12toto Platform Privacy Notice

What Data We Collect at 12toto

We collect personal information in several categories. First, your account credentials: email address, username, password (encrypted), and phone number. Second, identity information: your legal name, date of birth, and government-issued ID number (stored during KYC verification). Third, address details: street address, city, postal code, and country—required to comply with anti-money-laundering (AML) regulations and to confirm you're accessing from a supported jurisdiction.

Fourth, payment information: we do not store your full credit-card numbers or e-wallet passwords. Instead, we log your payment method type (e.g., "DANA", "e-wallet bank transfer"), transaction ID, and timestamp. Your actual card or e-wallet credentials route through certified third-party processors (Stripe, Adyen, or regional payment gateways) using encrypted channels. Fifth, gameplay data: bet amounts, game selections (e.g., Dragon Tiger, Aviator, Liga 1 markets), bet outcomes, and timestamps. This data is stored to calculate your tier points, weekly cashback, and withdrawal history.

We also log technical data: your IP address, device type, browser version, and session duration. This helps us detect fraudulent logins, maintain platform stability, and troubleshoot support issues. Cookies and analytics tags (Google Analytics, optional third-party trackers) track your navigation behavior to improve user experience.

How We Use Your Data on 12toto

We use your data for core platform operations. Your account credentials enable login and password recovery. Your identity and address data fulfil legal compliance requirements: KYC (Know-Your-Customer) and AML (Anti-Money-Laundering) regulations apply across Indonesia and supported jurisdictions. We verify that you are not on sanctions lists and that your account activity aligns with your registered location. Without this verification, we cannot process withdrawals or maintain your account in good standing.

Your payment data is used to process deposits and withdrawals, reconcile transactions, and detect fraud. Your gameplay data drives our loyalty programme: tier points accumulate from every hand or bet, and weekly cashback is calculated automatically every Monday based on your losses. We do not sell your gameplay data to third parties; it remains internal to 12toto for your benefit.

Technical data helps us monitor platform health, detect suspicious login patterns (e.g., access from Jakarta one minute and Semarang the next), and respond to support requests. If you report a withdrawal issue or a disputed bet, we review these logs to investigate and resolve it fairly.

Third-Party Processors & Data Sharing at 12toto

We do not sell your data. However, we work with trusted partners who act as data processors on our behalf:

• Payment Gateways: Stripe, Adyen, and regional partners handle card and e-wallet transactions. They receive your payment method and transaction amount but do not store your full card number.
• KYC Verification Services: Third-party identity-verification firms process your ID documents and address proofs, then return a verification result to us. Documents are not retained by these vendors after verification is complete.
• Cloud Hosting Providers: Our servers may sit outside your jurisdiction (e.g., in Singapore or the Philippines). Data is encrypted in transit and at rest.
• Customer Support Platforms: Live-chat and email support logs are stored in secure CRM systems. Support staff access only the information necessary to resolve your issue.
• Analytics & Fraud Detection: Google Analytics and fraud-detection services (e.g., Kount, Sift) may receive anonymized or hashed versions of your data to improve security and user experience.

All processors sign Data Processing Agreements (DPAs) committing them to the same security and confidentiality standards we uphold. We do not allow processors to use your data for their own marketing or sale to third parties.

How Long We Keep Your Data at 12toto

We retain account data (email, username, identity details) for as long as your account is active. If you request account deletion, we anonymize personal identifiers but retain aggregated gameplay records for regulatory and tax purposes—typically for seven years to comply with anti-money-laundering and tax law. Payment transaction records are kept for a minimum of five years for audit and dispute resolution. Technical logs (IP addresses, session data) are retained for 90 days then automatically deleted, unless they are relevant to an ongoing investigation or support case.

Your Rights Over Data on 12toto

You have the right to access your personal data at any time. Log into your 12toto account and download your account summary, transaction history, and KYC documents from your profile. You have the right to correct inaccurate information: if your registered address or phone number is wrong, contact our support team and we will update it within one business day.

You have the right to data portability: we can export your account data in a machine-readable format (CSV or JSON) and share it with another service provider if you request it. You have the right to request erasure (deletion) of your personal data, with exceptions: we must retain gameplay records, transaction histories, and identity documents as required by law. Deletion requests are processed within 30 days.

If you believe we are processing your data unlawfully or in violation of your privacy rights, you may lodge a complaint with your regional data protection authority. In Indonesia, this is the Office of the Deputy for Business & Public Policy (Kementerian Hukum dan HAM). We encourage you to contact us first at [email protected] so we can address your concern directly.

Cookies & Tracking on 12toto

We use cookies to maintain your login session, remember your language preference, and track your gameplay for tier-point calculation. Essential cookies (session ID, CSRF token) are necessary for the platform to function. Optional cookies (Google Analytics, heatmaps) track your navigation behavior to improve user experience. You can disable optional cookies in your browser settings without losing core functionality, though you may not be able to use features that rely on persistent login tokens.

How We Protect Your Data at 12toto

All communication between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS). Passwords are hashed using bcrypt, making them unreadable even to our staff. Payment data is processed through PCI-DSS-compliant gateways. We conduct regular security audits and penetration testing to identify vulnerabilities. Access to sensitive data (payment records, KYC documents) is restricted to authorized staff on a need-to-know basis and logged for audit purposes.

Contacting Us & Policy Changes at 12toto

If you have questions about our privacy practices or wish to exercise your data rights, contact us at [email protected]We respond to privacy inquiries within five business days. For urgent data-access requests, use live chat in your account dashboard; our support team will escalate your request to our Data Protection Officer.

We may update this privacy notice to reflect changes in our practices or legal requirements. We will notify you of material changes by email or by posting a notice on the 12toto homepage at least 30 days before the change takes effect. Continued use of 12toto after such notification constitutes your acceptance of the updated policy.

Privacy at 12toto: Summary

We collect personal, payment, and gameplay data to operate the 12toto platform, comply with legal regulations, and reward your loyalty through tier points and cashback. We do not sell your data to marketers or brokers. We protect it with encryption, access controls, and regular security audits. You retain rights to access, correct, and delete your data (subject to legal retention requirements). If you have concerns about how we handle your information, we welcome your questions—reach out to [email protected] or use our in-platform support channels.