Check out the guide to ensure the registration of your payment gateway #LancarDenganMidtrans

See here close

Terms and Privacy

Midtrans cares about the confidentiality of our service
users, both online business owners or customers.

Privacy Policy

This Privacy Policy explains how PT Midtrans (“Midtrans”, “we”, “us”, or “our” ) electronically collects, uses, discloses, sends, stores, processes, controls, transfers, discloses, and protects your personal information as a Merchant or cardholder or digital payment user (consumer) (“you” or “your”). This Privacy Policy applies to all users of our services, products, services, applications and website ( (“Services”), unless regulated by a separate privacy policy.
Please read this Privacy Policy carefully to ensure that you understand how we process the data. Unless defined otherwise, all capitalized terms used in this Privacy Policy have the same meaning as those stated in the Terms and Conditions.
This Privacy Policy covers the following matters:

1. Collection of Personal Information

We collect identifying information or information that can be used to identify, contact, or locate the person or device associated with that information ("Personal Information"). We may collect the information in various forms and purposes (including permitted purposes under applicable laws and regulations).


1.1 Collection of Merchant Personal Information

  • general information, such as name, office address, e-mail address and Merchant’s phone number
  • additional information, such as official name of the business or company registered by Merchant, identity card (KTP) from the Board of Directors (if it is a business entity) or KTP of the owner (if it is not a business entity), Merchant’s corporate documents, type of Merchant business, Merchant’s website, Merchant’s business license, Taxpayer Identification Number (NPWP), as well as Merchant's bank account data if needed; and or
  • information regarding Merchant’s internet transactions, including but not limited to the amount of the transaction value made on our site, after Merchant is successfully connected to our system.

1.2 Collection of Consumer Personal Information

We will collect Personal Information of Consumer (Cardholders and/or Electronic Money Users) (“Consumers”) when the Consumer registers or uses our services related to the purchase of goods and/or services sold/offered by the Merchant. Consumer Personal Information that we collect including, but not limited to:

1.      information related to ordering or purchasing goods and/or services according to specifications and information required in the implementation of payment process;
2.   card type, Cardholder name, card number, validity period and service code of the card used to make payment;
3.   type of electronic money, Username of Electronic Money and phone number of Electronic Money User; and
4.   information related to Consumer’s internet transactions, such as: billing address, delivery address, phone number, e-mail and Consumer’s IP address.

We may collect the information in various forms and purposes (including permitted purposes under applicable laws and regulations).

1.3 Collection of Personal Information whenever you use the application or visit our website:

  • Every time you use the application or visit our website, we may collect certain technical data in relation to your usage such as internet protocol addresses, activities on our web pages, (including but not limited to web page information previously or subsequently viewed), duration of each visit/session, internet device identity or media access control address, and information about the manufacturer, model and operating system of the device you use to access our application or website.
  • When you use the application or visit our website, certain information may also be collected automatically using cookies. Cookies are small data files stored on your computer or mobile device. We use cookies to track user activity in order to improve the user interface and experience. Most mobile devices and internet browsers support the use of cookies; however, you can adjust the settings on your mobile device or internet browser to refuse certain types of cookies or specific cookies. Your mobile device and/or browser also allows you to delete any cookies that have been previously stored. However, doing so may affect the functions available on our application or website.
  • Every time you use the Service via a mobile device, we will track and collect your geographic location information in real time. In some cases, you will be asked or required to activate the Global Positioning System (GPS) on your mobile device to enable us to provide you with a better experience using the Service (for example, to provide information about how close the service provider is to you). You can temporarily disable geographic location tracking information on your mobile device. However, this may affect the available functions of the Service.
  • If you use and/or when payments or transfers are made through electronic money facilities and/or electronic wallets provided by us, we may collect certain information related to the source of funds that you use to top up (including bank account details), details beneficiary's account, transaction history (including beneficiary details), billing details, invoices, and phone numbers.
  • If you use a virtual account provided by us to receive payments using electronic money and/or electronic wallets from payers, whether you are a service provider or a merchant, we may collect certain information related to your usage including but not limited to services and/or goods transacted, the amount you collect from each transaction, details of your withdrawal or payment settlement account and history of withdrawals or settlement of payments.
  • If you use and/or when a payment is made via a payment card or account that you add to the application, we may collect certain information related to transaction records, including details of recipients, details of bills, details of receipts, and details of phone numbers.

