Reference

How We Handle Your Privacy at toto238

When you open an account with us, your personal information and payment details are protected under our privacy framework.

Account security encryptedPayment data protectedClear data retention rulesYour access rights explained
toto238 How We Handle Your Privacy at toto238
REACH OUR TEAM

Privacy Questions – How to Contact Us

Live Chat Open the chat widget in your account lobby Monday to Sunday, 09:00–23:00 Indonesian time.
Email Support Send privacy questions to our support email.
In-Account Settings Go to Account > Privacy & Data in your dashboard to review your profile…
DATA INTEGRITY

How We Protect Your Information

Encryption & Storage

All personal and payment data is encrypted in transit and at rest on secure servers. We use industry-standard SSL/TLS protocols for login sessions and fund transfers via DANA, OVO, GoPay and QRIS.

Payment Method Security

Your DANA, OVO, GoPay and QRIS credentials are never stored in plain text. Deposits and withdrawals are tokenized so toto238 handles only encrypted payment references, not your actual account numbers.

Data Retention

We retain account records for seven years after closure to fulfil legal obligations where local law permits. Transaction logs and activity history are kept for five years. You may request deletion of non-essential data.

Account Access Control

Your account is protected by a unique password and optional two-factor authentication via SMS. Only you can view your balance, transaction history, connected payment methods, and personal profile.

Cookies & Tracking

We use session cookies to keep you logged in and analytics cookies to understand how you navigate the lobby. You may manage cookie preferences in your browser; essential cookies cannot be disabled without logging out.

Third-Party Sharing

We do not sell your data to marketers. Payment processors, fraud-detection services, and legal advisors may access data only to process transactions or meet compliance obligations where local law permits.

Privacy & Data – Your Questions Answered

We collect your full name, date of birth, email, phone number, home address, and identity document number for account verification. Players in Yogyakarta and Jakarta provide the same details. When you add a payment method, we also collect your DANA, OVO, GoPay or QRIS account identifier and bank details for withdrawal processing.

We retain your account records for seven years after closure where local law permits, to meet anti-money-laundering and tax obligations. Transaction logs and activity history stay for five years. Personal identification documents are deleted after five years. You may request earlier deletion of non-critical data by contacting support.

Yes. Go to Account > Privacy & Data in the lobby and select 'Export My Data'. We compile your profile, transaction history, payment methods, and activity logs into a file within five business days. Alternatively, email our support team with your request and your account username.

We do not sell your data to marketers or advertisers. We share information only with payment processors (DANA, OVO, GoPay, QRIS), fraud-prevention partners, and legal advisors when required by local law. All third parties sign confidentiality agreements and are prohibited from using your data for other purposes.

Payment credentials are never stored on our servers. Deposits are processed through encrypted tokens so toto238 only sees a reference code, not your actual account number. DANA, OVO, GoPay and QRIS handle the real transaction on their secure networks. Withdrawals reverse the flow — we send funds directly to your verified account.

Change your password immediately and enable two-factor authentication in Account > Security. Contact our live chat or email support with details of the suspected breach. We log all account access attempts and can review login history for unauthorized activity. We may suspend your account while investigating where local law permits.

Go to Account > Profile to update your email, phone number, and address. Account name and date of birth cannot be changed once verified because they are tied to your identity document. To request deletion of non-essential data or close your account entirely, email support with your username and reason.