gp toto Platform Privacy Notice

This page describes what we collect when you use gp toto and how we keep that data protected, encrypted, and separate from our gaming operations. We take your privacy seriously and handle all personal information—identity verification, payment details, account activity—according to strict data-protection practices and applicable legal standards across the jurisdictions where our gp toto platform operates.

Our gp toto privacy policy covers identity data (name, date of birth, national ID), contact information (phone, email), payment credentials (e-wallet tokens, bank account references), account activity (gaming history, deposit and withdrawal records), and technical data (IP address, device fingerprint, session logs). We explain where this data is stored, who has access to it, how long we retain it, and what rights you hold over your own information.

If you have questions about our gp toto data practices after reading this policy, you can contact our privacy team at any time. We also provide mechanisms to download, correct, or request deletion of your data subject to legal retention periods.

What Data We Collect on gp toto

We collect identity data when you register a gp toto account: your full legal name, date of birth, phone number, and a copy of your national ID or passport. We also collect your email address and any additional contact details you provide. This information is mandatory for account verification and compliance with anti-money-laundering (AML) regulations applicable to gaming platforms.

When you fund your gp toto account via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank virtual accounts (mobile banking, Mandiral, local payment, online payment), our payment processors collect transaction metadata: timestamp, amount, merchant reference, and confirmation code. We do not store your full payment credentials (card numbers, e-wallet secrets); we retain only encrypted tokens provided by our payment partners. These tokens expire and are refreshed regularly, so even if our database is compromised, attackers cannot reconstruct your original payment information.

We collect your gp toto account activity: bets placed, games played, deposits made, withdrawals requested, bonuses claimed, and dispute filings. We also collect technical data: your IP address, device type, browser user-agent, session duration, and approximate geographic location (derived from IP geolocation). This data helps us detect fraud, prevent account takeovers, and optimize our gp toto platform's performance.

Data Segregation: We keep your identity verification records in a separate, more heavily encrypted database from your gaming activity. This separation ensures that even if one system is compromised, your personal ID remains protected in an isolated vault.

How We Use Your Data on gp toto

We at gp toto use your identity data to verify your eligibility, comply with KYC and AML regulations, and prevent underage access or sanctioned-person usage. We use your payment data to process deposits and withdrawals, reconcile transactions, and detect payment fraud. We use your account activity data to settle games and markets accurately, manage your account balance, and investigate disputes.

We use your technical data (IP, device fingerprint, session logs) to prevent account takeovers, detect multi-accounting abuse, and block access from prohibited jurisdictions. We also use anonymized account data to analyse our gp toto platform's usage patterns, improve game performance, and optimise our payment flow for users in Jakarta, Surabaya, Bandung, Medan, Semarang, and Yogyakarta.

We do not sell your personal data to third parties. We do not use your gp toto account information for marketing purposes beyond service-related emails (account alerts, withdrawal confirmations, policy updates). We do not share your gaming history with other platforms or external entities without your explicit consent, except as required by law or regulatory investigation.

Third-Party Processors and Data Sharing on gp toto

We at gp toto engage third-party processors to handle specific functions. Our payment processors (e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking) receive transaction data necessary to settle deposits and withdrawals. Our hosting provider stores our gp toto servers and databases; these may be located outside Indonesia. Our email service provider sends transactional emails (account confirmations, withdrawal notifications); we share only your email address and message content with them, not your payment data or gaming history.

We require all third-party processors to sign data-protection agreements (DPAs) committing them to encrypt data in transit, use encrypted storage, limit access to authorised personnel only, and delete data upon contract termination. We conduct annual audits of our processors' security practices. If a processor suffers a breach, we notify affected users within 72 hours as applicable law requires.

We may share your data with law-enforcement agencies, financial regulators, or anti-fraud consortia if legally required or to prevent fraud or illegal activity on our gp toto platform. We will disclose data only to the extent legally necessary and will notify you of such disclosure where permitted by law.

Data Retention and Deletion on gp toto

We at gp toto retain your identity verification data for as long as your account is active, plus a legal holding period typically ranging from two to seven years depending on your jurisdiction. After the holding period expires, we securely delete this data unless we are required by law to retain it longer. You may request deletion of your data at any time; we will comply subject to legal retention obligations and ongoing dispute-resolution timelines.

We retain your gp toto account activity and transaction records for at least five years to support audit trails, dispute resolution, and regulatory compliance. We retain your technical session data (IP logs, device fingerprints) for one year, after which we purge this data automatically. You can download your complete account history and data export at any time through your gp toto account settings.

Your rights on gp toto

  • You can access all data we hold about you by downloading your account history from your gp toto profile.
  • You can request correction of inaccurate data (name, contact details) through account settings or support.
  • You can request deletion of your data after your account closes, subject to legal retention periods.
  • You can disable certain optional data collection (e.g. analytics cookies) through your privacy settings on gp toto.
  • You can object to our use of your data for specific purposes and we will cease that use unless legally required otherwise.

Cookies and Tracking on gp toto

We at gp toto use session cookies to maintain your login state and remember your account preferences. We use analytics cookies (via anonymized tracking) to measure site traffic, page performance, and user-flow patterns—this helps us optimise our gp toto platform's speed and usability. We do not use tracking cookies to follow you across other websites, and we do not permit third-party ad networks to place tracking pixels on our gp toto domain.

You can disable non-essential cookies through your browser settings. Disabling session cookies will require you to re-authenticate each time you visit our gp toto platform. Disabling analytics cookies will not affect your account functionality but will limit our ability to optimise platform performance. We do not use cookies to collect payment data or identity information; those are handled separately through encrypted data fields.

Data Security and Encryption on gp toto

We at gp toto encrypt all data in transit using TLS 1.2 or higher. All data at rest is encrypted using AES-256 or equivalent. We store payment tokens in a separate, hardware-isolated vault with restricted access. We employ IP whitelisting, two-factor authentication, and anomaly detection to prevent unauthorised access to our gp toto systems. Our servers are protected by firewalls, intrusion-detection systems, and real-time monitoring. We conduct annual third-party security audits and penetration testing.

If a data breach occurs, we have incident-response protocols to isolate affected systems, notify relevant authorities, and inform affected users within 72 hours where required by law. We do not hold you liable for compromised data if you report the breach immediately and have not shared your credentials or two-factor authentication codes.

Contact Us About Privacy on gp toto

If you have questions about our gp toto privacy practices, want to exercise your data rights, or believe we have mishandled your information, you can contact our privacy team. You can submit a data-access request, deletion request, or privacy complaint through our support portal within your gp toto account, and we will respond within 30 days. You also retain the right to contact your local data-protection authority if you believe we have violated applicable privacy law.

Our gp toto privacy policy may be updated periodically to reflect changes in our platform, regulatory requirements, or security practices. We will notify you of material changes via email at least 30 days before they take effect. Your continued use of gp toto after the effective date of any update constitutes acceptance of the updated privacy policy.

We at gp toto remain committed to protecting your data, maintaining transparency about our practices, and honouring your privacy rights. Thank you for trusting us with your information.