A privacy policy written to explain what is actually needed for the service to work

1. Information that may be processed

LeuwongRR may process information a customer knowingly submits through the website, such as an active email address, order details, invoice numbers, names required by a form, manual-payment proof where applicable, and support messages sent to request help. For member accounts, registration information and login-related data may also be processed so the customer can access account features properly.

In addition to data entered directly, the system may record technical information reasonably needed for security and service stability. This may include login time, IP address, browser/device signals visible through user-agent information, active sessions, or security-history records used to identify unusual access patterns. These records are used for service safety and case investigation, not for building unrelated personal profiles.

Transaction data and security data serve different purposes

Transaction data helps the order and invoice flow work. Security-related data helps identify access patterns, support session control, or investigate suspicious activity. Keeping those purposes distinct is important for proportionate handling.

2. Why information is used

Information may be used to create invoices, display transaction status, send service-related notifications where available, review manual-payment submissions, answer support requests, prevent abuse, and preserve a traceable service history when a case needs follow-up. Transactional communication should stay connected to the service context and should not be treated as permission for unrelated messaging.

LeuwongRR’s wording around privacy is intentionally careful. The policy explains what the service may need to operate responsibly without making broader legal or compliance claims that cannot be established solely from a public webpage.

Practical data principles

• Request information that has a service purpose.
• Avoid form fields that do not clearly support a real flow.
• Use data in a way that remains connected to transactions, safety, or support.
• Keep a support route available when customers need clarification.

3. Digital account safety

Where available, LeuwongRR may provide security features such as OTP flows, authenticator-based verification, session/device awareness, and options to end sessions on other devices. These layers can reduce risk, but security also depends on how customers handle their own credentials. Reusing passwords, forwarding OTPs, or exposing authenticator details to unknown parties remains unsafe.

LeuwongRR does not need a customer’s password to process a support request. If verification is required, the relevant information should be limited to reasonable transaction or account context, such as an invoice number, an associated email, or other details necessary to identify the correct case. Passwords, OTPs, authenticator secrets, recovery codes, and 2FA QR images should not be sent.

Technical sessions and cookies

The website may use technical sessions or cookies so login, form protection, language handling, and basic navigation work correctly. This is different from collecting information without a service purpose. Browser-stored interface preferences, where available, exist to keep the page experience consistent on the same device.

4. Supporting providers and lawful requests

LeuwongRR may rely on supporting infrastructure such as transaction email delivery, website security tools, or payment routes shown by the service. Any sharing or transfer of information should remain limited to what is needed for that operational purpose. The existence of a technical provider should not become an excuse to distribute customer information more widely than necessary.

In limited situations, information may need to be reviewed because of a valid legal request, a formal requirement that applies to the service, or a need to protect system security and account ownership. LeuwongRR aims to handle such situations proportionately and with attention to the nature of the request.

Regulatory context without overstatement

This policy is written with awareness that privacy and electronic-system governance are regulated matters in Indonesia and may interact with broader cross-border service expectations. The wording is therefore intentionally cautious: it explains service practice without pretending that every legal scenario has been exhaustively resolved in a public policy page.

5. Customer questions and policy updates

Customers may contact support to ask about transaction-related data, request correction of information that appears inaccurate, or raise privacy questions connected to an account or invoice. Requests should be reviewed with attention to ownership verification, security risk, and operational records still needed to complete a service process.

Some records may need to remain available while a transaction is active, a support matter is unresolved, a security issue is being assessed, or a dispute requires a traceable history. The aim is not to keep information indefinitely without reason, but to preserve what is reasonably needed for responsible service handling.

Updates to this policy

If features, forms, or operational flows change, this Privacy Policy may be updated so the wording keeps pace with the service. The latest version displayed on the website becomes the working reference. LeuwongRR aims to maintain a style that remains clear enough for customers to understand without having to interpret abstract policy language.