wisatatoto Platform Privacy Notice

This page describes what we collect when you use wisatatoto and how we keep that data protected. We gather personal information only as necessary to verify your identity, process payments, and comply with local financial regulations. We do not sell or lease your data to marketing firms. We do not use your information to build profiles outside the scope of account verification and fraud prevention.

Our data handling operates on a principle of minimalism and isolation. We collect your name, date of birth, government ID number, phone number, and email because these are mandatory for identity verification (KYC) and payment processing. We store encrypted passwords and session tokens. We log your login times, IP addresses, and device details to detect unauthorized access. We retain payment transaction records for a minimum of seven years in compliance with Indonesian financial law.

We encrypt all personal data in transit and at rest. We restrict access to your information to essential staff only. Our servers may sit outside your jurisdiction, but our compliance processes operate within Indonesian legal frameworks. This notice explains what we collect, why, and how long we keep it. If you have questions about your data on wisatatoto, contact our privacy team using the form at the end of this page.

What Data We Collect on wisatatoto

When you register an account on wisatatoto, we request several pieces of information. Your full legal name, date of birth, phone number, and email address are mandatory. We also request a government-issued ID number (such as your national identity card or passport number). This information is used exclusively for identity verification and cross-checked against official registries to prevent fraud.

We collect your payment method details when you deposit. If you use DANA, e-wallet, mobile banking, local payment, online payment, or e-wallet, we do not store your wallet credentials directly—authentication occurs within your wallet provider's system. However, we store a record that you used that payment method, the date, and the transaction ID. If you use mobile banking, local payment, online payment, or e-wallet virtual accounts, we generate a unique account number for you but do not store your personal bank account number beyond the transaction record necessary for withdrawal processing.

We log your login activity on wisatatoto: the time of each login, the device type, the operating system, and the IP address from which you logged in. This information helps us detect unauthorized access attempts and prevent account takeover. If you enable two-factor authentication, we store a record of your registered phone number but not the authentication codes themselves.

We do not request sensitive data unnecessarily

wisatatoto does not ask for your bank account number, your full ID document image, or your financial statements during regular signup. Additional verification requests occur only when our compliance system flags unusual activity. When we do request documents, encryption protects them immediately upon upload.

How We Use Your Information on wisatatoto

We use your personal data for five primary purposes. First, identity verification: your name, date of birth, and ID number are cross-checked against national databases to confirm you are a real person operating an account in your own name. Second, payment processing: your bank or e-wallet details are passed securely to our payment partners (never stored on wisatatoto servers in plain text) to complete deposits and withdrawals.

Third, fraud prevention: your login history, device fingerprints, and transaction patterns are analyzed to detect suspicious activity such as unauthorized access or account takeover attempts. Fourth, regulatory compliance: we retain transaction records to support anti-money-laundering checks and to fulfill reporting obligations to tax authorities in supported jurisdictions. Fifth, customer support: if you contact our team, we use your account information to look up your profile, review your transaction history, and resolve your inquiry.

We do not use your data for marketing purposes, behavioral targeting, or third-party profiling. We do not send unsolicited promotional emails based on your activity. We do not track your movements outside wisatatoto or build cross-platform profiles of your online behavior.

How Long We Keep Your Data

We retain your personal account information—name, date of birth, ID number, phone, email—for as long as your account is active plus a minimum of three years after account closure. This retention allows us to investigate disputes and fulfill regulatory obligations on wisatatoto. Payment transaction records are retained for a minimum of seven years in compliance with Indonesian financial reporting requirements.

Login activity logs, session tokens, and device fingerprints are typically deleted after ninety days unless they are part of an active investigation or dispute on wisatatoto. Two-factor authentication records are kept for the duration your account is active; if you disable 2FA, those records are deleted after thirty days.

If you request deletion of your account and associated data on wisatatoto, we will delete personal information (name, email, phone) after verifying that no ongoing disputes or withdrawals are pending. However, we must retain transaction records for seven years as required by law. We cannot delete these records; instead, we anonymize them by removing personal identifiers and retaining only transaction amounts, dates, and outcome statuses.

Account information
Retained for account lifetime plus 3 years after closure on wisatatoto.
Transaction records
Retained for 7 years minimum per Indonesian financial law on wisatatoto.
Login logs
Deleted after 90 days unless under investigation on wisatatoto.
2FA records
Deleted 30 days after 2FA is disabled on wisatatoto.

Third-Party Data Processors

We share your data with third parties only when necessary for core operations on wisatatoto. Our payment partners—including mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and online payment—receive only the information they need to process your deposit or withdrawal. We do not pass your full payment history or personal details beyond what each payment partner requires.

Our identity-verification partner receives your name, date of birth, and ID number to cross-check against national registries. This verification is essential for compliance. Our data center provider hosts our servers and encrypted databases but does not have access to unencrypted personal information.

We may share aggregated, anonymized data (such as "wisatatoto processed 100,000 deposits in January") with business partners for statistical purposes. This data contains no personal identifiers and cannot be traced back to individual accounts on wisatatoto.

If we receive a legal request from law enforcement—such as a subpoena or court order—we will disclose information as required by law. We will notify you of such requests except where prohibited by legal order. We do not voluntarily provide user data to government agencies without legal compulsion.

Your Rights and Our Commitments on wisatatoto

You have the right to access all personal data we hold about you on wisatatoto. Submit a request to our privacy team, and we will provide a data export within thirty days. You have the right to correct inaccurate information—if your name or email is wrong on wisatatoto, contact our team and we will update it immediately.

You have the right to request deletion of your personal account information on wisatatoto, subject to legal retention requirements. We will delete account details within thirty days unless a dispute or transaction is pending. You have the right to opt out of optional communications, though we will continue to send transaction confirmations and security notices.

You have the right to know what data we collect and why. This privacy notice is our transparency commitment. You have the right to lodge a complaint with our privacy team if you believe we have mishandled your data on wisatatoto. Contact details are provided below.

Cookies and Tracking on wisatatoto

We use cookies to maintain your login session and remember your language preference on wisatatoto. These are essential cookies; without them, you cannot remain logged in. We do not use tracking cookies to monitor your behavior across the web or build browsing profiles.

We do not embed third-party advertising pixels or analytics trackers (such as Google Analytics) on wisatatoto. We use only our own server logs to analyze platform performance. You can disable cookies in your browser settings; however, you will be logged out of wisatatoto and will need to log in again on each visit.

How We Protect Your Data

All personal data transmitted between your device and wisatatoto is encrypted using TLS 1.3 or higher. Data stored on our servers is encrypted at rest using AES-256 encryption. We use isolated, access-restricted databases: only authorized staff with documented need can access your personal information on wisatatoto.

We conduct regular security audits and penetration testing. If a breach occurs, we will notify affected users within forty-eight hours and report the breach to relevant authorities as required by law. We maintain offline backup copies of critical data to protect against ransomware attacks on wisatatoto.

Jurisdiction and Policy Updates

This privacy notice applies to all users of wisatatoto regardless of their location, provided their jurisdiction permits access to our platform. If our services become unavailable in your jurisdiction, we will disable your account access and provide notice. Your data will be retained according to this policy and applicable law in your jurisdiction.

We may update this privacy notice at any time. Material changes will be notified via email to your registered address on wisatatoto. Your continued use of wisatatoto following an update constitutes your acceptance of the revised policy. If you disagree with changes, you may request account deletion.

Contact Our Privacy Team

If you have questions about how we handle your data on wisatatoto, or if you wish to exercise your rights (access, correction, deletion), contact our privacy team. You can reach us by submitting a privacy request form through your account on wisatatoto, or by emailing [email protected] with the subject line "Data Access Request" or "Privacy Inquiry."

We will respond to all data-access requests within thirty business days. For urgent security concerns, contact our support team immediately via the in-platform help button on wisatatoto.

  1. Submit a privacy request

    Use the privacy form in your account settings on wisatatoto or email [email protected].

  2. Receive confirmation

    Our team will acknowledge your request within 2 business days on wisatatoto.

  3. Get your data or resolution

    We will provide access, correction, or deletion within 30 business days on wisatatoto.

This privacy notice was last updated and is effective as of its publication date. We remain committed to transparent data handling and user protection across all wisatatoto services, whether you access from Jakarta, Surabaya, Bandung, Medan, Semarang, Yogyakarta, or any other supported jurisdiction.