LEGAL REFERENCE

How We Handle Your Account Data

This is the totalwla privacy policy. We've written it the way we'd want to read it ourselves — short paragraphs, plain English, and direct answers about what we...

Account dataSession logsPayment metadataCookie controlsIndonesia-aligned
View Game Library Read FAQ
totalwla How We Handle Your Account Data

Our Privacy Posture, Plainly Stated

We collect what we need to run your account and nothing we don't. That means your sign-up details, the device you log in from, the games you open, and the payment references tied to DANA, OVO, GoPay or QRIS top-ups. We store this data on encrypted infrastructure and only share it with the licensing, payment and anti-fraud partners we're contractually bound to,

where local law permits. You can request a copy of your record, ask us to correct it, or close the account and have personal fields purged on the cycle our retention schedule sets. Marketing consent is opt-in only, and you can withdraw it from your account settings at any time without affecting your ability to keep using the lobby.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

PLAYER SUPPORT

Privacy Contact Paths

Privacy Inbox Email our privacy desk directly for data access...
Live Chat Escalation Open the chat widget from any lobby page...
Account Settings Panel Most consent toggles, marketing preferences and cookie choices...
EDITORIAL CLARITY

How This Policy Is Reviewed

Quarterly Legal Review

Our in-house legal team rereads this policy every quarter against current Indonesian data rules and our licensing obligations, then publishes the revision date at the foot of the page so you can see what shifted.

Plain-Language Audit

Before any update goes live we strip the legalese. If a clause can't be explained in two sentences to a new account holder, we rewrite it until it can, then route it back to counsel.

Vendor Whitelist

Every third party that touches your data sits on a whitelist we maintain internally. Payment processors, KYC partners and analytics tools are reviewed annually for their own privacy posture.

Encryption Standards

Account credentials, payment references and identity documents move over TLS in transit and rest on AES-encrypted storage. Keys rotate on a schedule our security team owns separately from product teams.

Breach Protocol

If something goes wrong we tell you. Our incident playbook commits to notifying affected account holders and the relevant authority within the timelines local law sets, with a clear summary of impact.

Retention Discipline

We don't hoard data. Inactive account fields are minimised on the schedule listed below, and transactional records are kept only as long as financial and licensing rules require, then purged.

Consistency Across Our Policy Pages

Privacy Policy
This page. Covers what we collect, why, how long we keep it and the rights you can exercise over your account record at any point.
Cookie Notice
Explains the session, preference and analytics cookies the lobby sets, and how the consent banner choices map to what actually loads in your browser.
Terms of Service
Sets the contract between you and totalwla. Privacy clauses there reference this page rather than restating them, so the two stay aligned.
KYC Statement
Details the identity checks we run before larger withdrawals. The data fields named there are the same ones listed in this privacy policy's collection section.
AML Posture
Describes the monitoring we apply to payment flows. Personal data used for that monitoring is governed by the retention rules written on this page.
Data Request Form
The structured form for access, correction and deletion requests. Submitting it triggers the same workflow our privacy inbox uses, with identical response windows.
Marketing Preferences
Lives inside your account settings. The consent states stored there are the legal basis we rely on for any promotional message we send to your inbox.
QUICK SIGNAL

What This Policy Page Actually Shows

Collection Summary A short table at the top of the policy lists...
Retention Schedule Each data category carries its own retention window. The schedule...
Your Rights Block A dedicated section spells out access, correction, deletion and portability...
Third-Party Index We name the categories of partners who receive data —...
Change Log Every revision is dated and summarised at the foot of...
Contact Footer The privacy desk email, ticket form and chat escalation path...

Privacy Policy Questions

Your name, contact details, date of birth and a payment reference tied to DANA, OVO, GoPay or QRIS. We also log device and session data so we can secure the account and meet our licensing duties.

Personal fields are minimised once closure completes. Transactional records stay only as long as financial and licensing rules require, then drop out on the retention schedule published inside this policy.

Yes. Email the privacy desk or use the data request form linked above. We confirm receipt within one business day and return your record inside the window the policy commits to.

No. We don't sell account data. Marketing partners only ever see aggregated, non-identifying signals, and any direct messaging we send relies on the consent toggle inside your own account settings.

Top-up references for DANA, OVO, GoPay and QRIS are tokenised through our payment partners. We store the reference needed to reconcile your balance, not the raw wallet credentials behind it.

Our incident playbook kicks in immediately. We notify affected account holders and the relevant Indonesian authority inside the timelines local law sets, with a plain summary of what was touched and the remediation steps.

Open account settings, find the marketing preferences block, and flip the toggle. The change applies straight away and won't affect your ability to keep using the lobby, sportsbook or live tables.