bobototo Privacy Policy

This page describes what we collect when you use bobototo and how we keep that data protected. Whether you open an account from Jakarta, Surabaya, Bandung, or another location, your personal information is handled according to these commitments. We collect data only to operate our platform, verify your identity, process deposits and withdrawals, settle your bets, and comply with applicable regulations.

Our privacy practices are transparent. We do not sell your data to advertisers or unrelated third parties. We do share information with payment processors—your DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet transactions require us to send your payment details to those providers and their partner banks. We also share data with regulatory bodies if required by law. This policy explains all of these practices in detail.

When you interact with bobototo—registering, depositing, wagering on Liga 1 matches or esports events, or withdrawing funds—you generate data. We store that data on servers that may sit outside your home jurisdiction. We encrypt sensitive information in transit and at rest, and we retain it only as long as necessary for legal compliance or dispute resolution.

Data We Collect on bobototo

Account registration begins with your email and phone number. We collect these to send you verification codes, password resets, transaction confirmations, and important account notices. We also collect your name, date of birth, and national ID document (during KYC verification). We retain this identity data to prevent fraud and comply with anti-money-laundering regulations.

Payment data includes your chosen deposit and withdrawal method—whether DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or a bank account number. We do not store full card or wallet credentials; instead, we receive tokenised references from our payment processors. We log the amount, date, and status of every deposit and withdrawal. This data is retained for accounting, reconciliation, and dispute resolution.

Behavioural data includes your wager history, game selections, IP address, device type, and browser information. We collect IP addresses to detect fraud and enforce account restrictions. We track which games you play—sportsbook markets (football, badminton, MotoGP), live-dealer tables (blackjack, roulette, baccarat, Dragon Tiger), slots, or esports markets (Mobile Legends, Free Fire, PUBG Mobile)—to understand platform usage and improve service stability. We do not use this data to profile you for external marketing.

KYC data

Identity documents and selfies used for verification. We retain these for regulatory compliance and fraud prevention.

Transaction logs

Records of all deposits, withdrawals, and wagers. Retained for 7 years or as required by local law.

Session data

Cookies and tokens that remember your login state and preferences. Cleared when you log out or after 30 days of inactivity.

How We Use Your Data

We use your name and ID to verify your identity and unlock deposit and withdrawal features. We use your payment details to process transactions and reconcile deposits. We use your phone and email to send transaction receipts, login alerts, and security notifications. We use your wager history to calculate your account balance and settle game outcomes.

We do not use your data to target you with off-platform advertising or sell your profile to third parties.

We share data with our payment processors only to the extent necessary to complete transactions. We share data with regulatory authorities if required by law. During holidays such as Idul Fitri, Idul Adha, Imlek, or Nyepi, our support and compliance teams may operate on reduced schedules, but data-handling protocols remain unchanged. We may share anonymised usage statistics (e.g., "Liga 1 market volume on bobototo") for industry reporting, but never tied to individual accounts.

Your Rights and Data Security

You may request a copy of the personal data we hold about you. You may request correction of inaccurate data or deletion of data no longer necessary for our legal obligations. Contact us at the address below with your account email and we will respond within 30 days. Some data—such as KYC records and transaction logs—we are legally required to retain; deletion may not be possible.

We protect your data using industry-standard encryption (TLS for data in transit, AES-256 for data at rest). We limit access to your data to employees and contractors who have a business need to see it. We maintain backup copies for disaster recovery and retain them for up to 90 days before deletion. Our servers are hosted by reputable cloud providers and do not sit on personal hardware.

We use cookies to track your login session and remember your language preference. You may disable cookies in your browser, though this may affect your ability to stay logged in. We do not use third-party tracking cookies or analytics that identify you across other websites.

• We respond to data access requests within 30 days.
• We log all data breaches and notify affected users within 72 hours if required by law.
• We retain transaction data for 7 years to comply with financial record-keeping regulations.
• Your password is hashed and never stored in plain text.

If you have questions about this policy, contact our support team via email or in-app chat. We review and update this policy annually or when regulations change. The date of last revision is shown at the bottom of the bobototo platform.