wtoto Privacy Policy

This page describes what we collect when you use wtoto and how we keep that data protected. When you open an account, deposit funds via DANA or e-wallet, or place stakes on our sportsbook and games, we gather specific information about you. We use that data only for account administration, fraud prevention, and regulatory compliance — we do not sell or share it with marketers or unrelated third parties.

Our commitment is transparency. We explain which data we collect, where it is stored, who has access to it, and how long we keep it. We also explain your rights — you can request access to your data, correct inaccuracies, or request deletion (subject to regulatory retention limits). If you have questions about how we handle your information, contact our support team.

This privacy policy applies to all wtoto platforms: our Android app, iOS Safari browser access, and desktop website. If our policy changes, we notify you at least 30 days in advance.

What data we collect at wtoto

When you create a wtoto account, we collect your name, email address, phone number, and national ID details. You upload a photo of your ID card so we can verify your identity — this Know Your Customer (KYC) process is required by law in most jurisdictions and helps us prevent fraud and money laundering.

When you deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer (mobile banking, local payment, online payment, e-wallet), we receive payment confirmation data from the payment processor — the amount, timestamp, and your payment method identifier. We do not store your full card number or e-wallet password; the payment processor handles that securely.

When you use wtoto, we log your activity: which games you play, which bets you place, how much you stake, when you log in, which device you use, and your IP address. We also collect technical data such as your device type, browser version, and crash reports if our app fails. This data helps us improve the wtoto platform and detect unauthorised access to your account.

KYC storage: We store your ID photo and verification documents in a separate secure system, separate from your login credentials. Only our compliance and fraud-prevention teams can access this data.

How we use your data on wtoto

We use your personal data for six primary purposes. First, account administration — we need your name and email to create your account, verify your identity, and send you account statements and withdrawal confirmations. Second, payment processing — we share your data with payment processors (mobile banking, local payment, etc.) only to the extent needed to complete your deposit or withdrawal.

Third, fraud prevention and compliance — we analyse your login patterns, device changes, and transaction history to detect suspicious activity. If we see activity inconsistent with your normal use (e.g., a sudden large withdrawal from an unusual location), we may request additional verification or temporarily restrict your account. Fourth, legal obligation — we retain data to comply with regulations and to respond to lawful requests from authorities.

Fifth, product improvement — we use anonymised gameplay and technical data to improve the wtoto platform, identify bugs, and optimise performance. Sixth, customer support — when you contact our team, we use your account history to assist you with password resets, deposit issues, withdrawal delays, or gameplay disputes.

Data storage and location on wtoto

We store your account data on cloud servers operated by secure providers. Our primary data centre is located outside Indonesia, but we maintain compliance with local data protection laws. Your data is encrypted both in transit (using HTTPS/TLS) and at rest (using industry-standard encryption algorithms).

Our servers may sit outside your jurisdiction. By using wtoto, you acknowledge that your data may be processed and stored in countries with different privacy laws than your own. We ensure that all processors and storage providers meet our minimum security standards, regardless of location.

We at wtoto encrypt your data, limit access to authorised staff, and delete it when no longer needed — subject to regulatory retention requirements.

wtoto data protection team

Third-party processors and partners

We share your data with specific third parties only when necessary. Our payment processors (online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, and banks) receive your payment data to process deposits and withdrawals. Our fraud-prevention service provider receives transaction data to detect money laundering and identity theft. Our hosting provider receives technical data (logs, crash reports) to maintain server uptime and security.

We do not share your data with marketing companies, advertisers, or data brokers. We do not sell your contact information. If we receive a lawful government request for your data, we comply only to the extent required by law and notify you of the request whenever legally permitted.

Your rights on wtoto

You have the right to access your personal data. You can download a copy of your account details, transaction history, and verification documents by requesting it from our support team. We provide this access within 10 business days at no cost.

