LEGAL REFERENCE

Your Privacy Matters to Us

We built badaitoto around your trust. This privacy policy shows exactly how we collect, use and protect your personal data — from account signup through every deposit, withdrawal...

Data EncryptedQRIS ProtectedAccount SecurePayment PrivateIndonesia Compliant
View Game Library Read FAQ
badaitoto Your Privacy Matters to Us

What We Collect and Why

When you open your badaitoto account, we collect your name, email, phone number and identity details to verify your age and prevent fraud. During gameplay, we log your session activity, game selections and betting patterns to personalise your lobby and detect unusual account behaviour. Payment information — your DANA, OVO, GoPay or QRIS identifier — is tokenised and never stored in plain

text on our servers. We also collect device data (IP address, browser type, operating system) to maintain platform security and comply with Indonesian gaming regulations in supported regions.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

PLAYER SUPPORT

Privacy Questions? Reach Out

Email Support Send privacy concerns to [email protected]. Our data protection team responds within 24 hours with clarification on how your data is handled.
Account Settings Log in and visit Settings > Privacy to review what data we hold, request corrections or download your full account record in one tap.
Live Chat Open the chat widget during your session. Our team can walk you through data retention, deletion requests or explain how QRIS transactions are logged.
WHY THIS PLATFORM

How We Earn Your Confidence

Third-Party Audit

Our data handling practices are reviewed annually by independent security auditors. Audit reports confirm encryption standards, access controls and compliance with Indonesian data protection frameworks.

Transparent Logging

Every access to your personal data is logged with timestamp and reason. You can request an audit trail of who viewed your account and when through your privacy dashboard.

No Third-Party Sales

We never sell your gaming history, payment details or contact information to advertisers, data brokers or third-party marketers. Your data stays within badaitoto.

Encryption Standard

All data in transit uses TLS 1.3; data at rest uses AES-256 encryption. Payment tokens are isolated in a separate, air-gapped vault inaccessible to our main application servers.

Incident Response

If a breach occurs, we notify affected users within 72 hours with details of what was exposed, steps we've taken and your next actions. We maintain cyber insurance covering data incidents.

GDPR + Local Compliance

Although badaitoto operates in Indonesia, we respect GDPR rights for EU visitors and comply with local data residency rules. Your data never leaves our Indonesia-based servers without your consent.

WHY THIS PLATFORM

Consistency Across Our Policies

01

Terms of Service

Our Terms define account ownership and dispute resolution. Privacy Policy focuses on data handling; Terms cover gameplay rules, bonus terms and account suspension criteria.

02

Cookie Policy

Separate document detailing session cookies, analytics trackers and third-party pixels. Privacy Policy covers personal data; Cookie Policy explains tracking technology and your opt-out rights.

03

Payment Security

Payment methods (DANA, OVO, GoPay, QRIS) are governed by their own provider terms. Our Privacy Policy explains how we store your payment token; their policies cover transaction logs.

04

Player guidance

Our Player guidance page outlines Deposit references, session timers and Account closure tools. Privacy Policy explains how we log these preferences and use them to enforce your chosen limits.

05

Affiliate Disclosure

If you join our affiliate program, a separate Affiliate Privacy Addendum applies. Main Privacy Policy covers your player account; Affiliate Addendum covers referral tracking and commission data.

06

Third-Party Integrations

Live casino providers (Evolution, Pragmatic) and sportsbook partners have their own privacy policies. We share only your session ID and game outcome; they don't receive your payment details.

07

Data Retention Schedule

Detailed retention timelines (account data kept 7 years post-closure, session logs 90 days, payment records per Indonesian tax law) are in our Data Retention Appendix, linked from this policy.

PLATFORM SNAPSHOT

What Defines Our Privacy Approach

Zero-Knowledge Architecture Our payment processors never see your game selections or betting...
Automated Data Purge Session logs older than 90 days are automatically deleted. Account...
Consent-First Tracking We ask for explicit consent before placing analytics cookies or...
Portable Account Export Request your full account record — every bet, deposit, withdrawal...
Biometric Login Option Use your phone's fingerprint or face recognition to log in...
Transparent Vendor List Our Privacy Policy Appendix lists every third party with access...

Privacy Policy Questions Answered

No. We never sell your account data, gaming history or contact information to third parties. We use your data only to run your account, personalise your lobby and comply with Indonesian regulations. Advertisers cannot buy your player profile from us.

Payment tokens (DANA, OVO, GoPay, QRIS identifiers) are stored only while your account is active. After you close your account, payment tokens are deleted within 30 days. Transaction records are kept for 7 years to satisfy Indonesian tax law, then purged.

Yes. Log into Settings > Privacy > Export Data. We'll compile your account record, betting history, deposits, withdrawals and preferences into a JSON file and email it within 24 hours. You can use this for tax filing or to port your data elsewhere.

We maintain cyber insurance and incident response protocols. If a breach occurs, we notify affected users within 72 hours with details of what was exposed, remediation steps and your next actions. Payment data is encrypted separately, so a breach of gaming data doesn't expose your DANA or OVO details.

No. Our cookies are first-party only — they track your activity on badaitoto.app, not across the wider web. We don't place retargeting pixels or share your browsing data with ad networks. See our Cookie Policy for full details and opt-out instructions.

If you're in the EU, GDPR rights apply: you can request access, correction, deletion or portability. If you're elsewhere, we follow your local data protection law. Your data is stored on servers in Indonesia unless local law requires otherwise. Contact [email protected] with your location for specifics.

Yes. Request account deletion in Settings > Privacy > Delete Account. We'll anonymise your personal data within 30 days. Transaction records are kept for 7 years per Indonesian tax law, but your name, email and payment details are removed immediately.