1.4 Information collected from third parties

We may also collect your Personal Information from third parties (including affiliates, agents, vendors, suppliers, contractors, partners and other parties who provide services to us, collect Personal Data and/or perform tasks on our behalf, or with whom we perform cooperation). In such cases, we will only collect your Personal Information for or in connection with the purpose that involves the third party or the purpose of our cooperation with the third party (depending on the situation). Particularly when you register a payment card or account through our application and/or website, and/or our page, and/or access, add and/or connect your payment card or account on our application and/or website, and/or our pages, we may collect certain financial information and your financial records (including but not limited to transaction records, details and placement of your payment card or account, and/or status and country of your payment card or account) from the issuer of the payment credentials or from other third parties.

2. Use of Personal Information

We may use the collected Personal Information for the following purposes as well as for other purposes as permitted by applicable laws and regulations ("Purpose"):

2.1 Use of Personal Merchant Information

The registration process for Merchant that we carry out is in accordance with the applicable law and based on the applicable regulations to us including but not limited to Bank Indonesia regulations relating to our business activities, policies from the acquirers and policies from the Electronic Money Issuers.

If you are a Merchant, we may use your Personal Information:

  • to provide the services you have requested, including to communicate and send information in connection with transactions made using our services;
  • to identify and register you as Merchant and to administer, verify, deactivate, or manage your account;
  • to carry out the validation and verification process of Merchant data as an official business entity before we register you as Merchant, including for the Know Your Customer (KYC) process;
  • to notify you of all changes and updates to the Services that we provide; to process and respond to questions and suggestions received from you or other parties;
  • to process and respond to questions and suggestions received from you or other parties;
  • for the purposes of product development, customer service and improving the quality of the Services that we provide;
  • specifically related to Merchant's bank account data which will be used solely for the payment of Merchant’s transaction bills purposes that occur in connection with our services;
  • to monitor the amount and pattern of transactions;
  • for administrative purposes as well as for the purposes of preventing and the enforcement for fraud prevention; and
  • to send direct or focused marketing communications, surveys, and information, and information about special offers regarding our Services and our affiliates/ partners.

2.2 Use of Consumer Personal Information

If you are a Consumer, we can use your personal information:

  • to communicate and send information in connection with the transactions that conducted using our Services;
  • to identify as Consumer and to administer and/or verify your account;
  • to implement the validation and verification data processes prior to completion of the internet transactions which conducted by you;
  • for the purpose of internet transactions in monitoring the validity of transactions using fraud prevention techniques;
  • to improve the quality of our service;
  • to inform you of transactions or activities that occur in the application or other systems connected with our application;
  • to process and respond to questions and suggestions received from you;
  • to maintain, develop, test, improve and personalize the application to meet your needs and preferences as a user;
  • to monitor and analyse user’s activity, behaviour and demographic data including the habit and usage of various services available on the application;
  • to enable us to comply with all the obligations under applicable laws and regulations, (but not limited to responding to requests, investigations or regulatory orders) and to carry out audit checks, due diligence and investigations; and
  • to safeguard and protect Consumer from fraud attempts by fraudsters, using fraud prevention techniques.


Whether you are a Merchant or Consumer or party who provides Personal Information to us, we may also use your Personal Information generally for the following purposes (although in certain cases we will act fairly and not using your Personal Information more than what is required for such purpose):

  • to perform related business processes and functions;
  • to monitor the use of applications and Service and manage, support and improve the efficiency of performance, development, user experience and our services;
  • to provide assistance in connection with and to resolve technical difficulties or operational problems with our Services;
  • to generate anonymous statistical information and analytical data for testing, research, analysis, product development, commercial partnerships and collaborative purposes;
  • to prevent, detect and investigate any prohibited, illegal, illegal or fraudulent activities;
  • to facilitate business asset transactions (which can be in the form of mergers, acquisitions, or asset sales) involving us and/or our affiliates; and
  • to enable us to comply with all obligations under applicable laws and regulations, (but not limited to responding to requests, investigations, or regulatory directives) and conduct audit checks, due diligence and investigations.

