LEGAL REFERENCE

Your Data. Your Control. Our Commitment.

Q: Who can I contact if I have privacy concerns or want to file a complaint?

Email privacy@testoto.app with your account email and concern. Our privacy team responds within 24 hours. For formal complaints, you can also contact the Indonesian data protection authority in your supported region.

We built testoto around your account security and privacy. Every deposit through DANA, OVO, GoPay or QRIS, every table you join, every bet you place — your information...

Data ProtectionPayment SecurityTransparencyYour RightsIndonesia-Compliant

See the Lobby Read FAQ

How We Handle Your Information

testoto collects and processes your personal data — name, email, phone, payment details — only to operate your account, process transactions through DANA, OVO, GoPay and QRIS, and comply with local regulations in supported Indonesian regions. We do not sell your data to third parties. Your information is encrypted in transit and at rest. We retain account data for the duration of

your membership and as required by law. You can request access, correction or deletion of your personal information at any time through your account settings or by contacting our support team.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Questions? We're Here.

Have concerns about how we handle your data? Reach out directly. Our privacy team responds within 24 hours.

Email Support Send privacy requests to [email protected]. Include your account email and a clear description of your request. We'll respond with next steps.

In-Account Help Open your account settings, navigate to Privacy & Security, and submit a data request form. Track your request status in real time from your dashboard.

Live Chat Chat with our support team during business hours. They can answer policy questions, guide you through data requests, and escalate urgent concerns immediately.

TRUST MARKERS

Privacy Standards We Meet

Our policy is built on industry best practices and local compliance frameworks.

Encryption Standard

All payment data — DANA, OVO, GoPay, QRIS transactions — uses TLS 1.3 encryption. Your account credentials are hashed with bcrypt-12 and never stored in plain text.

Data Minimization

We collect only what's needed to run your account and process your payments. No unnecessary tracking. No data hoarding. Transparent collection practices across all lobbies.

Third-Party Audits

Our privacy and security practices are reviewed annually by independent auditors. Audit reports are available to account holders upon request through our support team.

Incident Response

If a data breach occurs, we notify affected users within 72 hours with clear details, remediation steps, and credit-monitoring resources where applicable.

Regional Compliance

testoto operates under Indonesian data protection frameworks and supported regional regulations. Your rights — access, correction, deletion — are honored in full.

Cookie Transparency

We use cookies only for account login, fraud prevention and analytics. You can disable non-essential cookies in your browser settings without losing core functionality.

Consistency Across Our Platform

Every page on testoto — from your account dashboard to the live tables to the sportsbook — follows the same privacy standards.

Live Casino Tables	Your table history, chat logs and session data are encrypted and retained only for dispute resolution and account security.
Slot Lobbies	Spin history and game preferences are stored locally on your device when possible. Server-side data is anonymized after 90 days.
Sportsbook Markets	Bet slips and market selections are tied to your account for payout tracking. We don't share your betting patterns with third-party marketers.
Payment Processing	DANA, OVO, GoPay and QRIS transactions are processed through PCI-DSS compliant gateways. Your wallet details are never stored on our servers.
Account Settings	You control what data is visible in your profile, what notifications you receive, and how your account appears to other players in live tables.
Withdrawal & Closure	When you close your account, personal data is deleted within 30 days. Transaction records required by law are retained in anonymized form.
Mobile & Desktop	Privacy protections are identical whether you're on our mobile app or desktop site. Same encryption, same data handling, same user rights.

What Defines Our Privacy Approach

Privacy isn't a checkbox for us — it's woven into how testoto operates. Here's what sets our policy apart.

No Data Broker Relationships

We don't sell, rent or share your personal information with data brokers, advertisers or analytics firms. Your account stays yours.

Transparent Logging

Every access to your account — login, payment, withdrawal — is logged and visible to you in your security dashboard. You see who accessed what and when.

Opt-Out Controls

Marketing emails, promotional notifications and analytics tracking can all be disabled in one click. Your preferences are respected immediately across all channels.

Payment Privacy

DANA, OVO, GoPay and QRIS transactions are processed without storing your wallet credentials. Each payment is tokenized and isolated from your account profile.

Dispute Resolution

If you dispute a transaction, we review only the data necessary to resolve it. Unrelated account activity remains private and is not examined.

Annual Privacy Report

We publish an annual transparency report showing data requests from authorities, breach incidents (if any) and policy updates. Full reports are public on our site.

Privacy Policy Questions

Personal data is deleted within 30 days of account closure. Transaction records required by Indonesian law are retained in anonymized form for seven years. You can request early deletion of non-mandatory records by contacting [email protected].

Yes. Open your account settings, go to Privacy & Security, and select 'Download My Data'. We'll compile your profile, transaction history, preferences and communications into a portable file within 48 hours.

No. Payment details are tokenized and processed through PCI-DSS compliant third-party gateways. testoto never stores your wallet credentials, card numbers or payment secrets. Only transaction receipts are kept for your records.

We notify all affected users within 72 hours with details of what was accessed, steps we've taken to secure your account, and resources available to you. We also file required reports with local authorities in supported regions.

No. Our cookies are used only for your testoto account login, fraud prevention and in-site analytics. We do not place tracking pixels on third-party sites or build cross-site profiles of your browsing.

Yes. Every marketing email includes an unsubscribe link. You can also disable all promotional notifications in your account settings under Preferences. Changes take effect immediately.

Email [email protected] with your account email and concern. Our privacy team responds within 24 hours. For formal complaints, you can also contact the Indonesian data protection authority in your supported region.