LEGAL REFERENCE

How We Handle Your Account Data

This is the airasia4d privacy policy — the page that tells you, in plain English, what we collect when you open an account, why we collect it, and...

Data we collectWhy we collect itRetention windowsYour access rightsIndonesia-friendly
airasia4d How We Handle Your Account Data

Privacy Posture & Jurisdiction Notes

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Contact Paths

If you have a privacy question, here's how to reach the team that handles it. Each channel below routes directly to our data desk — not the general lobby support queue — so your request gets logged against the right ticket type and answered by someone trained on the policy.

Team online

Privacy Inbox

Email our data desk for access, correction or deletion requests. We acknowledge inside one business day and resolve standard requests within the window your jurisdiction prescribes for personal data handling.

Live Chat Escalation

Open chat from any lobby page and ask for the privacy team. The agent flags your session, attaches your account reference, and routes the thread to a data handler rather than general support.

Written Notice

Prefer paper? Send a signed written notice to our registered correspondence address. Include your account email so we can match the request without asking for extra identity documents you didn't expect.

REVIEW SIGNALS

How We Keep This Policy Honest

A privacy policy only matters if someone reviews it. Here's the editorial work behind this page so you know it isn't a copy-paste job sitting untouched for years.

Quarterly Review

Our compliance team reads the full policy every quarter against current Indonesia data rules. If anything in the lobby flow changes how data moves, the wording on this page updates before the feature ships.

Plain-English Edit

Every clause goes through a plain-English pass. If a sentence needs a lawyer to decode, we rewrite it. You shouldn't need a glossary to understand what we keep against your account.

Version History

We keep dated versions of this policy on file. If you signed up under an older version and want to compare, the data desk can send you the exact text that applied on your registration date.

Processor Audits

The third parties that touch your data — payment rails, hosting, fraud screening — are audited annually. We drop processors that can't show current certifications, and we note material changes in this policy.

Incident Disclosure

If something goes wrong, you hear from us. We commit to notifying affected accounts inside the window Indonesia rules require, with a clear description of what happened and what you should do next.

Independent Review

External counsel reviews the policy annually. Their notes go to our compliance lead, and material recommendations land in the next published version rather than sitting in a drawer until renewal.

Consistency Across Our Policy Pages

This privacy policy lines up with the other legal pages on airasia4d. Here's how the wording stays consistent so you don't get conflicting answers depending on which page...

Terms of Service
Account rules referenced in our terms point back to this privacy page for any data-handling specifics, so the two documents never contradict each other on retention or sharing.
Cookie Notice
Cookie categories listed on the cookie page map one-to-one with the device signal section here. Same names, same retention windows, same opt-out paths.
KYC Notice
Identity documents collected for verification are described here under retention. The KYC page covers the operational steps; this page covers what happens to the files afterwards.
Marketing Preferences
Opt-in and opt-out choices set on the preferences page are honoured under the consent clause here. Withdraw consent there and this policy treats it as a deletion trigger for marketing data.
Complaint Procedure
Privacy complaints follow the same escalation ladder published on our complaints page, with the data desk as first contact and external counsel referenced as a final step.
Account Closure
Closing your account triggers the retention schedule on this page. The closure page tells you how to request it; this page tells you what we keep and for how long afterwards.
Regional Notices
Where supported regions impose stricter rules than the baseline, the regional addendum overrides this page for those readers. The hierarchy is stated identically on every legal document.
AT A GLANCE

What This Policy Page Covers

Rather than a wall of legal text, we've organised the policy around the questions you'd actually ask. Here's what each block on this page is for, so you can jump to the part you...

01
Data Categories A clear list of what we collect: identity fields at signup, device and session signals during browsing, and transaction references when funds move. Nothing collected outside these categories without a separate consent prompt.
02
Purpose Mapping Each data category is tied to a specific purpose — account security, lobby personalisation, fraud screening, regulatory reporting. If we can't name a purpose, we don't collect the field in the first place.
03
Retention Windows Concrete timeframes for how long each category stays on file. Identity records follow regulatory minimums; session logs roll off on shorter cycles; marketing data clears the moment you withdraw consent.
04
Your Rights Panel A summary of access, correction, deletion and portability rights you can exercise, plus the channel to use for each. We don't bury these behind a maze of forms.
05
Sharing Map The processors who see your data, what they see, and why. Payment rails get transaction references, fraud screening gets device signals, hosting gets encrypted blobs — and that's the whole list.
06
Update Trail How we notify you when the policy changes. Material changes trigger an account-level notice; minor edits get logged in the version history so you can audit the difference yourself.

Privacy Policy Questions

At signup we take your name, email, phone and date of birth to verify identity under Indonesia rules. After that, we log device and session signals while you browse, plus transaction references when you fund the account through DANA, OVO, GoPay or QRIS.

No. We share data only with processors we need to run the platform — payment rails, hosting, fraud screening — and each one operates under a contract that forbids onward sale. Selling your details to advertisers or data brokers is not part of our model.

Identity records follow the retention minimums Indonesia regulators set, typically several years after account closure. Session logs roll off on shorter cycles measured in months. Marketing data clears the moment you withdraw consent through the preferences page or the privacy inbox.

Yes. Email the privacy inbox from your registered address and ask for a data access export. We'll send a structured file covering identity, transaction references and consent history within the window your jurisdiction prescribes for access requests.

Start the closure on the account page or write to the privacy inbox. Once the regulatory retention window passes for records we're required to keep, the remainder is deleted. We confirm completion in writing so you have a record.

Material changes trigger a notice on your account before they take effect, giving you time to review or close the account. Minor edits — wording clarifications, formatting — are logged in the version history rather than pushed as alerts.

If our data desk hasn't resolved your concern, the complaints page lists the escalation ladder, ending with the relevant Indonesia data protection authority. We'll cooperate fully with any regulatory inquiry and share the case file you need.