Reference

How redmitoto Protects Your Personal Data

Your account data, payment details, and browsing activity on redmitoto are handled under a clear, documented privacy framework — covering how we collect, store, and use information you…

Data encrypted in transit and at restDANA, OVO, GoPay, QRIS transaction records protectedAccount data access on requestIndonesia-specific retention rules appliedContact us to update or delete your data
redmitoto How redmitoto Protects Your Personal Data
PRIVACY CONTACT PATHS

Reach Our Privacy Team Directly

Our privacy support team is available seven days a week, from 08:00 to 23:00 WIB, to handle data access requests, correction notices, and deletion queries.

Live Chat Open the live chat window from any page on redmitoto.
Email Support Send your data access or deletion request to our privacy inbox at [email protected].
Account Settings Panel Log into your account, navigate to Settings, then select 'Privacy & Data'.
HOW WE HANDLE DATA

Open Our Data Practices and Security Standards

Every data-handling measure on redmitoto is designed around one principle: your information should only be used for the purpose you shared it.

Cookies and Tracking

We use session cookies to keep you logged in and analytics cookies to understand which sections of the site you visit most. You can disable non-essential cookies at any time through your browser settings without losing account access.

Payment Data Security

DANA, OVO, GoPay, and QRIS transaction data is encrypted using AES-256 at rest. Payment credentials are never stored on our servers — they pass through the payment gateway directly and only a tokenised reference is retained in your account record.

Account Login Protection

Every login attempt is checked against your registered device profile. Unrecognised device logins trigger a verification step sent to your registered mobile number, adding a layer of confirmation before access is granted to your account.

Data Retention Policy

Payment logs are kept for five years as required under applicable financial record rules. Session and behavioural data is deleted after twelve months. If you close your account, profile data is anonymised within thirty days unless retention depends on local law.

Who Can Access Your Data

Only authorised internal team members with a documented operational need can access your personal records. We do not share identifiable data with advertisers. Third-party processors — such as payment gateway providers handling QRIS or GoPay flows — receive only the data necessary to complete your transaction.

Requesting Changes or Deletion

You have the right to request a correction or deletion of your personal data at any time. Submit your request via live chat or the Settings panel; we confirm receipt within 24 hours and complete the action within ten business days where local law permits.

Explore Common Questions About Your Data Rights

Below are the questions we receive most often from account holders in Indonesia about how their personal information is collected, stored, and protected on redmitoto. If your question is not covered here, our privacy team is reachable via live chat during 08:00–23:00 WIB.

We collect your name, email address, mobile number, and the payment method you link — such as DANA, OVO, GoPay, or QRIS. Device identifiers and session data are also collected to keep your login secure and personalise your account experience.

No. Payment credentials for DANA, OVO, GoPay, and QRIS pass through an encrypted gateway and are never stored directly on our servers. Only a tokenised reference tied to your account is retained to verify transaction history and process withdrawals.

Yes. Log into your account, go to Settings, then 'Privacy & Data', and select 'Download My Data'. Alternatively, contact our support team via live chat or email and we will prepare your export within ten business days.

Submit a deletion request through the Settings panel or email [email protected] with your registered account details. We confirm receipt within 24 hours and complete the deletion within ten business days, except where retention depends on local law.

We do not sell or share your identifiable data with advertisers. Third-party processors — such as the payment gateways that handle GoPay and QRIS transactions — receive only the minimum data required to complete your transaction securely.

Payment transaction logs are retained for five years in line with applicable financial record requirements. Session and behavioural data is deleted after twelve months. Closed account profile data is anonymised within thirty days where local law permits.

Contact our privacy team immediately via live chat — available 08:00 to 23:00 WIB, seven days a week. We will review your account access logs, suspend any unrecognised sessions, and guide you through a password and verification reset within the same session.