LEGAL REFERENCE

How We Handle Your Account Data

This is the hokiunited privacy policy — a plain read of what we collect when you open an account, why we hold it, and how long it stays...

Privacy PolicyIndonesiaAccount DataLast Updated 2025Plain English
Account access Read FAQ
hokiunited How We Handle Your Account Data

Policy Posture And Jurisdiction

Our policy applies where local law permits and across the supported regions of Indonesia we serve. We collect the data needed to verify your identity, fund your account through DANA, OVO, GoPay or QRIS, and keep your sessions secure. That means name, contact details, device fingerprints, transaction references and lobby activity. We retain records only as long as financial regulation and fraud-prevention

duties require, then we purge. You can ask us what we hold, request corrections, or close your account — the support paths below route those requests directly to our privacy desk.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

Privacy Contact Paths

Privacy Desk Email Send privacy queries, data-access requests or correction notices to our dedicated mailbox. We acknowledge within one working day and resolve straightforward requests inside the standard window set by Indonesia data rules.
In-Lobby Live Chat Open chat from any page once you sign in and ask for the privacy team. The agent escalates data questions off the general queue so your account details stay with the right desk.
Account Closure Form Use the closure path inside your profile to trigger deletion of personal data we are not legally required to retain. We confirm the schedule and the residual records kept for compliance.
TRUST MARKERS

How This Policy Is Reviewed

Quarterly Legal Review

Our in-house counsel re-reads this policy every quarter against current Indonesia data-protection rules so the wording you see matches what actually happens inside our account systems.

Named Data Owner

A single privacy lead signs off every change. That person is reachable through the contact paths above, so escalations land with someone accountable rather than a generic inbox.

Encryption At Rest

Account records, payment references and verification documents are stored encrypted. Keys rotate on a fixed schedule and access is logged, so your data trail is auditable end-to-end.

Vendor Vetting

Any processor touching your data — payment routers for DANA, OVO, GoPay and QRIS included — signs our data agreement and is reviewed before onboarding and annually after.

Breach Protocol

If something slips, we notify affected accounts and the relevant Indonesia authority within the legal window. The protocol is rehearsed, not theoretical, and the timeline is documented.

Version History

Each revision of this policy carries a date and a short note on what changed, so you can see how our handling of your account data has evolved over time.

BENCHMARKED

Consistency Across Our Policy Pages

01

Privacy Policy

This page — what data we collect, why we hold it, and how you exercise your rights over your hokiunited account information.

02

Cookie Notice

Sister page covering the trackers we set in your browser, separated out so the privacy text here stays focused on account-level data.

03

Terms of Service

Defines the contract between you and us. Cross-references this policy whenever account data, KYC or payment records are mentioned.

04

KYC Statement

Explains the identity checks we run before high-value withdrawals. The data fields listed there match the categories described in this policy.

05

AML Notice

Sets out monitoring duties under Indonesia financial rules. Retention windows match the figures quoted in the policy posture above.

06

Complaints Path

Tells you how to escalate if a privacy request stalls. The first contact is still our privacy desk, then the external regulator.

07

Cookie Settings

Live control panel where you toggle non-essential trackers. Changes there feed the consent log referenced in this privacy text.

SERVICE CONTEXT

What Shapes This Policy Page

01
Plain Wording We rewrote the legal boilerplate so you can actually read it. Short sentences, named teams, dated revisions — the page reads like brand copy, not a court filing.
02
Indonesia-First Framing Every clause is mapped to how Indonesia accounts behave, including the e-wallet flows you use daily. No imported template that ignores local payment rails.
03
Dated Revisions The header carries the current revision date and a link to the previous version, so you always know which wording governed your account on a given day.
04
Right-To-Access Path A single in-product button triggers an export of what we hold on your account. No ticket queue, no back-and-forth — your data, your request, our reply.
05
Retention Tables Specific time windows for each data category sit inside the policy details, so retention is a number you can check, not a vague promise.
06
Named Accountability The privacy lead is named in our support flow. You are not writing into a void; a real desk owns the response and the timeline attached to it.

Privacy Questions We Hear Most

We collect your name, contact details, date of birth, a verification document and the device you sign in from. Payment references for DANA, OVO, GoPay and QRIS are stored against your account so withdrawals route back correctly.

Active account data stays while you use us. After closure we retain only what Indonesia financial rules require — typically transaction records for the statutory window — then we purge identifying fields and keep anonymised aggregates.

Yes. Trigger the export from your profile or email our privacy desk. We package the data in a readable format and send it within the legal response window, with identity confirmation before release.

Only with processors we need to deliver the service — payment routers, verification providers, hosting. Each one signs our data agreement. We do not sell your information to advertisers or unrelated brands, ever.

We delete the fields we are not required to keep and lock the rest behind the retention schedule. You receive a closure confirmation showing what was removed and what remains for compliance reasons.

Most fields are editable inside your account settings directly. For verified data like your name or date of birth, send the correction through the privacy desk with supporting documentation and we update the record.

The version history at the foot of this page lists each revision with a date and a short note describing what moved. Material changes also trigger an in-lobby notice the next time you sign in.