yamahatoto Platform Privacy Notice
This page describes what we collect when you use yamahatoto and how we keep that data protected. We collect your email, national ID, proof of address, phone number, payment details, and gameplay activity. We encrypt all of it and store it securely on servers located in supported jurisdictions.
We do not sell your information to third parties. We do not share your KYC documents with advertisers or data brokers. Government requests for data are handled through formal legal channels only. Our privacy commitments are non-negotiable — they apply whether you play live blackjack in Jakarta, enter a Liga 1 bet in Surabaya, or deposit via DANA in Bandung.
This notice explains our data collection, storage, retention, and your rights. It also covers cookies, third-party processors, and how to contact us if you have questions or concerns about your data.
What Data We Collect at yamahatoto
We collect several categories of data from you:
- Account registration data: email, password hash, username, date of birth, preferred language.
- KYC verification data: full name, national ID number, ID type, date of issue, proof of address document, phone number.
- Payment data: payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet account details), deposit amounts, withdrawal requests, transaction timestamps.
- Gameplay data: game selection, bet amounts, session duration, results, balance changes, win/loss history.
- Device and connection data: IP address, device type, operating system, app version, browser user agent, estimated location (country/region only).
- Support and communication data: chat logs, email messages, ticket submissions, feedback, complaint details.
How we use your data
We use your data for five main purposes. First, we verify your identity and prevent fraud — your KYC data ensures you are who you claim to be. Second, we process your payments — we send deposit and withdrawal instructions to payment processors, who handle the actual money movement. Third, we operate yamahatoto — we store your gameplay history, calculate your balance, generate statements, and handle customer support.
Fourth, we comply with law. We retain transaction records, gameplay data, and account activity logs as required by anti-money-laundering (AML) and know-your-customer (KYC) regulations. Fifth, we improve our service — we analyze aggregate gameplay patterns, session duration, and app performance to identify bugs and optimize the mobile experience. We never sell this data or share it with advertisers.
Your KYC documents are encrypted at rest
We store your ID scans and proof-of-address PDFs in encrypted form. Only our compliance team can access them, and only during account verification or regulatory audit. We never share them with third parties without a court order.
Data Storage and Third-Party Processors
We store account data, KYC documents, and payment records on encrypted servers in supported jurisdictions. Our servers may sit outside your home country — for instance, if you are in Jakarta, your data may reside on a server in another region. This is standard practice in global gaming platforms.
We use third-party processors for specific functions. Payment processors (licensed by their respective regulators) handle mobile banking, local payment, online payment, e-wallet, mobile banking, and bank transfer transactions. Email service providers send password-reset and verification codes. Analytics providers track aggregate app performance (not individual gameplay). Chat support software logs customer conversations.
We require all processors to encrypt data in transit and at rest, and to sign data processing agreements that prohibit them from using your data for their own purposes. We audit processors annually and immediately terminate relationships if they violate our standards.
How long we keep your data
We retain KYC documents and transaction records for seven years after account closure, as required by anti-money-laundering law. We keep gameplay history and session logs for one year for fraud investigation and dispute resolution. We retain support chat logs for two years. Email communications and account activity logs follow the same retention schedule.
After retention periods expire, we delete data permanently. You can request manual deletion of non-required data (like support tickets or device history) anytime — contact our support team and we will process your request within 30 days.
Your rights on yamahatoto
You have the right to access all data we hold about you. Submit a request to our support team with your account email, and we will provide a full data export within 14 days. You also have the right to correct inaccurate data — if your phone number is wrong, email us and we will update it.
You can request deletion of non-regulatory data. For instance, if you want us to remove your device history or old support tickets, we will do so (though KYC documents and transactions must be retained for seven years by law). You can also request restriction of processing — we will stop using your data for analytics or improvement, though we will still process it for legal compliance and payment processing.
Cookies and Tracking
Our website and app use cookies for three purposes. Session cookies keep you logged in during a single visit — they expire when you close the browser. Authentication cookies store your login token securely. Preference cookies remember your language and theme choice.
We do not use advertising or tracking cookies. We do not place pixels on third-party sites. We do not track you across the internet. Our analytics provider (Google Analytics) tracks aggregate app usage only — page views, session duration, device types — never individual gameplay or account balances.
At yamahatoto, your privacy is a commitment, not a marketing claim. We encrypt your data, restrict access, retain it only as long as necessary, and never sell it.
Jurisdiction and Data Transfers
We operate in supported jurisdictions across Southeast Asia. If you are in Indonesia (Jakarta, Surabaya, Bandung, Medan, Semarang), your account is subject to Indonesian privacy law and anti-money-laundering regulations. If you are outside Indonesia, local laws of your jurisdiction apply where they conflict with our policy.
Data transfers between countries happen under standard data processing agreements that ensure the same level of protection. We do not transfer your data to countries with weaker privacy laws without explicit safeguards in place.
Contact and Data Requests
If you have questions about our privacy policy, want to access your data, or wish to exercise any of your rights, contact our support team. We respond to data requests within 14 days and to privacy inquiries within 5 business days. Your request will be handled confidentially and logged for audit purposes.
Our privacy policy is reviewed annually and updated if our practices change. We will notify you of material changes via email if they affect your rights or our data processing. This policy is effective as of the date posted on our website.