LEGAL REFERENCE

Your Privacy Matters to Us

Q: How do I delete my account and data permanently?

Submit a deletion request via email to support@totothai.app. We'll erase your personal data within 30 days, except where law requires us to retain records for tax or fraud-investigation purposes.

We've built totothai with your account security and data privacy at the centre. When you open an account through DANA, OVO, GoPay or QRIS, every transaction and gaming...

DANAOVOGoPayQRIS

See the Lobby Read FAQ

Privacy Policy Overview

totothai operates our platform in compliance with data protection principles applicable in supported regions across Indonesia. When you sign up, deposit via DANA, OVO, GoPay or QRIS, or engage with our live casino tables, slots and sportsbook, we collect personal information—name, email, phone, payment details and gaming behaviour—solely to deliver your account, process withdrawals, prevent fraud and comply with local reporting requirements.

Your data is encrypted in transit and at rest. We never sell your information to third parties; it's shared only with payment processors and legal authorities where required by law. You have the right to access, correct or request deletion of your data.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

24/7 SUPPORT

Privacy Questions & Contact

Team online

Email Support

Reach our privacy team at [email protected] with any concerns about how we handle your personal data, account details or payment information.

Live Chat

Open your account and use live chat within the lobby to ask real-time questions about data security, cookie usage or your privacy choices while gaming.

Data Request Form

Submit a formal request to access, amend or delete your personal information. We'll respond within 14 days with your account data or confirmation of changes made.

EDITORIAL CLARITY

Why Your Privacy Is Secure Here

Encryption Standard

All deposits via DANA, OVO, GoPay and QRIS use TLS 1.2+ encryption. Your gaming sessions and account login are protected by the same security layer banks use across Indonesia.

Fraud Prevention

We monitor every transaction and account activity in real time. Unusual login patterns or payments trigger automatic verification to keep your balance and identity safe.

Third-Party Audit

Our platform undergoes annual security reviews by independent auditors. Encryption protocols, data storage and access logs are verified to meet international standards.

Payment Processor Trust

DANA, OVO, GoPay and QRIS partner integrations are PCI-DSS compliant. Your financial details never pass through our servers; we only see transaction confirmation.

Data Retention Limits

We keep your personal data only as long as your account is active, plus seven years for legal record-keeping. After that, encrypted deletion removes it permanently.

No Cookie Tracking

We use cookies only for account session management and live casino lobby performance. We don't use third-party trackers to build profiles or sell browsing data.

How Our Policy Stays Consistent

Account Privacy

Your login credentials, gaming history and personal profile are encrypted at rest and never shared with third parties unless legally required.

Payment Data Security

DANA, OVO, GoPay and QRIS transactions are tokenised; your actual card or wallet number is never stored on our servers.

Casino & Sportsbook Logs

Betting history, live table sessions and slot activity are logged for account reconciliation and fraud detection, not for external marketing.

Cookie Policy Clarity

Essential cookies power live casino gameplay and lobby navigation. Optional analytics cookies are disabled by default; you can enable them any time.

Withdrawal & KYC Data

Know-your-customer details collected during signup and withdrawal requests are held securely and shared only with payment processors and regulators as required.

Right to Access

You can request a full copy of your personal data held by totothai within 14 days. We provide it in portable, machine-readable format.

Policy Updates

If we change our privacy practices, we'll email you at least 30 days in advance. Continuing to use your account after that date means you accept the update.

Privacy Elements That Define Our Platform

Two-Factor Authentication

Enable 2FA in account settings to add a second security layer beyond your password. Each login from a new device triggers a code via SMS or email.

Session Timeout

Your account automatically logs out after 30 minutes of inactivity for security. Rejoin instantly when you're ready; your balance and games remain unchanged.

Deposit references Transparency

Set personal spending caps on your account dashboard. These limits are respected across DANA, OVO, GoPay and QRIS, and you can adjust them anytime.

Transaction History Export

Download your full payment and gaming ledger as a CSV file directly from your account. Use it for personal records or tax reporting in Indonesia.

Breach Notification

If any security incident affects your data, we notify you within 24 hours via email and offer complimentary account monitoring for 12 months.

IP & Device Logging

We record login IP addresses and device fingerprints to spot unauthorised access. Check your active sessions anytime and log out remotely if needed.

Privacy Questions Answered

Your payment details are never stored on our servers. DANA, OVO, GoPay and QRIS use tokenisation to send us only a transaction reference. Your wallet or card number stays encrypted on the payment provider's secure system, not ours.

We never sell your account activity, betting history or personal profile to advertisers or data brokers. Data is shared only with payment processors, fraud-detection services and Indonesian regulators where legally required by law.

Your data remains encrypted and stored securely. If you don't log in for two years, we may flag your account for dormancy but will not delete personal information without your written request.

Submit a deletion request via email to [email protected]. We'll erase your personal data within 30 days, except where law requires us to retain records for tax or fraud-investigation purposes.

No. Our cookies operate only within the totothai.app domain for session management and live casino performance. We don't place tracking pixels on external sites or build profiles for third-party marketers.

We notify you immediately if your information is compromised. We provide 12 months of free identity-monitoring services, cover any fraudulent charges, and inform regulators as required by Indonesian law.

Yes. Log in, go to Account Settings, and select 'Export Data' to download your personal information, transactions and gaming ledger as a CSV file in seconds.