oltoto Casino & Sportsbook Data Care

This page describes what we collect when you use oltoto and how we keep that data protected. We collect your email, phone number, government ID, and payment method to verify your identity and process deposits and withdrawals. We encrypt all data in transit and at rest, and we do not share your information with third parties except as required by law.

Our privacy policy is straightforward: we collect only what we need, we keep it secure, and we respect your rights. You can request access to your data, correct inaccuracies, or ask us to delete your account. Read this page carefully to understand how we handle your information.

Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.

What Data We Collect on oltoto

We collect data in three categories: account information, transaction data, and activity logs. Account information includes your email address, phone number, password (hashed, never stored in plain text), and profile preferences. We collect this when you sign up and update it when you change your settings.

Transaction data includes your government ID (passport, national ID, or driver's license), proof of address (utility bill, bank statement, or rental agreement), and payment method details (e.g., your DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank account number). We collect this for Know Your Customer (KYC) verification and to process deposits and withdrawals.

Activity logs record every login, bet placed, withdrawal requested, and support ticket opened. We log the date, time, device type, IP address, and outcome of each action. This data helps us detect fraud, investigate disputes, and comply with anti-money-laundering regulations. We retain activity logs for a minimum of five years.

We Do Not Collect Sensitive Data Unnecessarily

We do not ask for your mother's maiden name, social security number, or other sensitive identifiers beyond what KYC requires. We do not track your location unless you enable location services on your device.

How We Use Your Data

We use your data for five purposes: account verification, transaction processing, fraud prevention, legal compliance, and customer support. We verify your identity using your government ID and proof of address before your first withdrawal. We process deposits and withdrawals using your payment method details. We detect fraud by comparing your activity against known patterns and flagging unusual behaviour.

We comply with anti-money-laundering (AML) and know-your-customer (KYC) regulations by retaining your documents and activity logs. We respond to support requests by reviewing your account history and transaction records. We do not use your data for marketing, profiling, or selling to third parties.

Account holders across Jakarta, Surabaya, Bandung, Medan, and Semarang may experience different data retention timelines based on local regulations. We comply with the strictest applicable standard in each jurisdiction.

Third-Party Processors and Data Transfers

We use third-party processors to handle payments, identity verification, and data storage. Payment processors (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment) receive your payment method details to process transactions. Identity verification providers receive your government ID and proof of address to confirm authenticity. Cloud storage providers host our databases and backups.

Our servers may sit outside your jurisdiction. Data transfers are encrypted and subject to data processing agreements that require third parties to protect your information to the same standard we do. We do not allow third parties to use your data for their own purposes.

If we are acquired or merge with another company, your data may be transferred as part of that transaction. We will notify you by email if this occurs and give you the option to delete your account before the transfer.

  • 1
    Payment ProcessorsTransaction only

    online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank partners receive payment details to process deposits and withdrawals.

  • 2
    Identity VerificationKYC only

    Third-party verification providers scan your government ID and proof of address to confirm authenticity.

  • 3
    Cloud StorageEncrypted backup

    Cloud providers host our databases and backups under strict data processing agreements.

Your Rights and Data Access

You have the right to access, correct, and delete your data. You can request a copy of all data we hold about you by contacting our support team. We will provide this within 30 days in a machine-readable format. You can correct inaccuracies in your account information by logging in and updating your profile.

You can request deletion of your account and associated data by contacting our support team. We will process your request within 30 days, subject to legal and regulatory obligations. We may retain some data (e.g., transaction records for AML compliance) for a period after deletion.

You have the right to object to certain uses of your data, such as profiling or automated decision-making. We do not engage in these practices, but if you have concerns, contact our support team and we will review your request.

Right to Access
You can request a copy of all data we hold about you. We provide this within 30 days in a machine-readable format.
Right to Correct
You can update your account information (email, phone, address) by logging in and editing your profile.
Right to Delete
You can request deletion of your account and associated data. We process this within 30 days, subject to legal obligations.
Right to Object
You can object to certain uses of your data. Contact our support team to discuss your concerns.

Cookies and Tracking Technologies

We use cookies to remember your login session, store your preferences, and track your activity on oltoto. Session cookies expire when you close your browser; persistent cookies remain on your device for up to one year. We use these cookies to improve your experience and detect fraud.

We do not use cookies for marketing or third-party tracking. We do not sell your browsing data to advertisers. You can disable cookies in your browser settings, but this may affect your ability to use oltoto.

Data Security and Encryption

We encrypt all data in transit using TLS (Transport Layer Security) and at rest using AES-256 encryption. Your password is hashed using a strong algorithm and never stored in plain text. We do not have access to your password; if you forget it, you reset it via email.

We conduct regular security audits and penetration testing to identify vulnerabilities. We maintain a bug bounty program to encourage security researchers to report issues responsibly. If we discover a data breach, we notify affected users by email within 72 hours and explain what happened and what steps we are taking.

Data Retention and Deletion

We retain your account information for as long as your account is active. We retain transaction records and activity logs for a minimum of five years to comply with anti-money-laundering regulations. We retain KYC documents (government ID, proof of address) for a minimum of five years after your account is closed.

When you request account deletion, we delete your account information within 30 days. We retain transaction records and KYC documents as required by law. We do not retain cookies or tracking data after you delete your account.

Contact Us About Your Data

If you have questions about our privacy policy or want to exercise your rights, contact our support team. We respond to all data requests within 30 days. You can also contact your local data protection authority if you believe we have violated your rights.

Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.