How ultra138 Handles Your Account Data
This is the ultra138 privacy policy in plain language. We explain what we collect when you open an account, why we store it, and how long it stays...
Our Privacy Posture and Your Rights
We collect the details you give us at sign-up — your name, contact, date of birth and the e-wallet handle you nominate for cashier flow — plus the device and session data your browser sends when you load the lobby. We store this where local law permits and only for as long as your account is active or regulators require. You can
ask us to export your file, correct a field, or close your account at any time, and we'll respond within the windows set by Indonesian data protection norms. Third-party processors used for cashier reconciliation see only the fields they need.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
Privacy Contact Paths
If you have a question about your data, these are the channels that route straight to the privacy desk rather than general support. Use the one that matches your case so the team can pull your file faster.
Privacy Inbox
Email the privacy desk directly for export requests, correction notices or account closure under our policy. We acknowledge within one business day and resolve standard requests inside the statutory window.
Live Chat Escalation
Open chat from your account page and ask for the privacy team. The agent will tag your ticket and route it past general queues so a data officer picks it up the same session where possible.
Written Notice
For formal complaints or regulator-referenced requests, send a written notice through the address listed in your account footer. We log receipt and reply with a case reference you can track.
How We Keep This Policy Honest
Our privacy text isn't a template we copied. These are the editorial checks behind every clause on this page.
Legal Review
Each clause is reviewed by counsel familiar with Indonesian data protection rules before it goes live, and again whenever cashier partners, log retention windows or account verification steps change on our side.
Version History
We keep a dated version history of this policy so you can see what changed and when. Material edits trigger a notice on your next login rather than a silent swap.
Scoped Access
Only staff with a documented reason can read your account file. Cashier, KYC and support each see a different slice, and access events are logged for internal audit.
Processor List
We maintain an internal register of the processors that touch your data — payments, anti-fraud, messaging — and review it quarterly so nothing leaks into vendors we no longer use.
Encryption At Rest
Account records and cashier identifiers are encrypted at rest. Session tokens rotate, and password hashes use modern algorithms so a leaked snapshot doesn't expose usable credentials to anyone.
Breach Protocol
If something goes wrong we tell you. Our breach protocol sets notification windows, the wording of the user notice, and the regulator contact path so the response isn't improvised under pressure.
Consistency Across Our Legal Pages
This policy lines up with the other legal pages on ultra138. Here's how they connect so you don't have to read all of them to find one answer.
| Terms of Service | Defines the account contract. The privacy policy explains what data that contract lets us collect; the terms explain what behaviour the account itself permits. |
|---|---|
| Cookie Notice | Covers browser-side storage specifically. This privacy policy points to it for cookie categories rather than duplicating the table here, keeping each page focused on one topic. |
| KYC Policy | Lists the documents we ask for at verification. This privacy page explains how long those documents are kept and who inside the company can look at them. |
| Cashier Disclosures | Covers e-wallet handling at the transaction layer. Privacy explains the personal-data side; cashier disclosures explain the money-movement side. |
| Account Closure | Describes the closure flow. Privacy explains what data survives closure for regulatory reasons and what is deleted on the standard timeline. |
| Complaints Path | Sets the escalation ladder. Privacy complaints follow the same ladder but with a data officer attached at each rung. |
| Marketing Preferences | Lives in your account settings. Privacy policy explains the lawful basis we rely on and how withdrawing consent flows back into our messaging systems. |
What Shapes This Policy Page
These are the building blocks you'll notice as you read down the policy — not the cashier methods, but the structural elements that make this page usable.