donototo Platform Privacy and Data Protection Notice
Whether you access donototo through the Android app installed from our distribution channel, via an iOS browser, or our mobile-first interface, your personal data is handled according to this policy. This page describes what we collect when you use donototo, how we keep that data protected, and your rights over it. We operate across supported jurisdictions from Jakarta to Semarang, processing payments via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and major banks. Every data handling practice outlined here reflects our commitment to security and lawful use.
Our privacy approach is straightforward: we collect only what we need, we protect it rigorously, and we don't sell it. Your identity verification documents, payment information, betting history, and device details are encrypted and stored securely. When you withdraw funds or update your account, we review the data to prevent fraud and comply with local money-laundering regulations. This notice sets out exactly what we do, who may access your data, and how long we keep it.
If any part of this policy is unclear, contact our support team. We're transparent about data practices because trust is foundational to how we operate.
What Data We Collect on donototo
When you create an account with donototo, we collect your full name, date of birth, email address, and phone number. During identity verification (KYC), we request a photograph of your national ID or passport and proof of address (utility bill, rental agreement). We also collect payment details — the account number or e-wallet identifier you provide for deposits and withdrawals — but we tokenise these and never store full payment credentials in plain text.
As you use donototo, we log your device information (OS version, device model, unique identifier), IP address, browser type, and geolocation at city level. We track your gaming activity — wagers placed, games played, session duration — and your account interactions (login times, password changes, 2FA activations). This data helps us detect unusual activity, prevent fraud, and respond to support requests.
We do not require biometric data on donototo
Your password and 2FA code are sufficient for account access. We never ask for fingerprints, facial recognition, or voice samples. If you enable biometric login on your device, that's encrypted locally on your phone — we never see it.
How We Use Your Data on donototo
We use your identity data and payment details to verify your account, process deposits and withdrawals, and comply with anti-money-laundering law. Your gaming activity helps us personalise your experience — for example, remembering your preferred live-dealer table or showing you upcoming Liga 1 matches if you've wagered on football. We analyse anonymised aggregate data to understand which games (Aviator, Sweet Bonanza, Dragon Tiger) are popular and when traffic peaks during major tournaments like Piala AFF.
We also use your contact information to send important notices — account alerts, withdrawal confirmations, policy updates — and to respond to your support requests. We never use your data for marketing unless you explicitly opt in. We do not sell or lease your personal information to third parties. Your email and phone number are not rented to advertisers.
Our Data Processors and Third Parties
We use external processors to operate securely:
- Payment providers (connected to QRIS, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment networks) process your deposits and withdrawals. They receive your name, account number, and transaction amount only.
- Identity verification vendors conduct KYC checks using your ID and address documents. We use certified third-party providers; your documents are processed and then deleted according to their retention policy.
- Our cloud hosting provider stores encrypted database backups and logs. Their servers may sit outside your jurisdiction (outside Indonesia), but all data in transit is encrypted using TLS.
- Customer support ticketing system stores your conversation history. Only authorised support staff can access this.
All processors sign data-processing agreements obligating them to protect your information and use it only as instructed. We audit these partnerships annually.
Your Rights on donototo
You can request a copy of all personal data we hold about you. You can ask us to correct inaccurate information — for example, if your registered address in Bandung has changed. You can request deletion of your data, though we may retain some records if required by law or to resolve disputes. You can also request restrictions on how we use your data — for instance, asking us not to send promotional emails (though account alerts, withdrawal notices, and support responses are mandatory).
donototo handles your personal data as if it were our own: encrypted, compartmentalised, and never shared without clear purpose or consent.
Cookies and Tracking on donototo
We use cookies to keep you logged in and to remember your preferences (language, table selection). These are essential for donototo to function. We also use analytics cookies to count how many players access donototo from Medan versus other cities, which help us optimise our service. You can disable non-essential cookies in your browser settings; essential cookies cannot be turned off without breaking login functionality.
Data Retention and Account Closure on donototo
We retain your account data while your account is active. If you request account closure, we delete personal data (name, address, ID scans) within 30 days, except where we have legal obligations to retain it (tax records, anti-fraud investigations). Transaction history is kept for seven years to comply with financial regulations. Backup copies may exist and take up to 90 days to purge completely.
If your account is suspended due to prohibited conduct, we may retain your data longer to defend against disputes or investigate fraud. We will inform you if this applies.
Contact Us About Your Privacy
For questions about this policy, requests to access or delete your data, or complaints about our privacy practices, contact our support team through the in-app help menu, live chat, or email. We will respond within 14 days. If you are unhappy with our response, you have the right to lodge a complaint with your local data protection authority.