usutoto Platform Privacy Notice
This page describes what we collect when you use usutoto and how we keep that data protected. We gather information necessary to operate the platform—account credentials, identity documents for verification, payment details, and game activity logs—and we store this information on encrypted servers with restricted access.
Our data handling follows a principle of minimal collection: we ask for only what we need to deliver service, verify accounts, process withdrawals, and comply with financial regulations. We do not sell your personal information to third parties unrelated to payment processing, account recovery, or legal obligations. Your data remains yours; we are custodians who treat it with the security and confidentiality it deserves.
We recognise that your privacy matters, especially when you fund your usutoto account via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfers. This notice explains what information we collect, how we use it, who can access it, how long we keep it, and what rights you have to request correction or deletion.
What information we collect on usutoto
We collect several categories of information when you use usutoto. Account registration requires an email address, username, password, and date of birth. Payment information—which e-wallet, bank account, or payment method you use—is collected at deposit time and retained to process withdrawals and refunds. Identity verification requires a government-issued ID photo and a selfie for facial recognition, collected only before your first withdrawal.
Game activity is logged continuously: which games you access, when you play, your stakes, outcomes, and payouts. We also collect device information—operating system, browser type, device model, IP address—to improve security and diagnose technical issues. Your account history, balance changes, and support interactions are retained in our systems to provide customer service and resolve disputes.
We do not collect unnecessary data. We do not track your location unless you explicitly grant location permission to our mobile app. We do not monitor your other apps or browser history. We do not retain payment card numbers—only your bank account holder name and account digits, necessary for withdrawal routing. Sensitive information like passwords is never stored in plaintext; only cryptographic hashes allow us to verify your credentials without knowing your actual password.
Data categories collected by usutoto
- Account credentials: Email, username, hashed password, date of birth.
- Identity documents: Government ID photo and selfie (KYC verification).
- Payment information: E-wallet or bank account details needed for deposits and withdrawals.
- Game activity: Bets placed, game outcomes, payouts, session timestamps.
- Device and access data: IP address, browser type, operating system, device model.
How we use your information
We use your account information to operate usutoto: verify your identity, process deposits and withdrawals, settle game outcomes, and maintain your balance. Your email and username enable login and account recovery. Your payment details route deposits from your chosen method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) and withdrawals back to your registered account.
Identity documents verify that you are who you claim to be—a legally required step before we release any withdrawn funds. Game activity logs ensure accurate settlement and allow you to dispute results by cross-referencing the recorded outcome against your account statement. Device information helps us detect account compromise (e.g., login from an unusual location) and diagnose technical issues affecting the platform.
We use your data to comply with financial regulations, including anti-money-laundering (AML) checks. We may share limited information with payment processors, bank partners, and fraud-detection services to verify transactions and prevent illegal activity. We do not use your data for marketing unless you explicitly opt in to communications. We do not sell your personal information to data brokers or advertisers.
Third-party processors and data sharing
We work with third parties necessary to deliver usutoto services. Our payment processors—the companies handling mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and bank virtual-account transfers—receive minimal information needed to route your deposit or withdrawal. We share your name, account number, and transaction amount with your chosen payment method; these processors do not receive your password, full identity document, or game history.
Our cloud-hosting provider stores our servers, databases, and backups. This provider may sit outside your jurisdiction and may be subject to foreign law. We encrypt sensitive data before upload, ensuring the hosting provider cannot read your passwords or identity documents without decryption keys we maintain separately. Our analytics partner receives anonymised, aggregated data about platform usage patterns; individual account details are never shared.
We may disclose your information if required by law—for example, if a court orders disclosure for a legal investigation or if a regulator requests information to verify compliance. We limit such disclosures to the minimum legally required and notify you whenever possible, unless law prohibits notification. We do not sell your information to third parties for profit or marketing purposes.
- Payment processors
- Receive transaction details (name, account, amount) but not passwords or identity documents.
- Cloud hosting
- Stores encrypted servers; sensitive data encrypted before upload so provider cannot read it.
- Fraud detection
- Receives minimal account and transaction data to detect suspicious activity; does not retain data long-term.
- Legal or regulatory requests
- We comply with court orders or regulator requests for limited disclosure; we notify you when possible unless law prohibits it.
