Your Privacy. Our Priority.
At toto78, we're built around your trust. This privacy policy explains exactly how we collect, use and protect your personal data—from account setup through every transaction on our...
What We Collect & Why
When you open an account with toto78, we collect information necessary for account verification, fraud prevention and regulatory compliance. This includes your name, email, phone number, date of birth and identity details. During transactions via DANA, OVO, GoPay and QRIS, we receive payment confirmation data to reconcile deposits and withdrawals. We also gather gameplay analytics, device information and browsing behaviour to improve
your lobby experience. Where local law permits, we may share anonymised data with payment partners and regulatory bodies in supported regions.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
How We Earn Your Trust
Encryption Standard
All data transmitted between your device and toto78 uses industry-standard TLS 1.2+ encryption to prevent interception of account and payment details.
No Third-Party Sale
We never sell your personal information to marketers or brokers. Payment data remains between you, toto78 and your chosen payment partner.
Regular Audits
Our security infrastructure is reviewed quarterly by independent auditors to ensure compliance with data protection standards in supported regions.
Transparency Reports
We publish annual transparency reports detailing data access requests, government orders and how we handle them in accordance with Indonesian law.
GDPR & Local Law
We align our data practices with GDPR principles and respect Indonesian data protection requirements for all user accounts and transactions.
Clear Language
This policy is written in plain English so you understand exactly what happens to your data—no hidden clauses or legal jargon masking the truth.
Consistency Across Our Platform
| Single Privacy Framework | Whether you access toto78 on desktop or mobile, your data is governed by one privacy policy—no separate rules per device or region. |
|---|---|
| Unified Account Data | Your personal information, payment history and preferences are stored in a single account. No fragmentation means easier management and faster updates. |
| Cross-Channel Consistency | DANA, OVO, GoPay and QRIS transactions are handled under identical privacy standards, so payment method choice doesn't alter your data protection. |
| Linked Legal Pages | Our Terms of Service, Player guidance Policy and Cookie Policy all cross-reference this privacy policy to ensure you see the complete picture. |
| Sync with Affiliates | If you came through a toto78 partner site, that affiliate shares only your consent preferences with us—no extra data is collected or stored separately. |
| One Update Schedule | Policy changes are announced once across all channels. You'll receive notification in your account, not scattered across multiple pages or emails. |
| Unified Support Path | Privacy requests, complaints and data corrections go to the same team regardless of which platform version you used to submit them. |
What Makes Our Privacy Approach Work
Minimal Data Collection
We ask for only the information necessary to open your account, process payments and comply with law. No surplus fields or hidden data requests.
Payment Isolation
Your DANA, OVO, GoPay and QRIS credentials never touch our servers. Payment processors handle them, then send us confirmation only—zero full card data stored.
Session Management
Login sessions expire after inactivity. If you step away from the lobby, your account automatically logs out to prevent unauthorized access from shared devices.
Retention Limits
We keep your active account data as long as your account exists. Deleted accounts have personal information removed within 30 days where permitted by law.
Cookie Transparency
Every cookie placed on your device is listed in our Cookie Policy with its purpose. You can disable non-essential cookies at any time from account settings.
Fraud Prevention Only
We monitor account activity for fraud prevention, regulatory compliance and platform security—never to profile you for marketing without your explicit consent.