You have the right to correct inaccuracies. If your name, email, or phone number is wrong in our records, contact our support team and we will update it. You also have the right to request deletion of your data, subject to regulatory retention limits. For example, we must retain KYC documents and transaction records for at least 5 years to comply with anti-money-laundering laws, even if you close your account.

You have the right to object to processing of your data for marketing purposes. We do not use your data for marketing, so this right is largely moot. You also have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

Cookies and tracking on wtoto

Our wtoto website and app use cookies — small text files stored on your device — to remember your login session, store your language preference, and measure usage analytics. We use first-party cookies (set by wtoto) and third-party cookies (set by analytics providers). These cookies do not track you across unrelated websites; they are used only to improve the wtoto experience.

You can disable cookies in your browser settings, but this may prevent you from logging into wtoto or using certain features. Our app uses similar session tokens (not traditional cookies) to maintain your login on mobile. You can clear your app's data in your device settings to log out.

Data retention and deletion at wtoto

We retain your data for as long as your account is active and for a reasonable period afterward. If you close your account, we delete most personal data within 90 days, except for information we are required to retain by law. KYC documents, transaction records, and dispute logs must be kept for at least 5 years for regulatory compliance.

If you request deletion of your account and associated data, we comply within 30 days, subject to the retention limits above. After deletion, we cannot recover your account or restore your balance, so account closure is permanent.

Account closure: We cannot delete regulatory or transaction records even after you close your account. These must be kept for at least 5 years.

Data security measures on wtoto

We employ multiple layers of security to protect your data. All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols. Your password is hashed (not stored in plain text), so even our staff cannot read it. We use two-factor authentication (2FA) as an optional extra security layer — once enabled, login requires both your password and a code from your phone.

We restrict access to personal data to authorised staff only. Our servers are protected by firewalls, intrusion-detection systems, and regular security audits. We conduct annual penetration testing to identify and fix vulnerabilities. If we discover a data breach, we notify affected users within 72 hours and provide guidance on securing their accounts.

Despite our security efforts, no system is non-specific info secure. We cannot guarantee protection against all cyber attacks. If you suspect unauthorised access to your wtoto account, change your password immediately and contact our support team.

International data transfers

Our data infrastructure spans multiple countries. Your personal data may be transferred to and processed in jurisdictions outside Indonesia. Some countries have weaker privacy laws than Indonesia. By using wtoto, you consent to your data being processed internationally under the protections set out in this policy.

If you reside in a jurisdiction with specific data protection requirements (such as the European Union), we comply with those requirements. For EU residents, we rely on standard contractual clauses and other legal mechanisms to ensure your data is protected even when transferred outside the EU.

Contact us about your data

If you have questions about our privacy practices, want to access your data, or wish to request deletion, contact our support team via in-app chat (business hours), email, or phone. We respond to data access requests within 10 business days and to deletion requests within 30 business days (subject to legal retention requirements).

For urgent privacy concerns or suspected data breaches, email our privacy officer directly. We take all privacy concerns seriously and investigate thoroughly.

Terms of Use

wtoto account and gameplay rules

Legal

Legal Notice

Jurisdiction and disclaimers

Legal

FAQ

Common privacy questions

Help

About Us

wtoto operations and values

Info

Open Account

Create wtoto account

Signup

Summary – wtoto privacy commitment

We at wtoto collect personal data (name, ID, payment details, account activity) only to operate our platform, prevent fraud, and comply with law. We do not sell your data or use it for marketing. We encrypt your data, limit staff access, and keep it secure on protected servers. Your data may be stored and processed outside Indonesia, but always under encryption and industry-standard protections.

You have the right to access, correct, and request deletion of your data, subject to regulatory retention limits. We support DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank transfers across Jakarta, Surabaya, Bandung, Medan, and all permitted jurisdictions — each payment method flows through our secure, encrypted systems.

This privacy policy is current as of the date shown at the bottom of the wtoto website. If we make material changes, we notify you at least 30 days in advance. For questions or data requests, contact our support team — we respond to all inquiries within 10 business days.