Data retention and deletion on usutoto
We retain account data—credentials, payment information, game history—for as long as your account is active and for seven years after closure to comply with financial record-keeping laws. Identity documents (KYC photos) are retained for five years after your last withdrawal; this retention period allows us to dispute chargebacks and verify past transactions if disputes arise.
You can request deletion of non-essential data anytime by contacting our support team. We will delete personal data not required by law—such as optional profile information or communication preferences—within 30 days. However, we cannot delete financial records, game settlement history, or identity documents during the legally mandated retention period, as these are necessary for regulatory compliance and fraud prevention.
When your account is closed, we mark your account as inactive but retain the data per retention schedules. We do not anonymise the data immediately—if you reopen your account within the retention period, we restore your full history. After the retention period expires, we securely delete the data, making recovery impossible.
Cookies and tracking on usutoto
Our usutoto platform uses session cookies to maintain your login across page loads. Without cookies, you would be logged out after every page refresh, making the platform unusable. These session cookies expire when you close your browser or manually log out. They do not track you across other websites and contain no personal information—just a session token that identifies your active session.
We use persistent cookies to remember your login preference—whether you want to stay logged in on your next visit. These cookies are encrypted and expire after 90 days. You can delete these cookies anytime through your browser settings, which will require you to log in again on your next visit.
We do not use tracking pixels, retargeting cookies, or analytics cookies that follow you across the web. We do not sell cookie data to advertisers. Our analytics—how many players log in, which games are popular, which payment methods are used most—are aggregated and anonymised; we never tie analytics to individual accounts.
Your rights and contact options
You have the right to request access to your personal data held by usutoto. Contact our support team via email or live chat with "Data Access Request" in the subject line, and we will provide a copy of your account information within 30 days. You have the right to request correction of inaccurate data—for example, if your registered name is misspelled—and we will update it within seven days.
You have the right to request deletion of non-essential personal data, subject to our legal retention obligations. We cannot delete financial records, game history, or identity documents during mandated retention periods, but we can delete optional profile information. You have the right to data portability: we can export your account and transaction history in machine-readable format upon request.
To exercise these rights or report privacy concerns, contact our support team. We maintain support channels available across major cities—Jakarta, Surabaya, Bandung, Medan, Semarang, and Yogyakarta—with English and regional language support. We respond to privacy requests within the timeline stated above and maintain records of all requests for compliance verification.
This privacy notice reflects our current data handling practices and is updated whenever our systems or policies change. Last reviewed and updated in 2026.
Security and jurisdiction
We encrypt all data in transit using TLS 1.2 or higher. Data at rest—stored on our servers—is encrypted using AES-256 or equivalent. Access to sensitive data is restricted to authorised staff who need it to perform their role; unauthorised access triggers alerts and investigation. We maintain firewalls, intrusion detection, and continuous vulnerability scanning to prevent breaches.
Our servers may be located outside your jurisdiction. Data stored outside Indonesia may be subject to foreign laws, including potential government access requests in those countries. We encrypt sensitive data before upload so that even our hosting provider cannot read it without decryption keys we maintain separately. If you are uncomfortable with data being stored outside your jurisdiction, contact our support team to discuss options.
We are not responsible for third-party privacy practices outside our control. If you use a payment method like DANA, e-wallet, or bank transfer to deposit on usutoto, that payment processor's privacy policy governs how they handle your payment data. We recommend reviewing their policies before using their services.
Policy changes and contact information
We may update this privacy notice to reflect operational changes, legal requirements, or technology improvements. We will notify you of material changes via email or by posting a notice on usutoto. Your continued use of the platform after changes take effect means you accept the updated privacy notice.
If you have privacy questions or concerns, contact our support team via live chat or email. We respond to privacy inquiries within two hours during business hours and within four hours otherwise. Major holidays like Idul Fitri, Idul Adha, Imlek, or Nyepi may extend response times slightly, but we prioritise privacy and security issues above general inquiries.
Your privacy matters to us. We handle your data with encryption, access controls, and transparent practices. This notice explains how usutoto collects, uses, and protects your information. If anything in this notice is unclear, or if you have concerns about how we handle your data, reach out to our support team. We stand committed to protecting your privacy while delivering the usutoto platform services you expect.