LEGAL REFERENCE

How We Handle Your Account Data

This is the apitoto privacy policy — written in plain language so you know exactly what we store when you open an account, browse our slot rooms, or...

Plain-Language PolicyIndonesia-FocusedAccount DataWallet ReferencesYour Choices
Browse the Lobby Read FAQ
apitoto How We Handle Your Account Data

Our Privacy Posture in Detail

We process your personal data where local law permits and only for the reasons spelled out here: opening your account, verifying it, processing wallet references for DANA, OVO, GoPay and QRIS, and keeping the lobby secure. We hold records for the period our supported regions require, then we remove them. You can ask us what we hold, ask us to correct it,

or withdraw consent for non-essential processing. Marketing messages stay opt-in. Third parties — payment partners, game studios, fraud-screening vendors — only see the fields they strictly need. Nothing about your activity is sold.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

Privacy Contact Paths

Privacy Inbox Email our privacy desk for data-access requests, correction...
Live Chat Open the chat widget from any apitoto page...
In-Account Form Sign in and head to settings to file...
WHY THIS PLATFORM

Editorial Trust Signals

Reviewed Quarterly

Our privacy team revisits this document every quarter so wording matches how the lobby, sportsbook and wallet flows actually behave. Material edits get flagged at the top.

Named Owner

A named data-protection lead owns this policy end-to-end. You're not writing into a void — requests land on a person, not a shared mailbox queue.

Vendor Register

We keep an internal register of every processor touching your data, from payment partners to studio analytics. Anything new gets vetted before it goes near your account.

Minimal Collection

We ask for the fields needed to run your account and meet local rules — nothing speculative. If a form field isn't justified, it doesn't make it into production.

Encrypted in Transit

Traffic between you and apitoto stays encrypted, and sensitive fields are encrypted at rest too. Our security team audits the key handling on a fixed rotation.

Clear Retention

Each data category has a defined retention window. Once that window closes and no legal hold applies, records get purged from active systems automatically.

Consistency Across Our Policy Pages

Terms of ServiceOur terms page covers the contract side of using apitoto. This privacy policy sits alongside it and uses the same definitions, so wording stays aligned across both documents.
Cookie NoticeCookies sit in their own notice with granular toggles. This policy references that notice when describing analytics and session storage so you only read each topic once.
KYC PolicyVerification steps live in the KYC page. Here we describe what data those checks produce and how long we retain the resulting records on your account file.
AML StatementAnti-money-laundering obligations sometimes extend retention windows. The AML statement spells out which categories that affects, and this policy points to it rather than duplicating text.
Payments PageDANA, OVO, GoPay and QRIS flows are described operationally on the payments page. This policy only covers the personal-data footprint those flows leave behind.
Promo TermsPromotional offer terms reuse the same consent definitions you'll see here, so opting out of marketing in your settings carries through to campaign eligibility checks.
Complaint PathIf a privacy answer doesn't satisfy you, our complaints page sets out the escalation route. The wording mirrors the timelines we commit to in this document.
QUICK SIGNAL

What Shapes This Policy Page

01
Last Updated Stamp A visible date sits at the top so you know which version you're reading. Older versions stay archived if you need to compare changes against a previous account interaction.
02
Section Anchors Jump links along the side let you skip to data categories, retention, or your rights without scrolling the full document. Each anchor matches the heading wording exactly.
03
Plain-English Summaries Every formal clause carries a short summary in everyday wording. You can read the legal version, the summary, or both — whichever helps you understand it faster.
04
Your Rights Block A dedicated block lists access, correction, deletion, portability and objection rights with the exact next step for each. No hunting through paragraphs to find what to do.
05
Change Log A short change log near the footer shows what moved between versions. Substantive edits to retention or sharing get called out explicitly rather than buried.
06
Contact Strip The privacy contact strip repeats at the foot of the page so you don't scroll back up. Email, chat handle and in-account form sit together in one place.

Privacy Questions We Hear Often

We take your name, date of birth, contact details and the wallet handle you'll fund from — DANA, OVO, GoPay or QRIS. Verification documents come next, and lobby activity is logged afterwards.

Active account data stays while your account is open. After closure, we retain identifiers and transaction history for the period our supported regions require, then purge them from live systems on a fixed schedule.

Yes. File a request through the in-account form or email the privacy inbox. We verify it's you, then send a structured export covering the categories listed in this policy within our published window.

Only with processors that need it — payment partners handling DANA, OVO, GoPay and QRIS, game studios powering the lobby, and fraud-screening vendors. Each one sees the minimum fields required for their specific task.

Toggle the marketing preference inside your account settings. The change applies immediately to email and push, and we honour it across any campaign segmentation we run for Indonesia accounts going forward.

We store references and the masked identifiers needed to reconcile your deposits and withdrawals. Full wallet credentials stay with DANA, OVO, GoPay or QRIS — we never see or hold them ourselves.

Reach our privacy lead via the inbox or live chat. If the response doesn't resolve it, the complaints page sets out the escalation path and the timelines we commit to at each stage.