botaktoto Platform Privacy Notice

This page describes what we collect when you use botaktoto and how we keep that data protected. We understand that privacy matters, especially when you're sharing payment information, identity documents, and gaming activity. Our approach is straightforward: we collect only what we need to operate our platform securely, we store it safely, and we do not sell it to third parties. We comply with Indonesian data protection standards and international best practices.

When you sign up for botaktoto, we collect your email, phone number, government-issued ID, and proof of address. When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, or bank transfer (e-wallet, mobile banking, local payment, online payment), we receive transaction records from payment processors. When you play slots (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways), join live-dealer tables (blackjack, roulette, baccarat, dragon tiger), or place sportsbook bets (Liga 1, Piala Indonesia, Piala AFF, Champions League, Mobile Legends, Free Fire), we log your activity for account reconciliation and dispute resolution.

This notice explains what data we collect, why, who has access to it, and how long we keep it. We update this notice periodically; we notify you of material changes via email and in-app alerts. Your continued use of botaktoto after such notification constitutes acceptance of the updated policy.

What Data We Collect on botaktoto

We at botaktoto collect the following data when you create an account: your full name, email address, phone number, date of birth, and country of residence. We collect this via the sign-up form and verify it through email confirmation and SMS verification codes. We store all of this in our user database, encrypted at rest.

For identity verification (KYC), we collect government-issued ID documents (passport, national ID, driver's license) as image files, a recent selfie, and proof of address (utility bill, bank statement, or lease agreement). We do not store these documents indefinitely; after verification completes, we retain them for 90 days, then securely delete the image files while keeping a verification flag in your account record. This protects you by preventing re-verification on future withdrawals.

When you deposit or withdraw, we collect transaction details: payment method, amount, timestamp, and your external account identifier (bank account number, e-wallet account). Payment processors (e.g., Stripe for QRIS, payment gateway partners for e-wallet/mobile banking/local payment/online payment) handle the actual payment processing; we receive only the transaction result (success/failure) and settlement notification. We do not store full card numbers or e-wallet credentials; those are handled directly by certified payment providers.

When you play on botaktoto, we log: game type (slot name, table name), bet amount, outcome, timestamp, and your balance before and after. This data is stored in our game-activity database, associated with your account ID. We use it to calculate your account balance, process withdrawals, and investigate disputes. We do not use it to track your behaviour for marketing purposes or sell it to analytics companies.

Cookies and tracking: We use first-party cookies to remember your login session and language preference. We do not use third-party advertising cookies or cross-site tracking. Your botaktoto session is tied to your browser only; clearing cookies logs you out.

How We Use Your Data on botaktoto

We use your account data (name, email, phone) to: send you transaction confirmations, notify you of withdrawals, reset your password if you request it, and communicate important platform updates. We do not send marketing emails or promotional offers unless you explicitly opt-in.

We use your payment data to: process deposits and withdrawals, prevent duplicate withdrawals, detect fraud (e.g., withdrawals to different bank accounts in rapid succession), and comply with anti-money-laundering (AML) and know-your-customer (KYC) regulations. If we detect unusual withdrawal patterns, we may contact you to verify the request. This is standard financial compliance, not an accusation.

We use your gaming and betting data to: calculate your account balance, settle market outcomes, log game history for dispute resolution, and audit fair play (e.g., if you claim a game was unfair, we pull the exact game state and RNG output to verify). We do not use this data to build player profiles, predict future behaviour, or feed it into machine-learning systems for targeting.

Who Has Access to Your Data on botaktoto

Within our organization, your data is accessible to: our customer support team (to handle account and payment questions), our compliance team (to review KYC documents and detect AML red flags), our accounting team (to reconcile transactions), and our technical team (to resolve platform issues). All staff sign confidentiality agreements and access data only as needed for their roles.

We share data with third parties only when necessary: payment processors receive transaction details to process your deposit or withdrawal; our hosting provider (cloud infrastructure in Jakarta and Singapore data centers) sees encrypted data and logs; and our automated AML screening service scans your name and address against sanctions lists monthly. We do not sell your data to marketers, data brokers, or other platforms.

We may disclose your data to law enforcement, courts, or Indonesian financial authorities if compelled by legal process (court order, subpoena, AML investigation). In such cases, we notify you of the disclosure unless legally prohibited from doing so.

Data servers: We at botaktoto store encrypted data on servers in Jakarta and Singapore. These are certified data centres with 24/7 physical security, backup power, and redundant networks.
Encryption in transit: All communication between your device and our servers uses TLS 1.2 or higher. Your password, payment data, and identity documents are encrypted before transmission.
Encryption at rest: Data stored on our servers is encrypted using AES-256. Only authorized staff with decryption keys can access plaintext data.

Your Rights Regarding Your Data on botaktoto

Under Indonesian data protection standards, you have the right to: request a copy of all personal data we hold about you; request deletion of non-essential data (e.g., old identity documents after verification completes); update your email, phone, or address; and withdraw consent for processing that is not required for core platform operation.

To exercise these rights, contact our privacy team via in-app chat or email (privacy contact details are in the footer of this page). We respond to data access requests within 14 days. We respond to deletion requests within 30 days, subject to legal holds (e.g., if your data is needed for an ongoing dispute or regulatory audit). We do not charge for these requests.

You cannot request deletion of gaming and transaction history, as that data is essential for account reconciliation, tax purposes, and AML compliance. However, we delete identity documents (image files) after 90 days of successful verification, keeping only a verification flag in your account.

Data Retention and Deletion on botaktoto

We retain your account data (name, email, phone, address) for seven years after account closure. This complies with Indonesian financial record-keeping regulations. We retain gaming and transaction logs for seven years. We retain identity documents (image files) for 90 days, then delete them permanently. If your account is flagged for AML review, we retain all related data for an additional three years as required by financial regulators.

If you request account deletion before that period, we anonymize your data: we remove your name, email, and phone, and replace them with a random ID. We retain the anonymized account and transaction history for record-keeping purposes, but it is no longer linked to you personally. Any future inquiry about that account cannot identify you by name.

Our botaktoto Security Practices

We invest in security measures to protect your data from unauthorized access, alteration, or disclosure. These include: two-factor authentication (2FA) on your account (SMS or authenticator app); automatic session logout after subject to verification of inactivity; monitoring for unusual login patterns (e.g., logins from multiple countries within minutes); and regular security audits by external penetration-testing firms.

We do not store your password in plain text. We hash it using bcrypt with a random salt, so even if our database is compromised, attackers cannot reverse-engineer your password. We rotate encryption keys annually and maintain offline backups of critical data.

No security system is perfect. If we detect a breach affecting your account, we notify you immediately via email and offer a free password reset and account review. If your payment information is compromised, we notify you and payment processors so they can issue replacement cards or account credentials.

Summary: Your Privacy on botaktoto

We at botaktoto collect only the data needed to operate our platform, process payments, and comply with regulations. We store it securely, do not sell it, and grant access only to staff who need it. You have the right to access, update, or delete your data (subject to legal holds). We retain transaction data for seven years as required by Indonesian law. Our security practices—encryption, 2FA, monitoring—protect your data from unauthorized access.

If you have questions about how we use your data, how long we keep it, or how to exercise your privacy rights, contact our privacy team. We respond to requests within 14–30 days. Your data is yours; we treat it accordingly.

This privacy notice is effective as of the date listed in the footer of this page. We update it periodically as our practices evolve or regulations change. We notify you of material changes via email and in-app alerts. Continued use of botaktoto after such notification constitutes acceptance of the updated policy.