toga Platform Privacy Notice
This page describes what we collect when you use toga and how we keep that data protected. We at toga collect personal information only to operate your account, process deposits and withdrawals, verify your identity, and comply with applicable law. Your data is encrypted at rest and in transit, and we do not sell your information to third parties.
Our privacy practices reflect the jurisdictions where we operate. If you access toga from Jakarta, Surabaya, Bandung, or Medan, your data may be processed by servers located outside Indonesia. We maintain standard security practices across all processing locations. You have the right to request a copy of your data, correct inaccurate information, or request account closure at any time.
This notice outlines what we collect, how we use it, who we share it with, and what rights you have.
What we collect and why
We collect information in three categories: account setup, transaction processing, and compliance verification.
Account setup data
When you create a toga account, we ask for your email address, password, and basic profile information (name, date of birth, phone number). We use this information to create your account, send you notifications about deposits and withdrawals, and allow you to log in. Your email is also used for password recovery and account security alerts.
Transaction and payment data
When you deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or direct bank transfer (mobile banking, local payment, online payment, e-wallet), we collect transaction records including the payment method, amount, timestamp, and settlement status. We retain this data to reconcile your account balance, process withdrawals, and detect fraud. We do not store your full payment card or wallet credentials; payment processors handle that encryption separately.
When you request a withdrawal, we collect the destination payment method and amount. We use this information to route your funds to the correct account and verify that the withdrawal matches your account balance and verified identity.
Compliance and identity verification
Before you can withdraw funds from toga, we require identity verification. We collect a copy of your valid ID (passport, national ID, or driver's license), proof of address (utility bill or bank statement), and confirmation of your funding source. We use this information to comply with anti-money-laundering regulations and prevent fraud. We store these documents securely and do not share them with third parties except where required by law.
How we use your data
We use your data for the following purposes:
- Account operation: Creating and maintaining your toga account, processing logins, and managing your balance.
- Payment processing: Depositing funds, settling withdrawals, and reconciling transactions with payment partners.
- Compliance: Verifying your identity, detecting fraud, and complying with anti-money-laundering and tax regulations.
- Communication: Sending you account notifications, deposit confirmations, withdrawal status updates, and support responses.
- Security: Monitoring for suspicious activity, preventing unauthorized access, and protecting your account.
- Legal obligation: Responding to law enforcement requests, court orders, or regulatory inquiries.
We do not use your data for marketing purposes unless you explicitly opt in. We do not sell your data to third parties. We do not use your data to build profiles for targeted advertising.
Your data on toga is not shared for profit
We retain your information only as long as necessary to operate your account and comply with law. Once your account is closed and retention periods expire, we delete your data.
Third-party processors and data location
We use third-party service providers to process payments, store data, and provide customer support. These processors include payment gateways (for mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and bank transfers), cloud infrastructure providers, and email services. We require all processors to maintain confidentiality and use your data only for the purposes we specify.
Our servers may be located outside Indonesia. This means your data may be processed in jurisdictions with different privacy laws. We maintain standard encryption and security practices regardless of server location. If you have concerns about data processing outside your jurisdiction, you can contact our support team.
Payment partner data sharing
When you deposit via online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer, we share your transaction information with the payment processor to complete the deposit. These processors have their own privacy policies; we recommend reviewing them. We do not control how payment processors use your data beyond the transaction itself.
Your rights and data access
You have the right to request a copy of all personal data we hold about you. You can request this through our support team by providing your account number and a description of the data you want. We will provide your data in a portable format within a reasonable timeframe.
You have the right to correct inaccurate information in your account. If your name, address, or other details are incorrect, you can update them through your account settings or contact our support team.
You have the right to request account closure. When you close your account, we delete your personal data subject to applicable retention requirements. Some data (transaction records, identity verification documents) may be retained for compliance purposes for a period after closure.
You have the right to object to certain uses of your data. If we are processing your data for a purpose you do not consent to, you can object through our support team.
Cookies and tracking
We use cookies to maintain your login session, remember your preferences, and analyse how you use toga. Cookies are small files stored on your device that allow us to recognise you when you return. You can disable cookies in your browser settings, though this may affect your ability to use toga.
We do not use cookies for tracking across third-party websites. We do not share cookie data with advertisers or data brokers.
Data security and breach notification
We encrypt your data at rest using industry-standard encryption. We encrypt data in transit using HTTPS. We maintain access controls so only authorised staff can view your information. We conduct regular security audits and penetration testing to identify vulnerabilities.
If we discover a data breach that affects your personal information, we will notify you via email and in-app notification within a reasonable timeframe. We will also notify relevant regulatory authorities as required by law.
Contact and data requests
If you have questions about our privacy practices, want to request a copy of your data, or want to exercise your rights, contact our support team through the toga app, email, or in-app help centre. Provide your account number and a clear description of your request. We will respond within a reasonable timeframe.
Our services are available only where local law permits. Your privacy rights may vary depending on your jurisdiction. If you are in a jurisdiction with specific data protection laws (such as GDPR in Europe), those laws may provide additional rights beyond what we describe here.
Summary — your privacy on toga
We at toga collect personal information only to operate your account, process payments, verify your identity, and comply with law. We encrypt your data at rest and in transit. We do not sell your information to third parties. You have the right to request a copy of your data, correct inaccurate information, or request account closure. Our servers may be located outside Indonesia, but we maintain standard security practices regardless of location. If you have questions about how we handle your data, contact our support team.