triototo Platform Privacy Notice
This page describes what we collect when you use triototo and how we keep that data protected. We understand that your personal information — email, identity card details, payment history, and game activity — deserves careful handling. Our approach is straightforward: we collect only what we need to operate our platform securely, we do not share your data with third parties without your consent, and we allow you to access or delete your information on request.
We at triototo operate across supported jurisdictions where local law permits online gaming. Data protection laws differ by region — if you're based in Jakarta, Surabaya, Bandung, or Medan, your data is subject to Indonesian regulations and our own privacy commitments. This policy explains our practices in plain language so you understand exactly what happens to your information from the moment you create your account through your final withdrawal.
Our infrastructure includes servers in multiple locations. Some of our data processing occurs outside your jurisdiction, which may mean your data is subject to different legal protections than your home country provides. We address this risk through encryption, access controls, and contractual safeguards with our service providers.
What Data We Collect on triototo
Account registration and identity verification
When you create a triototo account, we collect your email address, full legal name, national identity card number, date of birth, and phone number. We require this information to comply with Know Your Customer (KYC) regulations and to verify your identity before you can deposit funds. We store this data in encrypted databases accessible only to staff with legitimate operational need. We do not sell your identity information to third parties, and we do not use it for marketing without your explicit consent.
Payment and transaction data
We collect information about every deposit and withdrawal you make on triototo. This includes the payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment), the amount, the date and time, and the outcome (successful, failed, pending). We do not store your full bank account numbers or complete credit card details — our payment processors handle that sensitive information according to PCI-DSS standards, and we receive only a transaction confirmation and reference number. We retain transaction history for seven years to comply with financial regulatory requirements and to protect both you and our platform against fraud claims.
Game activity and account behavior
We log your gameplay on triototo — which games you play, when you play, how much you wager, and outcomes. We collect this data to detect fraud patterns, prevent money laundering, and improve our game stability. We track login times, IP addresses, and device information (Android APK version, iOS browser type) so we can support you if you report account compromise. We also log your interaction with our customer support team. All of this behavioral data is encrypted and stored separately from your identity information, limiting access to our fraud and compliance teams.
Cookies and device data
Our triototo website and mobile app use session cookies to keep you logged in during your browsing session. We use persistent cookies to remember your language preference and login history. Our Android APK and iOS browser may collect device identifiers (like your phone's advertising ID) to measure app performance and crash reporting. We use Google Analytics to understand how visitors navigate triototo — this includes anonymized data about page views, game load times, and conversion paths. We do not use this data for targeted advertising unless you opt in via your account preferences.
Push notifications and communication preferences
If you enable push notifications on your Android APK or iOS device, we send you alerts about game launches, tournament results, and account changes. We store your notification preferences and device tokens so we know where to send notifications. You can disable notifications at any time through your triototo account settings or your phone's app notification controls. We do not send marketing emails unless you subscribe to our newsletter — and you can unsubscribe from any email list via a link in every message.
Your Rights and Our Commitments on triototo
Data access and deletion
We at triototo allow you to request a copy of all personal data we hold about you. Submit a data access request through our support channel, and we will provide a machine-readable file containing your account information, transaction history, and login records within 30 days. You also have the right to request deletion of your account and associated data — however, we may retain transaction records for the seven-year period required by anti-money-laundering regulations. Deletion requests are processed within 30 days and are irreversible.
Data breach notification
If we discover that your personal information has been compromised through a security breach, we will notify you via email within 72 hours of discovering the breach. Our notification will explain what information was affected, what steps we've taken to contain the breach, and what steps you should take to protect yourself. We will also notify relevant regulatory authorities as required by applicable law. We maintain cyber-insurance and incident response procedures to minimize the likelihood and impact of breaches.
Third-party processors and data sharing
We use third-party service providers to operate triototo. Our payment processors (banks, e-wallet partners) receive transaction data necessary to process your deposits and withdrawals. Our hosting provider (cloud infrastructure company) stores our encrypted databases. Our analytics provider collects anonymized usage data. Our customer support platform stores your support tickets and communications. All of these processors are contractually bound to use your data only for the services we've engaged them for, and all are required to maintain security standards equivalent to ours. We do not sell or lease your personal information to data brokers or marketing firms.
We at triototo believe that your data security and privacy control are fundamental rights, not optional extras.
Cross-border data transfers
Our servers and processing infrastructure are located in multiple countries. This means your personal information may be transferred to and processed in jurisdictions outside Indonesia, each with its own data protection laws. We undertake these transfers only when necessary for platform operations, and we use Standard Contractual Clauses approved by relevant authorities to ensure your data receives equivalent protection abroad. If you are uncomfortable with international data transfers, you may request that we limit processing to specific regions — however, this may degrade service availability.
Retention and data minimization
We at triototo retain your personal data only as long as necessary to operate our platform and comply with applicable law. Identity verification data is retained for the duration of your account plus 3 years. Transaction records are retained for 7 years to satisfy anti-money-laundering requirements. Game activity logs are retained for 2 years. Once retention periods expire, we securely delete or anonymize the data so it cannot be traced back to you. You can request early deletion of non-regulatory data (such as game activity logs) at any time by contacting support.
Policy updates and contact
We may update this privacy policy to reflect changes in our practices or applicable law. We will notify you of material changes by email at least 30 days in advance of the change taking effect. Your continued use of triototo after a policy update signifies your acceptance of the new terms. If you have questions about this policy or wish to exercise your data rights, contact our privacy team through the Help section of your triototo account or by email. We commit to responding to all privacy inquiries within 14 business days.