Reference

How cicakwin Protects Your Personal Data

cicakwin collects only the data we need to run your account, process withdrawals, and keep your transactions via DANA, OVO, GoPay and QRIS secure.

Data encrypted in transit and at restDANA, OVO, GoPay & QRIS transaction records securedAccount data deletable on requestNo data sold to third partiesRetention periods clearly defined
cicakwin How cicakwin Protects Your Personal Data
PRIVACY CONTACT PATHS

Open a Privacy Request With Our Team

If you need to access, correct, or remove personal data we hold about you, our privacy support team is available seven days a week between 08:00 and 23:00 WIB.

Live Chat Support Available daily from 08:00 to 23:00 WIB. Start a privacy request directly inside the chat window and receive a case reference number within minutes of submission.
Email Data Team Send your written request to our dedicated privacy email address. We aim to respond within one business day and will confirm receipt with a timestamped acknowledgement.
In-App Support Button On the mobile app, tap the support icon in your account menu to file a data request. Your account details are pre-filled, so the process takes under two minutes to complete.
DATA HANDLING STANDARDS

Browse Our Six Core Privacy Commitments

We have structured our data practices around six principles that apply to every account — whether you deposit via DANA, authenticate by biometric on mobile, or contact us through live chat.

Encryption at Every Layer

All data you send to us — including QRIS payment confirmations and login credentials — travels over TLS 1.3 encryption. Stored records are encrypted at rest using AES-256, which means raw data is never readable if storage is compromised.

Cookie Transparency

We use session cookies to keep you logged in and analytics cookies to understand how the account dashboard is used. You can withdraw cookie consent at any time via the cookie settings panel without losing access to your account.

Account Security Controls

Your account supports two-factor authentication via SMS or authenticator app. We log every login event with a timestamp and device fingerprint, and you will receive an email alert whenever a new device accesses your account.

Data Retention Policy

Active account data is retained while your account remains open. Following closure, non-financial records are deleted within 90 days. Payment records linked to DANA, OVO and GoPay transactions are retained for five years to meet regulatory requirements.

Third-Party Sharing Limits

We share data only with payment processors (DANA, OVO, GoPay, QRIS operators), identity verification partners, and fraud-detection services. We do not sell your data to advertisers or unaffiliated commercial third parties under any circumstance.

Your Right to Request Changes

You may request a full export of your personal data, ask us to correct inaccurate records, or request deletion of non-essential data. Submit a request via live chat or email; we aim to action it within five business days.

Switch Between Your Common Privacy Questions

The questions below cover what we collect, how long we keep it, and what rights you have over your own data on cicakwin. If your question is not listed here, reach us via live chat between 08:00 and 23:00 WIB and our team will respond with a specific answer tied to your account.

We collect your name, email, date of birth, and payment identifiers for DANA, OVO, GoPay or QRIS. We also log your IP address, device type, and session timestamps to protect your account from unauthorised access.

Payment records are encrypted at rest using AES-256 and stored on servers with restricted internal access. DANA and OVO transaction logs are retained for five years in line with financial record-keeping requirements that depend on local law.

Yes. Submit a data export request via live chat or our privacy email address. We will compile and deliver a structured file of your account and transaction data within five business days of receiving your request.

We share data only with payment processors such as DANA, GoPay and QRIS operators, and with identity or fraud-prevention partners. We do not sell your personal data to advertisers or unaffiliated commercial organisations.

Open the cookie settings panel accessible from the footer of any page. Toggle off analytics cookies and save your preference. This takes effect immediately and does not affect your ability to log in or make transactions.

Non-financial personal records are deleted within 90 days of account closure. Payment-related records linked to DANA, OVO, GoPay and QRIS are kept for five years to satisfy regulatory obligations that depend on local law.

Contact our live chat team immediately — available 08:00 to 23:00 WIB daily. We will lock the account, review access logs, and send you a full incident report within 24 hours of your notification.