itoto Casino & Sportsbook Data Care

This page describes what we collect when you use itoto and how we keep that data protected. We operate across supported jurisdictions and handle your personal information according to applicable data-protection law.

We at itoto take data security seriously. When you register, deposit via DANA, e-wallet, mobile banking, or bank transfer, or place a bet on Liga 1 or Champions League markets, we collect information needed to verify your identity, process your payment, and settle your account. We do not sell your data to third parties. We use it only to run our platform, comply with local law, and improve your experience on itoto.

Our commitment is transparency. This policy explains what we collect, who has access, how long we keep it, and what rights you have over your own information.

What we collect on itoto

We collect data in three categories: account information, transaction data, and behavioural signals.

Account information: When you open an itoto account, we ask for your full name, email, phone number, date of birth, and residential address. During KYC verification, we collect a photo of your national ID (KTP, passport, or driver's licence) and proof of address (utility bill, bank statement, or government letter). We store these documents securely and do not share them with external parties unless required by law.

Transaction data: Every deposit, withdrawal, and bet is logged. We record the payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or your mobile banking, local payment, online payment, e-wallet virtual account), the amount, the timestamp, and the outcome. We keep transaction records for seven years to comply with financial-reporting obligations in supported jurisdictions.

Behavioural signals: We track which games you play (football markets, live-dealer tables, slot games, esports), how long you stay logged in, and which payment methods you prefer. We use this data to detect fraud, prevent account abuse, and personalise your experience—for example, showing you upcoming Piala AFF or Champions League fixtures if you frequently bet on football.

We do not collect your browsing history outside itoto, your location in real time, or your biometric data. We do not use cookies to track you across other websites.

Your data is encrypted in transit and at rest

We use TLS 1.2+ encryption for all connections to itoto. Our servers store your personal information in encrypted databases. Access is restricted to authorised staff and automated systems.

How we use your data

We use your information for five purposes:

  1. Account management: We verify your identity, process your deposits and withdrawals, and manage your itoto wallet balance.
  2. Fraud prevention: We analyse transaction patterns to detect suspicious activity. If we flag a withdrawal as high-risk, we may ask you to re-verify your identity before processing it.
  3. Legal compliance: We report aggregate betting data to financial regulators in supported jurisdictions. We do not disclose individual user names or account balances without a court order.
  4. Customer support: When you contact our team, we use your account history to resolve disputes, answer questions about Liga 1 odds, or help you reset your password.
  5. Service improvement: We analyse which games are popular during Idul Fitri or Idul Adha, which payment methods are fastest, and where our platform is slow. We use these insights to improve itoto.

Third-party processors

We share your data with external partners only when necessary:

  • Payment processors: mobile banking, local payment, online payment, e-wallet, mobile banking, and your bank (local payment, online payment, e-wallet, mobile banking) receive your transaction details to process deposits and withdrawals. They are bound by their own privacy policies.
  • KYC verification vendors: We use a third-party identity-verification service to scan your ID photo and check it against government records. This vendor does not store your documents after verification is complete.
  • Cloud infrastructure: Our servers may sit outside your jurisdiction (for example, in Singapore or Australia). Your data is encrypted before it leaves our control.
  • Law enforcement: If a court or regulator in a supported jurisdiction issues a legal demand, we comply and disclose the minimum information required.

Your rights and our commitments

You have the right to access, correct, or delete your personal data. To exercise these rights, log into your itoto account and visit the Settings page, or contact our support team. We will respond within 14 business days.

We retain your data for as long as your account is active, plus seven years after closure (to comply with financial-reporting law). After seven years, we delete or anonymise your information. If you request deletion before that period, we will honour it unless we are legally required to keep the data.

We do not use automated decision-making to deny you access to itoto. If we flag your account for review, a human team member will contact you to explain why and give you a chance to respond.

Our services are available only where local law permits. If you are in a jurisdiction where online gaming is prohibited, we cannot provide access to itoto. You are responsible for verifying that your use of itoto complies with your own jurisdiction's law.

If you have questions about this policy or how we handle your data, contact our support team. We are available during business hours in Jakarta, Surabaya, Bandung, and Medan time zones.

Key takeaways

  • We collect your name, ID, address, and transaction history to run itoto and comply with law.
  • We encrypt your data in transit and at rest; access is restricted to authorised staff.
  • We share data with payment processors and KYC vendors only; we do not sell to third parties.
  • You can access, correct, or delete your data by contacting support within 14 business days.
  • We retain your information for seven years after account closure, then delete it.