Reference

How dragon22 Protects Your Personal Data

dragon22 collects only the data necessary to operate your account, process withdrawals, and keep your session secure — nothing more.

Data collected only as neededDANA, OVO, GoPay, QRIS payment data protectedAccount data encrypted at restRetention periods clearly definedYou control your own data requests
dragon22 How dragon22 Protects Your Personal Data
PRIVACY CONTACT PATHS

How to Reach Us About Your Data

If you want to access, correct, or delete your personal data held by dragon22, our privacy team handles requests seven days a week. You can reach us through live chat available from 08:00 to 23:00 WIB, by email at [email protected], or through the in-app support ticket form inside your account settings. We aim to acknowledge every privacy request within 24 hours and resolve it within seven business days.

Team online

Live Chat

Available daily 08:00–23:00 WIB. Connect directly from your account dashboard and submit a data access or deletion request to a privacy support agent in real time.

Email Privacy Team

Send your request to [email protected]. Include your registered email and the specific data you want to access, correct, or remove. Responses sent within 24 hours.

In-App Support Ticket

Log into your dragon22 account, navigate to Settings → Support → New Ticket, and select the Privacy Request category. Your ticket is queued directly to our data team.

DATA HANDLING STANDARDS

Six Ways We Handle Your Data Responsibly

dragon22 applies concrete technical and operational controls at every stage of data handling — from the moment you enter a payment method to the day you close your…

Encryption at Rest and in Transit

All personal data — including DANA and OVO payment records — is encrypted using AES-256 at rest and TLS 1.

Cookie Transparency

We use session cookies to keep you logged in and analytics cookies to understand page performance.

Account Security Controls

Two-factor authentication is available for every account. Failed login attempts trigger an automatic lockout after five tries, and you receive…

Data Retention Schedule

Transaction records — including GoPay and QRIS payment histories — are retained for five years to meet financial compliance obligations…

Third-Party Data Sharing Limits

We share data only with payment processors (DANA, OVO, GoPay, QRIS) and identity verification partners, and only the minimum fields…

Your Right to Request Changes

You may request a full copy of your stored data, ask us to correct inaccuracies, or request deletion of your…

Your Privacy Questions Answered

The questions below cover the data rights and privacy concerns we hear most often from people using dragon22 in Indonesia. If your question is not listed here, reach our privacy team via live chat or email at [email protected] and we will respond within 24 hours.

We collect your name, email, date of birth, and the payment details you add — such as your DANA or OVO wallet number. Device identifiers and session timestamps are logged automatically to secure your account against unauthorised access.

Your DANA and OVO details are passed only to those payment processors to complete transactions. We share the minimum data each rail requires. No third-party advertisers or data brokers receive your payment information at any point.

Transaction records, including GoPay and QRIS histories, are retained for five years to meet financial compliance requirements, then securely deleted. General account data is removed within 30 days of a verified closure request, where local law permits.

Yes. Log into your account, go to Settings → Support → New Ticket, and select Privacy Request. You can also email [email protected]. We acknowledge requests within 24 hours and deliver your data package within seven business days.

We use session cookies to maintain your login and analytics cookies to measure page performance. You can review, manage, or withdraw consent for non-essential cookies at any time through the cookie settings panel inside your account dashboard.

In the event of a confirmed data breach affecting personal information, dragon22 notifies affected account holders by email within 72 hours of detection. We also report the incident to the relevant regulatory authority as required by applicable law.

Some data processing — such as fraud detection — may involve servers located outside Indonesia, where local law permits. In all cases, transfers are covered by contractual data protection obligations that require the same security standards we apply domestically.