable across Indonesia time zones.

Quarterly Review

We schedule a fixed review every quarter. Even if no rules change, we still re-read the policy against live system behaviour to catch any quiet drift between practice and wording.

Vendor Audits

Payment and identity vendors connected to your account go through annual data audits. Anything that touches DANA, OVO, GoPay or QRIS rails has to clear contractual privacy checks before integration.

Change Log

Every published version carries a change log at the foot of this page. You can scan what moved between revisions without diffing the entire document line by line.

WHY THIS PLATFORM

Consistency Across Our Policy Pages

This page sits alongside our other legal documents. We keep the language aligned so you don't read contradictions between policies. Here's how the privacy policy lines up with sibling pages on the...

01

Terms of Use

Account obligations match the data points described here. What the terms reference as 'verification information' is the same dataset this policy lists under identity collection.

02

Cookie Notice

Cookie categories and retention windows mirror the tracking section of this policy. One source of truth, two reading angles for shorter attention spans.

03

AML Statement

Records kept for anti-money-laundering reasons are flagged in both documents with identical retention figures, so nothing reads longer or shorter depending on which page you land on.

04

Refund Policy

Wallet data tied to DANA, OVO, GoPay and QRIS refunds is described the same way here as in the refund document, including who inside our team can access it.

05

Marketing Consent

Opt-in and opt-out wording is reused verbatim. If you change preferences in one place, the policy reflects that single switch rather than scattered toggles.

06

Complaints Path

The escalation ladder for privacy complaints matches the general complaints page. Same desks, same response windows, no contradictions between the two routes.

07

Security Page

Encryption, storage region and access control claims here repeat what the security page describes, so technical and legal readers see one aligned story.

What This Policy Page Shows You

The highlights below describe the visible building blocks of this policy page itself, so you know where to find each topic without scrolling through the entire...

Data Collected

A short list of the fields we ask for at sign-up and during play. Each field is paired with the reason we need it, so nothing on the form feels arbitrary.

Retention Windows

Concrete time spans for how long each category stays on file. Marketing data clears faster than financial records, and the policy spells out both numbers in months.

Your Rights

A plain-English block on access, correction, deletion, portability and objection. Each right links to the exact channel you use to exercise it from your account.

Sharing Map

A map of who sees your data outside our team — payment processors, identity checkers, hosting partners — and what each one is contractually allowed to do with it.

Cross-Border Notes

If data leaves Indonesia for processing, this section names the destination region and the safeguard used. Nothing moves where local law does not permit such transfers.

Version History

A dated change log at the foot of the page tracks every revision. You can see when a clause was added, reworded or removed without comparing files yourself.

Privacy Policy FAQ

We collect your name, contact details, date of birth, a government identity reference for verification, and the wallet handle you use for DANA, OVO, GoPay or QRIS. Device and session data is logged for fraud prevention.

Account and transaction records are kept for the period Indonesian financial rules require, typically several years after closure. Marketing data is purged sooner, usually within months of you withdrawing consent or going inactive.

Yes. Send a deletion request through the privacy email or in-app chat. We remove what we are not legally required to retain, and we tell you exactly which records must stay and why.

Only with processors needed to run your account: payment rails, identity verification, hosting and analytics. Each one is bound by contract, named in the sharing map above, and barred from using your data for their own marketing.

Some processing happens with regional partners where local law permits. Those transfers use standard contractual clauses and we document the destination in the cross-border section, so you always know where your records sit.

We update the change log at the foot of the page and notify active accounts by email when the change is material. The version date at the top of the policy always reflects the current revision in force.

Start with our privacy officer through the contact paths above. If the response does not resolve your concern, you can escalate to the relevant Indonesian data-protection authority, and we will cooperate fully with their review.