donatoto Platform Privacy Notice
This page describes what we collect when you use donatoto and how we keep that data protected. We operate an online sportsbook and live-dealer platform available where local law permits. Your account on donatoto may hold personal information—email, phone, payment details, identity documents—and we undertake to handle each piece according to the standards set out below.
We at donatoto process your data for three core purposes: account verification (KYC compliance), transaction settlement (deposits and withdrawals via DANA, e-wallet, mobile banking, local payment, online payment, and other local methods), and platform operation (fraud detection, support, and service improvement). This notice is plain language; if you have questions after reading, our support team in Bahasa Indonesia and English can clarify before you register.
We keep these terms plain and direct. Services are available only where local law permits.
What We Collect on donatoto
When you open an account on donatoto, we ask for your email address, full name, date of birth, phone number, and residential address. We use this to verify your identity and comply with local anti-money-laundering rules. Your email remains your primary contact point; we use it to send account notifications, settlement confirmations, and support replies.
During your first deposit, you select a payment method—DANA, e-wallet, mobile banking, local payment, online payment, or a bank virtual account (e-wallet, mobile banking, local payment, online payment). We collect the transaction reference, amount, and timestamp. We do not store your full card or wallet credentials; your bank or e-wallet provider handles that encryption. We retain the transaction record to reconcile deposits against your account balance and to respond to withdrawal disputes.
When you place a bet on Liga 1, Piala AFF, Champions League, or access a live-dealer table (blackjack, roulette, baccarat), we log your bet slip, stake, outcome, and settlement time. This data helps us detect fraud, resolve settlement disputes, and comply with audit requirements. We also collect device information—browser type, IP address, approximate location (city-level, not street)—to flag unusual login patterns and protect your account.
Your Rights on donatoto
You have the right to request a copy of all data we hold on your account. Contact our support team to initiate a data-access request; we aim to respond within ten business days. You can also ask us to correct any inaccuracy—for example, if your registered address on donatoto is outdated—by submitting a correction form through your account settings.
You may request account deletion; however, we retain transaction records for seven years to comply with financial-crime regulations. After deletion, your email and payment history remain in our audit log but are disconnected from your profile. New accounts using the same email are treated as separate registrations subject to full KYC re-verification.
If you believe we have misused your data, you can file a complaint with your local data-protection authority. We also accept complaints via our support channel; escalate to our data officer by marking your message "Data Privacy Complaint".
How We Protect Your Data on donatoto
Our servers encrypt all login traffic using TLS 1.2 or higher. Your account password is salted and hashed; we never store it in plain text. Two-factor authentication (via SMS or email code) is optional but recommended; activating it on donatoto significantly reduces account-takeover risk.
Payment data flows through PCI-DSS-compliant processors. We do not hold your DANA wallet ID, e-wallet account number, or bank card in our primary database; instead, we store tokenized references that allow us to initiate transactions without exposing the raw credentials. Withdrawal requests are queued and processed during defined settlement windows (typically within hours of request submission, subject to bank or e-wallet processing times).
We use cookies and tracking pixels to remember your login state, language preference, and betting history on donatoto. Essential cookies (session ID, CSRF token) are mandatory for the platform to function. Optional cookies track user behaviour for fraud-detection analytics; you can disable these in your browser settings, though doing so may slow some platform features.
Our infrastructure sits in Southeast Asia (data centres in Jakarta and Singapore). Your data may be transferred across jurisdictions for backup and analytics; we ensure all transfers comply with local data-residency laws where applicable. We do not transfer data to countries outside Southeast Asia unless you explicitly consent.
Data Breach Notification
If we detect unauthorized access to your account or our systems, we will notify you by email within 24 hours. We will also notify relevant authorities where law requires and advise you of protective steps (e.g., resetting your password).
Contact and Updates
To exercise your rights or report a privacy concern, contact us at [email protected] or through the support chat on your donatoto account. Our team responds in Bahasa Indonesia and English during standard business hours; we aim to acknowledge all inquiries within one business day.
We may update this privacy notice to reflect platform changes or legal updates. We will announce material changes via email and on the donatoto website at least 14 days before they take effect. Continued use of your account after the notice date constitutes acceptance of the revised policy.