jptoto Casino & Sportsbook Data Care

This page describes what we collect when you use jptoto and how we keep that data protected. We collect your email address and password during account registration, your national ID and proof of address during KYC identity verification, your phone number and date of birth for account recovery, and your payment method information (tokenised, never stored in plain form) when you deposit or withdraw. We also collect device information (IP address, browser type, operating system, device ID), game activity logs (bets placed, results, timestamps), and chat messages if you use our live-dealer table chat features.

We use this data to process your deposits and withdrawals via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet; to verify your identity and prevent fraud; to settle your bets on football markets (Liga 1, Piala Indonesia, Piala AFF, Champions League, Premier League), esports (Mobile Legends, Free Fire, PUBG Mobile), live-dealer games (baccarat, blackjack, roulette, Dragon Tiger), and slots (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways); to send you account notifications and withdrawal confirmations; and to comply with anti-money-laundering and financial crime regulations.

We do not sell your data to third parties. We do share limited information with payment processors (your payment token and transaction amount) to complete deposits and withdrawals, and with law enforcement if required by court order or legal obligation. Our servers may be located outside your jurisdiction; if you reside in Jakarta, Surabaya, Bandung, Medan, Semarang, or Yogyakarta, your data may be processed in a different country and subject to different legal protections. By using jptoto, you consent to this cross-border data transfer.

What Data We Collect

We collect data in several categories. Account registration data: we require your email address, password, full name, date of birth, and national ID number. Identity verification data: during KYC, we collect a photograph of your national ID and a proof of address (utility bill, bank statement, or rental agreement dated within three months). Payment data: when you deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet, we receive a token representing your payment method—never your full card or account number. Transaction data: we log every deposit, withdrawal, bet placed, result, and payout, including timestamps and amounts. Device and access data: we collect your IP address, browser user-agent, device type, operating system version, and device ID when you access jptoto from Android, iOS, or web. Gameplay data: we record every game you join, your betting history, your outcomes, and any chat messages you send in live-dealer tables.

We do not collect: We do not install spyware, keyloggers, or screen-capture software. We do not record your wemobile bankingm or microphone. We do not track your activity outside jptoto unless you use our Android app, which may access device identifiers and location (city/region level only) for geo-restriction enforcement.

How we store your data

We store account data (email, name, ID details) in encrypted database fields using AES-256 encryption. Password hashes use SHA-256 with per-user salts; we never store plain-text passwords. Payment tokens are stored separately from personal data and are encrypted. Transaction logs are stored for seven years (standard financial record retention) in our compliance database. Device logs (IP address, browser data) are kept for 90 days; older logs are automatically deleted. Chat messages from live-dealer tables are stored for one year then deleted unless they are flagged as evidence of abuse or fraud (in which case we retain them indefinitely for legal protection). We do not create backups of deleted data; once your account is closed and the retention period expires, your data is permanently removed.

Your Rights and Our Commitments

We at jptoto respect your privacy and your legal rights. You have the right to request a copy of all personal data we hold on you. Submit a data-access request via our support form; we respond within 14 days with a downloadable file containing your email, name, ID details, transaction history, and device logs. You have the right to correct inaccurate data: update your email, phone number, or address anytime in Account Settings. You have the right to request deletion of your account: we close it immediately and delete your data after the legal retention period (seven years for financial records). You have the right to object to our processing: if you believe we are using your data unfairly, contact our support team and we review your objection. You have the right to lodge a complaint with your jurisdiction's data-protection authority if you believe we have violated privacy law.

We at jptoto commit to transparency. Our servers are located in Southeast Asia; data passes through encrypted channels when transmitted between your device and our servers. We use TLS 1.3 for all HTTPS connections. Our payment processors (third-party gateways handling DANA, e-wallet, and bank transfers) comply with PCI-DSS (Payment Card Industry Data Security Standard) and local data-protection regulations. We conduct annual independent security audits and publish our audit results upon request. If a data breach occurs (unauthorised access to our systems), we notify affected users within 48 hours and inform relevant authorities. We do not require users to change passwords after a breach unless plaintext data was exposed; encrypted passwords and payment tokens cannot be decrypted even if stolen.

Cookies and tracking

We use session cookies to keep you logged in while you browse jptoto. These cookies expire when you close your browser. We also use analytics cookies to count visitors, measure page performance, and identify technical errors. These cookies do not contain personal data (no email or name) and expire after one year. We do not use tracking pixels or cross-site cookies to follow you outside jptoto. When you visit jptoto, Google Analytics may record your IP address and browser data to measure traffic; you can opt out by installing the Google Analytics opt-out browser extension.

Third-party access

We share your data with the following third parties only: Payment processors: mobile banking, local payment, online payment, e-wallet, mobile banking (for e-wallet processing) and local payment, online payment, e-wallet, mobile banking (for bank transfers) receive your payment token and transaction amount to process deposits and withdrawals. Compliance and anti-fraud services: we use third-party KYC providers to verify your identity documents and third-party fraud-detection services to monitor for suspicious activity. Legal authorities: we disclose data to law enforcement if required by court order, warrant, or legal obligation (e.g., anti-money-laundering investigations). Service providers: our web hosting provider and database manager may access encrypted data to maintain server infrastructure. We contractually require all third parties to protect your data and use it only for the stated purpose.

We do not sell or rent your data to marketers, data brokers, or advertisers. We do not use your data to target advertisements to you outside jptoto. We do not share your gaming history or betting patterns with any third party except as required by law.

Cross-border data transfer

Our servers are located outside Indonesia. By registering on jptoto, you consent to your data being transferred to, processed in, and stored outside your jurisdiction. The jurisdiction where our servers are located may have different data-protection laws than Indonesia. We maintain the same encryption and security standards regardless of server location.

Data retention and deletion

We retain your account data for as long as your account is active plus seven years after closure (to comply with financial record-keeping laws). We retain transaction logs for seven years. We retain device logs and IP address records for 90 days. We retain identity verification documents (your ID photo and address proof) for seven years after closure. We retain chat messages from live-dealer tables for one year unless flagged as evidence of abuse. After the retention period, we automatically delete your data; we cannot retrieve it after deletion.

If you request account closure, we deactivate your account immediately and queue your personal data (email, name, address) for deletion after seven years. Your transaction history is retained for the full seven-year period for compliance with anti-money-laundering regulations. If you are subject to a legal hold (e.g., you are a defendant in a case involving your account), we retain all data indefinitely until the legal hold is lifted.

Contact and complaints

If you have privacy questions or wish to exercise your rights (request data, correct information, delete your account), contact our support team via the live chat available 24/7 or email our privacy officer. We respond to data-access requests within 14 days. We respond to complaints within 30 days. If you are dissatisfied with our response, you have the right to lodge a complaint with your jurisdiction's data-protection authority. If you reside in a region with data-protection law (such as the European Union GDPR), those laws may override this policy in your jurisdiction.

This privacy policy was last updated in 2024 and may change. If we make material changes (e.g., we begin selling data to third parties, or we change our server location), we notify all account holders via email at least 30 days in advance. Continued use of jptoto after a policy update constitutes acceptance of the new policy.