Terms of Service
Definitions of account, lobby and transaction used here match the Terms exactly, so a word means the same thing whether you're reading rights or obligations.
LEGAL REFERENCE
How merdeka365 Handles Your Account Data
This is the merdeka365 privacy policy — the page where we set out, in plain language, what we collect when you open an account with us, why we...
Account dataCookie useRetention windowsYour rightsIndonesia focus
Privacy Posture and Jurisdiction Notes
Our privacy posture follows the rules of the supported regions we serve, and where local law permits we apply the stricter standard by default. When you sign up we capture the basics — name, contact, date of birth, device fingerprint — so we can verify the account belongs to you and keep the lobby secure. Transaction metadata tied to DANA, OVO, GoPay
and QRIS is logged for fraud prevention only, never resold. We retain identity records for the period required by Indonesian financial regulation, then purge. You can request export, correction or deletion through the channels listed further down this page, and we'll action verified requests within thirty days.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
SUPPORT
Privacy Contact Paths
If something in this policy is unclear, or you want to act on your data rights, these are the channels our privacy desk monitors. Each one routes to the same review team, so pick whichever you find easiest.
Team online
Privacy inbox
Email our data team at [email protected] for export requests, correction notes, deletion claims or any policy clarification. We acknowledge inside one business day and resolve verified requests within thirty.
In-account ticket
Open a ticket from your merdeka365 account dashboard and tag it Privacy. The thread stays attached to your verified profile, which speeds up identity checks and keeps the conversation auditable for both sides.
Live chat desk
Our chat desk handles privacy questions around the clock in Indonesian and English. For sensitive deletion or export requests the agent escalates to the data officer rather than answering on the spot.
WHY THIS PLATFORM
How We Review This Policy
This policy is not a set-and-forget document. Six editorial signals keep it honest and current.
Quarterly review
Our compliance lead re-reads this policy every quarter against current Indonesian data rules and the lobby features we shipped that quarter, so the wording matches what our systems actually do.
Named data officer
A named data protection officer signs off on every change. The role sits outside the marketing team, which keeps the policy phrased for accuracy rather than tone or conversion language.
Versioned history
Each revision is stamped and archived. If you want to see what the policy said the day you opened your account, ask the privacy inbox and we'll send the dated version.
Plain-language pass
We run a plain-language edit on every update so clauses stay readable on a phone screen. Legal precision matters, but a policy nobody reads protects nobody.
External counsel
Indonesian counsel reviews material changes before they go live. Their notes are kept on file in case a regulator or an account holder asks how a specific clause was drafted.
Breach protocol
A documented incident protocol governs how we notify you and the relevant authority if data is exposed. Timelines, channels and escalation paths are written down, not improvised.
WHY THIS PLATFORM
Consistency Across Our Policy Pages
This page lines up with our other legal documents so you don't get conflicting answers depending on where you click.
Cookie Notice
The cookie categories named in this policy — strictly necessary, functional, analytics — are the same ones surfaced in the consent banner and the cookie notice page.
KYC Statement
Identity fields listed here mirror the KYC statement field-for-field, so you won't be asked for data on signup that isn't disclosed in this policy.
AML Notice
Retention windows for transaction metadata match the AML notice. One source of truth, applied consistently to DANA, OVO, GoPay and QRIS movements.
Complaints Policy
The escalation path for a privacy complaint mirrors the general complaints route, with the data officer added as the final internal step before external recourse.
Marketing Preferences
Opt-out controls described here are the same toggles shown in your account preferences screen, with identical wording so nothing is lost in translation.
Account Closure
Deletion timelines stated in this policy match the account closure flow. Closing an account triggers the same purge schedule documented in section four.
What This Policy Page Lays Out
Six visible elements define the layout of this privacy page so you can find what you need without scrolling the whole document.
Scope block
The opening block tells you which merdeka365 surfaces the policy covers — the website, the account dashboard, the live chat desk and the lobby itself — so you know what's in and what's out.
Data categories
A clean list of every data category we touch, from identity to device telemetry, with a one-line purpose attached to each. No vague catch-alls, no buried clauses.
Retention table
Plain retention windows for each category, expressed in months or years rather than legalese. You see at a glance how long a record lives before it's purged.
Rights panel
Your rights — access, correction, deletion, portability, objection — set out as a panel with the exact channel to action each one. No hunting through paragraphs.
Third parties
A named list of processors we share data with, what they do for us, and the region they operate from, so nothing about onward transfer is hidden.
Change log
A visible change log at the bottom shows the last update date and a short note on what changed, so returning readers can spot what's new without re-reading everything.
Privacy Policy Questions
At signup we collect your name, date of birth, contact details and a device fingerprint. That set is the minimum we need to verify the account is yours and to keep the lobby secure under Indonesian rules.
Identity records are kept for the period Indonesian financial regulation requires after your last activity, then purged. Transaction metadata follows the same window. Marketing preferences are kept only while your account is open.
Yes. Email [email protected] or open a Privacy ticket from your dashboard. Once we've verified your identity we send a structured export within thirty days, covering every category named in this policy.
We don't store full payment credentials for DANA, OVO, GoPay or QRIS. Tokenised references are held by our payment processors, and we only see metadata needed for reconciliation, fraud checks and regulatory reporting.
Only with named processors that help us run the platform — identity verification, payments, fraud screening, hosting. The list is published on this page, and none of them resell your data or use it for their own marketing.
Toggle marketing preferences off in your account dashboard, or reply STOP to any message. The change applies immediately. Service messages tied to your account, like security alerts, continue regardless of marketing choice.
Closure triggers a purge schedule. Marketing data goes immediately, identity and transaction records sit in a locked archive for the legally required window, then are deleted. You receive written confirmation when the final purge completes.