3. Disclosure of Personal Information

We may disclose or share your Personal Information with our affiliates and other parties for the following purposes and for other purposes permitted by
applicable laws and regulations:


  • if you are a consumer, to allow us to provide Service to Merchant or allow Merchant to perform or provide services to you;
  • if you are a Merchant, to allow Consumer to receive services from you;
  • if you are a Merchant, in accordance with all the verification processes that we think are necessary before we register you as Merchant;
  • if required or authorized by applicable laws and regulations (including but not limited to responding to inquiries from government bodies or authorities regarding regulations, investigations or guidelines, or complying with statutory filing and reporting requirements or conditions), for specified purposes in the prevailing laws and regulations;
  • in an emergency situation for the purpose of dealing with such emergency;
  • in situations related to public interest, we may share your Personal Information to government authorities and/or other institutions that can be designated by the government authorities or have cooperation with us, for the purpose of contact tracing, supporting government initiatives, policies or programs, and other purposes as reasonably required;
  • if instructed, requested, required or permitted by the authorized government, for the purposes stated in the government policy, regulations or applicable laws and regulations.


We will not disseminate and/or sell your Personal Information to other parties or companies that are not affiliated with us, except for the provision of products and services that you request.


When a Personal Information is not related to you, we will make reasonable efforts to erase the associated Personal Information with you as an individual before disclosing or sharing such information.


Other than as stated in this Privacy Policy, we may disclose and share your Personal Information if we notify you and we have obtained your consent for the disclosure or sharing.

Storage of Personal Information

Your Personal Information will only be stored as long as it is necessary to fulfil the purposes of its collection, or as long as such storage is required or permitted by applicable laws and regulations. We will stop storing such Personal Information, or delete the intention of associating such Personal Information with you as a Merchant or Consumer, as soon as the purpose of the collection of the Personal Information is no longer required to store such Personal Information and a storage is no longer necessary for business or legal purposes.
Please note that there is still a possibility that some of your Personal Information is stored by other parties including government institutions in certain ways. In the event that we share your Personal Information with authorized government institutions and/or other institutions that can be appointed by the authorized government or have a collaboration with us, you agree and acknowledge that the storage of your Personal Information by the related institutions will follow their respective data retention policies.


Subject to applicable laws and regulations, you can ask us to access, correct and update your Personal Information, which is in our control, by contacting us in the details provided in Point 13 of this Privacy Policy.


We reserve the right to refuse your request to correct some or all your Personal Information that we own or control as permitted or required under applicable laws. This includes circumstances where the Personal Information may contain references to others or where requests for access or requests for correction are for reason that we consider irrelevant, not serious, or troublesome. On the other hand, we can delete Personal Information at our discretion, so you have to do the record yourself, and not rely on our storage of Personal Information or other data.


Personal information from you that we collect can be stored, transferred, or processed by third party service providers who have a legal relationship with us. We will use all reasonable efforts to ensure that all such third-party service providers provide a level of protection commensurate with our commitments under this Privacy Policy.


Your Personal Information may also be stored or processed outside of your country by parties working for us in other countries, or by third party service providers, vendors, suppliers, partners, contractors or our affiliates. In that case, we will ensure that Personal Information remains subject to a level of protection comparable to what is required in the laws of your country (and, in any case, in line with our commitments in this Privacy Policy).

Security and Protection of Personal Information

Confidentiality of your Personal Information is the most important thing for us. We will always provide reasonable and maximum security measures to protect and secure all your Personal Information which we collect online both through our application and site, from access, collection, use or disclosure by unauthorized people and from conflicting processing by law, accidental loss, extermination and damage or similar risk. All Personal Information that we collect will be protected and kept confidential, in accordance with the applicable law.
We hereby ensure that it complies with the requirements of the PCI-DSS and ISO 27001 standards, relating to card data and security, including protection, confidentiality and destruction of information. In addition, our site has used Advanced Encryption Standard (AES) 256 and Transport Layer Security (TLS) encryption for the protection of your information.
However, sending information over the internet is not completely secure. Although we will try our best to protect your Personal Information, you acknowledge that we cannot guarantee the integrity and accuracy of any Personal Information that you send over the internet, or guarantee that such Personal Information will not be intercepted, accessed, disclosed, altered or destroyed by unauthorized third parties, due to factors beyond our control. You are responsible for maintaining the confidentiality of your account details and the authentication code sent to your telephone number in connection with the transactions you make through our site, with anyone and must always maintain and be responsible for the security of the device you use.

