LEGAL REFERENCE

How We Handle Your Account Data

This is the 23naga privacy policy — the plain-language version of what we collect when you open an account, why we hold it, and how long it stays...

Account dataCookie scopeRetention windowsYour rightsContact paths

Explore Games Read FAQ

Privacy Posture & Jurisdiction Notes

We process your data where local law permits and only across supported regions. When you register, we collect identifiers — name, email, phone, date of birth — plus the wallet handle you link for top-ups. Session logs, device fingerprints and IP records are retained for fraud checks and audit obligations. We do not sell your information to third parties. Marketing consent is

opt-in and you can withdraw it from your account panel at any time. Where Indonesia data-protection rules apply, our policy follows them; where stricter jurisdictional rules apply to your residency, those take precedence. Wallet identifiers from DANA, OVO, GoPay and QRIS are stored only as references, never as full card numbers.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

24/7 SUPPORT

Privacy Contact Paths

If you have a question about your data, reach our privacy desk through any of the channels below. We aim to acknowledge requests within one business day.

Privacy Inbox Email our data team directly to request a copy of what we hold, ask for a correction, or close your account. Replies arrive from a verified 23naga address within one working day.

In-App Chat Open the chat bubble inside your account and tag the message as a privacy query. The agent escalates it to our data officer so the audit trail stays attached to your account ID.

Erasure Requests Send a written deletion request through the form on your settings page. We confirm receipt, run the legal-hold check, then purge eligible records within the retention window described above.

REVIEW SIGNALS

Editorial Trust Signals For This Policy

This document is reviewed on a regular cadence so the wording matches what our systems actually do.

Quarterly Review

Our compliance lead re-reads this policy every quarter and signs off any wording changes. If the underlying data flow shifts, the public page is updated before the new flow goes live.

Named Data Officer

A named privacy officer owns this document. You'll see the same signature on responses to your data requests, so the person answering you is the person accountable for the policy.

Plain-Language Drafting

We avoid legal padding. Every clause here is written so you can read it in one sitting without a dictionary, and we keep the Indonesia-facing version aligned with the master copy.

Change Log

Material edits are dated at the bottom of this page. Minor typo fixes are silent, but anything that changes scope or retention triggers a notice in your account panel.

Third-Party Audits

Our security controls are reviewed by an external assessor each year. The report covers how we store identifiers, how access is logged, and how wallet references from DANA and OVO are isolated.

Vendor Register

We maintain a register of every processor that touches your data — chat, KYC, payment routing. The register is available on request through the privacy inbox listed above.

Consistency Across Sibling Policy Pages

Cookie Notice	The cookie page expands on the tracking categories briefly named here. Definitions and retention windows match — if a cookie isn't listed there, it isn't running on the site.
Terms Of Use	Account obligations live in the terms page. This privacy document only covers data handling, so we point you to the terms for conduct rules and dispute paths.
KYC Notice	Identity-verification specifics sit in the KYC page. Document categories and storage windows referenced here are repeated there in the same wording for cross-checking.
Payments Page	Wallet reference handling described above is mirrored in the payments page so DANA, OVO, GoPay and QRIS flows read the same on both surfaces.
Promo Terms	Marketing-consent scope on this page matches the opt-in language used on promo entries. Withdrawing consent stops promo emails without closing your account.
Complaints Path	Escalation routes named here are the same ones documented on the complaints page, with identical response windows so expectations don't drift between pages.
Region Notice	Where-local-law-permits wording on this page lines up with the region notice. Supported regions are listed in one place and referenced consistently.

What This Policy Page Shows You

These are the visible elements we've laid out so the policy is easy to navigate on a phone.

Plain Section Headers

Each block has a short header so you can scroll to the part you care about — data collected, retention, your rights — without reading the whole page top to bottom.

Inline Definitions

Where a term might be ambiguous, we define it in the same sentence. No footnotes, no glossary jumps; the meaning sits next to the word it explains.

Dated Revisions

A revision date appears at the foot of the page. If you've bookmarked this URL, the date tells you whether the version you remember is still current.

Direct Contact Block

The privacy contact paths sit halfway down the page, not buried in a footer. You can reach the data officer without leaving this URL.

Rights Summary

Your rights — access, correction, erasure, objection — are listed as a short row near the top so you can confirm what's possible before reading the full clause.

Cross-Links

Sibling policy pages are linked inline where they're relevant, so you can jump to the cookie notice or KYC notice without searching the menu.

Privacy Questions We Hear Most

Your name, email, phone number, date of birth and the wallet handle you link for top-ups. We also log your device fingerprint and IP for fraud checks, kept under the retention window listed above.

No. We hold the wallet reference token returned by DANA, OVO, GoPay or QRIS — not the underlying card or account number. The token lets us route your top-up without exposing the source details.

Email the privacy inbox or open chat from your account and tag the message as a data request. We verify identity against your account, then send the export within the statutory window for your region.

Yes, at any time. Open your account panel, toggle the marketing preferences off, and the change applies immediately. Closing marketing consent does not close your account or affect the lobby.

Audit and anti-fraud records are held for the period required by the rules that apply to your residency. Once that window expires, the records are purged on the next scheduled run.

Inside infrastructure located in supported regions, with access restricted to staff who need it for their role. Transfers outside the home region happen only where local law permits and under appropriate safeguards.

Escalate through the complaints path linked above. If the internal review doesn't resolve the matter, you may take it to the data-protection authority that covers your residency under the applicable rules.