atoto Platform Privacy Notice

This page describes what we collect when you use atoto and how we keep that data protected. We at atoto collect personal information only to verify your identity, process your deposits and withdrawals, and comply with local financial regulations. We do not sell your data to third parties, and we do not use it for marketing purposes without your consent.

Our privacy practices apply to all users accessing atoto through our Android APK, iOS browser, or desktop interface. Whether you are in Jakarta, Surabaya, Bandung, Medan, or another supported region, the same data protection rules apply. We handle your information according to the privacy laws of the jurisdictions where we operate and where your data is stored.

We encourage you to read this policy in full. If you have questions about how we use your data or how to exercise your privacy rights, contact our support team through the atoto app.

What Data We Collect on atoto

Account information: When you register on atoto, we collect your name, date of birth, email address, phone number, and residential address. We use this information to create your account, verify your identity, and send you notifications about your account activity. We do not share this data with third parties except as required by law or to process your payments.

Identity verification: During KYC verification, we ask for a government-issued identity document—such as a national ID card, passport, or driver's license. We scan or photograph this document and extract the data to verify your identity. We store the extracted data securely on our servers. We do not store images of your ID document itself; we store only the verified information extracted from it. This data is used solely for account verification and regulatory compliance.

Payment information: When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer from mobile banking, local payment, online payment, or e-wallet, we collect information about your transaction—the amount, the payment method, the date, and the confirmation number from your bank or payment provider. We do not store your full bank account number or card details; our payment partners handle that securely. We store only the confirmation data needed to track your deposit and issue a receipt in your account history.

Account activity: We log every action you take on atoto—login times, bets placed, games played, withdrawals requested, and account changes such as password resets. We use this log to help you review your activity, to detect fraudulent or unauthorized access, and to comply with anti-money-laundering regulations. Your activity log is stored in your account and is accessible only to you and our compliance team.

Device and usage data: We collect technical information about your device when you use our Android APK or iOS browser—your device model, operating system version, IP address, and browser type. We use this data to optimize our app's performance, diagnose technical problems, and protect against unauthorized access. We do not collect location data unless you explicitly grant permission through your device's settings.

Personal data
Information that identifies you—name, date of birth, email, phone, address, and government ID details.
Transaction data
Records of your deposits, withdrawals, and bets—amounts, dates, payment methods, and confirmations.
Device data
Technical information about your device—model, OS, IP address, and browser type.
Activity log
A timestamped record of every action you take on atoto—logins, bets, withdrawals, password changes.

How We Use and Protect Your Data on atoto

Purpose of collection: We collect your data for five main purposes: account creation and verification, payment processing, regulatory compliance, fraud prevention, and customer support. We use your personal data to verify you are of legal age, to process your deposits and withdrawals securely, to file required financial reports with regulatory authorities, to detect suspicious account activity, and to help resolve disputes or technical issues.

Third-party processors: We share your data with trusted third parties only to the extent necessary to provide our service. Our payment partners (the companies behind DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet) receive transaction information needed to process your deposits and withdrawals. Our cloud hosting provider stores our servers and databases outside your jurisdiction—this may be in Singapore, Malaysia, or another region. Our identity verification partner accesses your government ID information during KYC verification. Each partner is contractually bound to protect your data and use it only for the purpose specified.

Data security: We encrypt all personal data at rest using AES-256 encryption. Data in transit between your device and our servers is protected by TLS 1.2 or higher. We restrict access to your data to authorized atoto staff and partners on a need-to-know basis. We conduct annual security audits and penetration testing to identify vulnerabilities. If we discover a data breach, we notify affected users within 72 hours and file a report with relevant regulatory authorities.

Data retention: We retain your account information for as long as your account is active. If you close your account, we retain your data for seven years to comply with anti-money-laundering regulations and to settle any outstanding disputes. After seven years, we delete or anonymize your personal data. Transaction records are kept longer for regulatory purposes—typically ten years.

Cookies and tracking: Our atoto app uses cookies and session identifiers to keep you logged in and to remember your preferences—such as your language setting or notification preferences. Cookies do not track you across other websites; they work only within atoto. We do not use third-party analytics cookies that identify you personally. We collect anonymous usage statistics (such as "how many users accessed atoto on Idul Fitri") to improve our service, but this data is aggregated and does not identify individuals.

Your privacy rights on atoto

  • You have the right to access your personal data—request it anytime through our support form
  • You have the right to correct inaccurate data—notify us and we update your account
  • You have the right to request deletion of your data after your account closes (subject to regulatory holds)
  • You have the right to object to processing—contact us if you believe your data is being used unlawfully
  • You have the right to data portability—we can export your transaction history in a standard format

Your rights: Depending on your jurisdiction, you may have specific privacy rights. In many regions, you have the right to access your personal data, to request correction of inaccurate information, and to request deletion after a reasonable period. You have the right to withdraw consent for non-essential processing—such as promotional emails—by changing your notification preferences in atoto. You have the right to lodge a complaint with your local data protection authority if you believe we are misusing your data.

Contact: If you have questions about our privacy practices, if you want to exercise your rights, or if you believe your data has been compromised, contact our support team through the atoto app. We respond to data subject requests within 30 days. For urgent privacy concerns, you may escalate your request to our Data Protection Officer through the support form.

Policy updates: We may update this privacy notice periodically to reflect changes in our practices or applicable law. When we make material changes, we notify all active account holders via email and in-app notification. Your continued use of atoto after we post an update means you accept the revised policy.