dtotoPrivacy Policy

This page describes what we collect when you use dtoto and how we keep that data protected. From the moment you register an account through every deposit, withdrawal, and game session, we gather information about you—your identity, your payment details, your location, and your activity on our platform. We understand that privacy matters, which is why we've built our data practices around transparency and security.

We at dtoto collect only the information we need to verify your identity, process your payments, comply with anti-money-laundering regulations, and provide customer support. We do not sell your data to marketing firms or data brokers. We do not use your information for purposes beyond operating dtoto. If we partner with payment processors or regulatory authorities, those partners are bound by strict confidentiality agreements.

This policy covers what we collect, how we use it, who we share it with, how long we keep it, and your rights to access or request deletion. If you have questions about our data practices, our support team in Jakarta, Surabaya, Bandung, Medan, and Semarang is available during standard business hours.

What Data We Collect on dtoto

When you open a dtoto account, we collect your email address, chosen username, and password (which we encrypt and never store in plain text). We also require government-issued identification—a passport, national ID, or driver's license—and proof of address, typically a utility bill, bank statement, or rental agreement dated within the past three months. This Know Your Customer (KYC) verification is a legal requirement that protects both you and dtoto from fraud and money-laundering risk.

We collect payment information when you deposit funds. If you use DANA, e-wallet, mobile banking, local payment, or online payment, we receive your transaction confirmation but do not store your e-wallet login details. If you use a bank transfer via e-wallet, mobile banking, local payment, or online payment, we collect your account holder name and bank reference number. We never store full bank account numbers or card details—payment processors handle that data on their secure servers.

We also collect your activity data on dtoto: every entry you place, every withdrawal you request, every draw you watch, and every support message you send. We log your IP address, device type, and browser information for security and fraud detection. If you access dtoto from different cities or countries, we note those login locations to detect unauthorized account access. During major tournament periods like Liga 1, Piala Indonesia, or Piala AFF, we may see higher transaction volumes and longer session logs.

We do not collect data beyond what we need to operate dtoto

We do not track your browsing history outside dtoto, your location when you're not using the app, or any personal information you don't explicitly provide. We collect only what's necessary for account verification, payment processing, and regulatory compliance.

Cookies and tracking on dtoto

Our dtoto website uses cookies to remember your login session, keep you signed in across page visits, and understand which sections of the site you use most frequently. These are functional cookies—they help the platform work better, not to sell advertising space or track you across other websites. You can disable cookies in your browser settings, though this may make dtoto harder to use.

We do not use third-party analytics cookies that track you across the internet. We do not employ advertising pixels or retargeting code that follows you to other sites. Our cookies exist solely to improve your dtoto experience.

How We Use Your Data and Who We Share It With

We use your data to verify your identity, process your deposits and withdrawals, settle your game outcomes, and respond to your support inquiries. We also use your data for fraud prevention—if we detect unusual login patterns, rapid withdrawals to new payment methods, or account takeover attempts, we freeze your account and contact you to verify the activity.

Our servers may sit outside your jurisdiction. dtoto operates from multiple data centers for reliability and speed, so your information may be stored in Southeast Asia, Singapore, or other regions where applicable. These servers are encrypted and accessible only by authorized dtoto staff. We do not disclose your personal data to third parties except in these limited scenarios:

Payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) receive your transaction information to complete deposits and withdrawals.
Regulatory authorities may request your information if local law requires it—we comply with lawful requests from government agencies.
Our support and fraud-prevention teams access your data to resolve disputes, investigate account issues, and protect against misuse.

We retain your account data for a minimum of three years after you close your account. This allows us to respond to inquiries, verify past transactions, and comply with local financial record-keeping laws. During holidays like Idul Fitri, Idul Adha, Imlek, or Nyepi, our data-management processes may be slower due to reduced staffing. After three years, we securely delete your personal information unless we're required by law to keep it longer.

Password security: We encrypt your password using industry-standard algorithms. We cannot see or retrieve your password—if you forget it, we can only initiate a secure reset through your registered email address.
Two-factor authentication: We offer optional two-factor authentication (2FA) via email or authenticator app. Enabling 2FA adds an extra security layer to your dtoto account.
Data breach response: If we discover unauthorized access to dtoto user data, we notify affected account holders within 48 hours and provide guidance on account recovery steps.
Your data rights: You can request to view all data we hold about you, request corrections to inaccurate data, or request deletion of your account. Submit these requests through dtoto support.

International data transfers and dtoto compliance

dtoto operates globally, and your data may be transferred across borders for processing and storage. By using dtoto, you consent to this international transfer. We apply the same encryption and protection standards to international data as we do to data stored locally.

We comply with data protection standards applicable in the jurisdictions where we operate. If you have privacy concerns or want to exercise your data rights, contact our dtoto support team. We respond to data-access requests and deletion requests within 14 business days. Your privacy is central to how we operate, and we take every data-protection obligation seriously.