goldtoto Casino & Sportsbook Data Care

This page describes what we collect when you use goldtoto and how we keep that data protected. We operate a sportsbook, live-dealer platform, and slot-game library serving users in supported jurisdictions. To function, we collect personal information — your email, phone number, identity documents, bank details, and transaction history. We use this data to verify your account, process deposits and withdrawals via DANA, e-wallet, mobile banking, local payment, and bank virtual accounts, and settle your sportsbook orders and casino sessions.

We do not sell your personal data to advertisers or third parties. We do share transaction records with payment processors (e.g., banks handling your online payment deposit or e-wallet virtual account), fraud prevention services, and law enforcement when legally required. Our servers may sit outside your jurisdiction; data is encrypted in transit and at rest. You have the right to request, correct, or delete your data, subject to legal and operational constraints.

Our privacy policy is binding and takes effect upon account creation. Services are available only where local law permits. For questions or data requests, contact our support team at the address listed at the end of this page.

What we collect

We collect the following data when you create a goldtoto account or use our platform:

Identity information: Full name, date of birth, nationality, address. We require this for account verification before your first withdrawal.
Contact information: Email address and mobile phone number. We use these for login, password recovery, and service notifications (e.g., withdrawal confirmation).
Identity documents: Copy of your KTP (ID card), passport, or other government-issued identification. We retain these in encrypted form for compliance.
Payment information: Bank account details (account holder name, account number, bank code) or e-wallet identifiers (DANA, e-wallet, mobile banking account). We use this to process deposits and withdrawals.
Transaction history: Dates, amounts, and payment methods for all deposits and withdrawals. We log sportsbook orders (Liga 1, Piala AFF, Champions League markets), live-dealer sessions, and slot-game plays.
Device and browser data: IP address, device type, browser type, and login timestamps. We use this to detect suspicious activity and prevent fraud.
Cookies and tracking pixels: We place cookies on your browser to remember your login state and session preferences. See the Cookies section below.

How we use your data

We use the data we collect for the following purposes:

Account verification: We verify your identity before processing withdrawals. This is mandatory and non-negotiable under Indonesian and international compliance standards.
Payment processing: We share your bank account or e-wallet details with payment processors (e.g., local payment for your virtual account, online payment gateway operators) to execute deposits and withdrawals.
Fraud prevention: We analyze your IP address, login patterns, and transaction history to detect and block unauthorized access or money-laundering activity.
Service delivery: We use your email and phone to send login confirmations, withdrawal status updates, and account notifications.
Legal compliance: We retain transaction records to comply with financial-reporting and anti-money-laundering regulations. We may disclose data to law enforcement or regulators if required by law.
Platform improvement: We analyze anonymized transaction patterns (e.g., which Liga 1 or Mobile Legends markets are most popular) to optimize our platform. This data cannot identify you.

We do not sell your personal data. We do not share your email or phone number with third-party advertisers. Payment processors and fraud services receive only the data necessary to complete their function.

goldtoto Data Principle

Third-party processors and data sharing

We work with third parties to operate goldtoto. These parties have access to limited data:

We share your bank account or e-wallet identifier with payment gateways (e-wallet, mobile banking, local payment operator, online payment, e-wallet, mobile banking). These processors receive only your account holder name, account number, and transaction amount. They do not receive your identity document or sportsbook transaction history. Payment processors are contractually bound to use your data only for payment settlement.

We work with fraud-prevention services to detect unusual login patterns, account takeover attempts, and money-laundering activity. These services receive your IP address, login timestamps, and transaction volume (e.g., "user from Jakarta deposited via local payment, then withdrew via online payment within subject to verification"). Fraud services do not receive your identity documents or personal name.

We may disclose your personal data to law enforcement, tax authorities, or financial regulators if required by court order, subpoena, or applicable law. We do not require your consent for these disclosures. During Idul Fitri, Idul Adha, Imlek, or other statutory holidays, legal requests may experience delays in our response timeline.

Data retention and deletion

We retain your personal data for as long as your goldtoto account is active. After account closure, we retain your data for seven years to comply with financial-reporting and anti-money-laundering regulations. After the retention period, we delete your data except where we are legally required to keep records (e.g., tax audits, ongoing legal disputes).

You have the right to request deletion of your data. We will honor deletion requests for contact information and non-essential data. However, we will retain identity documents, bank account details, and transaction history for the full seven-year period to meet legal obligations. We cannot delete data that is subject to an active investigation or legal hold.

Your data rights on goldtoto

Right to access: Request a copy of all data we hold about you
Right to correct: Request updates to inaccurate or incomplete information
Right to delete: Request deletion of non-essential data (subject to legal holds)
Right to withdraw consent: Opt out of non-mandatory data collection (e.g., marketing emails)
Right to data portability: Request your data in a machine-readable format

Cookies and tracking

We use cookies to store your login session, remember your language preference, and track your behavior within goldtoto (e.g., which sportsbook markets you view, which slot games you play). Cookies are files stored on your browser; they do not contain sensitive data like passwords. We use both session cookies (deleted when you close your browser) and persistent cookies (stored for up to 90 days).

You can disable cookies in your browser settings. Disabling cookies will prevent you from logging into your goldtoto account. We do not use third-party tracking pixels or analytics services that would track your behavior outside of goldtoto. We do not share your browsing history with advertisers.

Data security and encryption

We encrypt all data in transit (HTTPS) and at rest (AES-256 encryption). Our servers are protected by firewalls, intrusion detection, and regular security audits. We limit employee access to your personal data to staff who require it for their role (e.g., compliance officers, payment processors).

However, no security system is impenetrable. We cannot guarantee that data will never be breached. If a breach occurs, we will notify affected users within 30 days and cooperate with law enforcement. We maintain a cyber-insurance policy to cover user losses resulting from a security incident.

International data transfers

Our servers are located in multiple jurisdictions, including outside Indonesia. When you access goldtoto from Jakarta, Bandung, Surabaya, or Medan, your data may be transferred to servers in other countries. We ensure these transfers comply with international data-protection standards by using standard contractual clauses and Privacy Shield equivalents where applicable.

Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes via email. Your continued use of goldtoto after a policy change constitutes your acceptance of the updated policy. We recommend reviewing this page periodically.

Contact goldtoto

To request access to your data, file a complaint, or exercise your rights under this policy, contact our Data Protection Officer:

Email: [email protected]
Address: Data Protection Officer, goldtoto Ltd., Jakarta, Indonesia
Response time: We aim to respond to data requests within 30 days of receipt. During Idul Fitri, Idul Adha, or Imlek holidays, responses may be delayed by up to 10 additional business days.

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data-protection authority or with Indonesian regulators. Our privacy policy is binding and governed by Indonesian law.

For account-specific questions (payment issues, withdrawal status, sportsbook order verification), please visit our FAQ page or contact our general support team during business hours. For data-privacy inquiries, use the Data Protection Officer contact above.