bengkulutoto Platform Privacy Notice

This page describes what we collect when you use bengkulutoto and how we keep that data protected. Online gaming platforms across Indonesia process millions of account registrations and payment transactions annually — our bengkulutoto platform handles each account with the same encryption and verification protocols. We collect only the information required to verify your identity, process your deposits and withdrawals, and comply with financial regulations.

We at bengkulutoto do not sell or rent your personal information to marketers or third-party advertisers. We share data only with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, and your bank) to complete your deposit or withdrawal, and with regulatory authorities if legally compelled. Your data remains encrypted at rest and in transit across our platform.

This notice explains what information we collect, how we use it, who may access it, your rights regarding your data, and how to contact us with privacy concerns.

What data we collect on bengkulutoto

When you create an account on bengkulutoto, we collect your legal name, date of birth, email address, phone number, and residential address. This information is required for account creation and identity verification.

When you wager or play games on bengkulutoto, we log your bets, bet amounts, game outcomes, and account balance changes. This data is stored in your account history so you can review your activity at any time.

We also collect technical data: your device type (Android phone, iOS device, desktop browser), IP address, session duration, and browser type. We use this to detect fraud, prevent account hijacking, and optimize bengkulutoto's performance on mobile networks.

KYC documents and identity verification

Before you can withdraw funds, we require identity verification. You upload a government-issued ID (passport or national ID card) and proof of address (utility bill or bank statement). These documents are scanned, stored encrypted in a secure vault, and never displayed to our support team without explicit need.

We retain your KYC documents for the duration of your account and for five years after account closure (required by anti-money-laundering regulations). We do not share these documents with third parties except where required by law — for example, if a government authority requests them as part of a financial crime investigation.

Our manual KYC reviewers are bengkulutoto employees bound by confidentiality agreements. They can access your documents only to verify your identity and approve your account. They cannot download or forward your documents externally.

Document storage

Encrypted in secure vaults; backed up to geographically distributed servers for disaster recovery. Not accessible to third parties without authorization.

Retention period

Kept for account lifetime plus five years post-closure, per financial regulations.

Access logs

We maintain access logs showing who viewed your documents, when, and for what purpose. You can request these logs via support.

Deletion requests

We cannot delete KYC documents while your account is active or during regulatory hold periods. After hold periods expire, you may request deletion via support.

Payment processors and third-party sharing

We share your deposit and withdrawal information with payment providers to complete transactions. When you deposit via DANA, we send your name, amount, and transaction ID to e-wallet's system. Similarly, for bank transfers to mobile banking, local payment, online payment, or e-wallet, we share your account details and transfer amount with the bank to generate a Virtual Account number or process the transfer.

These payment processors have their own privacy policies and data retention practices. We do not control how they handle your data after the transaction completes. We recommend reviewing their policies directly.

We also share aggregate, anonymized data with analytics providers to understand how bengkulutoto is used (e.g., "non-specific info of users access via Android", "peak trading hours are 7-9 PM"). This data cannot identify you individually and helps us improve our service.

Cookies and tracking on bengkulutoto

Our bengkulutoto website uses session cookies to keep you logged in and to remember your preferences (language, bet limits, favorite sports). These cookies expire after subject to verification of inactivity, and you can clear them by logging out or clearing your browser cache.

We do not use third-party tracking cookies. We do not allow Google Analytics, Facebook Pixel, or similar cross-site trackers on bengkulutoto. Our analytics are handled by our own servers, and the data is not shared with advertisers.

When you use our mobile app, we do not set cookies. Instead, we use encrypted local storage to maintain your session. Your login token is stored encrypted on your device and is cleared when you log out.

Our data security practices

We encrypt all data in transit using TLS 1.3 — the same protocol banks use. Your password is never stored in plain text; we store only a salted hash. When you log in, we compare your entered password against the stored hash to verify your identity without ever handling your actual password.

Our servers sit in secure data centers with physical access controls. Backups are encrypted and stored geographically distributed. We perform quarterly security audits and penetration testing to identify vulnerabilities. We patch all systems within 48 hours of security advisories.

We support two-factor authentication (SMS or app-based) for additional security. Once enabled, you receive a one-time code each time you log in from a new device or attempt a large withdrawal. This prevents unauthorized access even if your password is compromised.

Your rights regarding your bengkulutoto data

You have the right to access all your personal data on bengkulutoto. Contact our support team with your account email, and we provide a complete export of your data within five business days (including account profile, bet history, KYC documents, and communications).

You have the right to correct inaccurate information. If your address or phone number is wrong, update it in your bengkulutoto account settings, or contact support to make changes.

You have the right to lodge a complaint with your data protection authority if you believe we have mishandled your data. We will cooperate fully with any investigation.

Regional data handling and server location

bengkulutoto operates across Indonesia, serving account holders in Jakarta, Surabaya, Bandung, Medan, and other supported regions. Our servers may be located outside Indonesia. This means your data may be transferred to and processed outside your jurisdiction. By using bengkulutoto, you consent to this international data transfer.

We maintain the same data protection standards regardless of server location. Our encryption, access controls, and retention policies are consistent across all regions.

Contact us regarding bengkulutoto privacy

If you have privacy questions, concerns, or wish to exercise any of your rights, contact our support team via the Help section in your bengkulutoto account, or email the address listed on our contact page. Include your account email and a description of your request. We respond within five business days.

If you are not satisfied with our response, you may escalate to our data protection officer (contact details available from support). We commit to transparent, timely responses to all privacy inquiries.

This privacy notice is effective as of its publication date. We may update this notice to reflect changes in our practices or applicable law. Material changes are communicated via email to all active bengkulutoto account holders. Continued use of bengkulutoto after such changes constitutes acceptance of the updated notice.