Changes to the Privacy Policy

We may review and change this Privacy Policy at our sole discretion to ensure that this Privacy Policy is consistent with our future developments, and/or changes in legal or regulatory requirements from time to time. You agree that these changes will replace the previous Privacy Policy and apply retroactively. If we decide to change this Privacy Policy, we will notify you of these changes through a public notification published on the application and/or website, or to your e-mail address listed in your account.
You agree that you are responsible to review this Privacy Policy regularly for the latest information about our data processing and data protection practices, and that you continue to use our Services, communicate with us, or access and use the Service after any changes to the Privacy Policy, it will be considered as your consent to this Privacy Policy and any changes thereof. YOUR USE OF OUR SERVICES AFTER THE EFFECTIVE DATE OF ANY CHANGES TO THIS PRIVACY POLICY IS YOUR SIGN OF CONSENT TO THIS PRIVACY POLICY AND ANY CHANGES THEREOF.


By accessing our site, registering, and using our services, you acknowledge that you have read and understood this Privacy Policy and agree to all of its terms. In particular, you agree and give us your consent to collect, use, share, disclose, store, transfer, or process your Personal Information in accordance with this Privacy Policy.


In a situation where you provide us with Personal Information relating to another individual (such as Personal Information relating to your spouse, family member, friend, or other party), you represent and warrant that you have obtained the consent of that individual to, and hereby agree on behalf of that individual for, our collection, use, disclosure and processing of their Personal Information.


You can withdraw your consent for any or all collection, use or disclosure of your Personal Information by providing reasonable notice to us in writing, using the contact details as mentioned in Point 13 of this Privacy Policy. Depending on the circumstances and nature of the consent you withdraw, you shall understand and acknowledge that upon withdrawal of such consent, you may no longer be able to use the Service. Withdrawal of your consent may result in the termination of your account or your contractual relationship with us, with all rights and obligations arising out of full fulfilment. After receiving notification to withdraw consent for collection, use or disclosure of your Personal Information, we will inform you of the possible consequences of such withdrawal so that you can decide whether you want to withdraw your consent or not.

Marketing and Promotional Materials

We, our affiliates and/or our partners may send Merchant direct marketing, advertising and promotional communications through applications, messages via applications, post, phone calls, short message services (SMS), and email ("Marketing Materials") if Merchant agrees to receive such marketing and promotional materials from us. You can choose not to receive these marketing communications at any time by clicking the "unsubscribe" option in the respective message, or contact us via the contact details as stated below. Please note that if the Merchant chooses to opt-out, we may still send Merchant non-promotional messages, such as information about Merchant account.

Anonymous Data

We may create, use, license or disclose the available Personal Information, provided that, (i) all identifiable things have been deleted so that the data, either alone or in combination with other available data, cannot be linked with or associated with or cannot be identify as an individual or business entity, and (ii) similar data has been combined so that the original data forms part of a larger data set.

Third Party Platforms

Applications, websites and Marketing Materials may contain links to websites operated by third parties. We do not control or accept any responsibility for these websites and for the collection, use, maintenance, sharing or disclosure of data and information by such third parties. Please read the terms and conditions and privacy policies of these third-party websites to find out how they collect and use Personal Information.
The advertisements contained in our applications, websites, and marketing materials serve as links to advertisers' websites and thus all information they collect based on your clicks on those links will be collected and used by relevant advertisers in accordance with the advertiser's privacy policies.

How to Contact Us

This policy is part of and is complemented by the terms of use that we apply. If our site is in disruption or if there are other questions regarding this Privacy Policy or if you want to update your Personal Information, then you can contact us at our e-mail address as follows: