LEGAL REFERENCE

Your Privacy Matters to Us

We built 18toto around your trust. This privacy policy explains how we collect, use and protect your personal information when you open an account, deposit via DANA, OVO...

Data ProtectionTransparent PracticesYour ControlSecure PaymentsIndonesia-Compliant
Tour the Lobby Read FAQ
18toto Your Privacy Matters to Us

What We Collect and Why

When you join 18toto, we collect your name, email, phone number and account details to verify your identity and process your transactions. Payment information — including DANA, OVO, GoPay and QRIS references — is encrypted and stored securely. We also track your gameplay activity, session logs and device data to prevent fraud, improve your experience and comply with local regulations in supported

regions. We never sell your personal data to third parties. Your information stays with us and our trusted payment processors.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

PLAYER SUPPORT

Questions About Your Privacy

Email Support Reach our privacy team at [email protected] with any concerns about how we handle your data. We respond within 24 hours.
Account Settings Review and update your personal information anytime in your account dashboard. Control what data you share with us.
Data Requests Request a copy of your personal data or ask us to delete your account. Submit requests through your account or email us directly.
TRUST MARKERS

How We Protect Your Trust

Encryption Standard

All data transmitted between your device and our servers uses SSL/TLS encryption. Your payment details and login credentials are never...

Regular Audits

We conduct quarterly security reviews and penetration testing to identify and fix vulnerabilities before they affect your account.

Compliance Framework

Our privacy practices align with Indonesian data protection standards and international best practices for gaming platforms.

Limited Access

Only authorized staff can access your personal information, and only when necessary to process your requests or prevent fraud.

Breach Protocol

If a security incident occurs, we notify affected users within 72 hours and provide guidance on protecting your account.

Third-Party Vetting

Payment processors and service providers we work with meet the same security standards we do. We audit them annually.

Consistency Across Our Platform

Same Policy EverywhereWhether you're on our desktop site, mobile app or live sportsbook, this privacy policy applies uniformly across all 18toto properties.
Payment Data HandlingDANA, OVO, GoPay and QRIS transactions follow identical encryption and storage protocols regardless of where you initiate them.
Cookie ConsistencyWe use the same tracking cookies and session identifiers across all platforms to give you a seamless experience without duplicating data.
Retention RulesAccount data, transaction history and gameplay logs are retained for the same duration on all channels — typically 7 years for compliance.
User RightsYour right to access, correct or delete your data applies equally whether you request it via email, app or website contact form.
Update NotificationsWhen we update this policy, we notify you through your registered email and in-app alerts. Changes take effect 30 days after notice.
Dispute ResolutionPrivacy complaints are handled through the same support channel across all platforms, with escalation to our data protection officer if needed.
SERVICE CONTEXT

What Defines Our Privacy Approach

Transparent Collection We tell you exactly what data we collect and why...
Minimal Data Principle We only ask for information we actually need to verify...
Your Consent Matters Marketing emails, gameplay analytics and third-party integrations all require your...
Local Compliance We respect Indonesian data protection frameworks and regional payment regulations...
Easy Deletion Request account deletion anytime and we'll remove your personal data...
No Selling Data We never monetize your information by selling it to advertisers...

Privacy Questions Answered

We retain your account information for 7 years after your last activity to comply with Indonesian financial regulations. Transaction records are kept for the same period. You can request deletion anytime, though some data may be retained if required by law.

Yes. Payment details are encrypted end-to-end and never stored on our servers in readable form. We use PCI-DSS compliant processors and conduct quarterly security audits. Your e-wallet credentials are handled by your payment provider, not by us.

We only share data with trusted payment processors, fraud-prevention services and legal authorities when required by law. We never sell your information to marketers or data brokers. All partners sign strict confidentiality agreements.

Absolutely. Email [email protected] with a data access request and we'll send you a complete copy of your personal information within 14 days. You can also review most of it in your account settings anytime.

We monitor for threats 24/7 and conduct regular penetration testing. If a breach occurs, we notify you within 72 hours with details and steps to protect your account. We also report to relevant authorities where required by Indonesian law.

We use cookies to remember your login, track gameplay for fraud prevention and improve your experience. You can disable non-essential cookies in your browser settings without losing core functionality. We don't use cookies for third-party advertising.

Yes. Request account deletion through your settings or email us. We'll remove your personal data within 30 days, except transaction records required by law. Your account will be permanently closed and you won't be able to recover it.